#CyberFLASH: Security predictions 2016: More ransomware, tougher cyber insurance

image-2Twelve months ago when I became ITWorldCanada.com’s contributing writer on cybersecurity the state of things was pretty bleak: 2014 marked another record year of data breaches, there was no miracle technology that would seal the cracks in an enterprise and every expert was predicting attackers would find new ways to get around defences.

As I look ahead to 2016 every expert I talk to says attacks will continue to find new ways of getting around defences, there’s no miracle technology coming that will seal the cracks in an enterprise and it will probably be another record year of data breaches.

In the face of that what’s a CISO to do?

For one thing, continue sealing the cracks in the enterprise the old-fashioned way: Security awareness training, using two-factor authentication wherever possible, network segmentation, limiting the number of people with administration privileges and access to sensitive data, patching, increase spending on intrusion detection and prevention (including analytics), be part of a threat intelligence (either formally by buying a service, or informally with colleagues) and solid backup and restore. On top of that, have a tested disaster recovery plan.

In addition, be aware of certain trends experts say will mark 2016 as different from the year before. Here’s some of them:

–The evolution of technology means IT departments more than ever have to understand what business units want, and then propose secure ways of doing it, says Bob Hansmann, director of security analysis and strategy Ratheon Websense security labs.

Read more here

#CyberFLASH: We need a new breed of CEOs

Feature-Security-Privacy-1just heard another story today of a Chief Information Security Officer (CISO) who was fired for pointing out to his CEO that their business processes for handling protected health information was wrong. The organization was transporting protected health information via US Mail on CDs – with no encryption! He pointed out that the laws had changed and if their practices were discovered by regulators, they could face serious consequences. So the CISO got fired! This is not an isolated incident. CIOs and CISOs are being fired for exercising due diligence all over – even though they never had the empowerment to do the right thing. My question is, when will the real people responsible for the mess be fired? Why are we firing the very people who can and want to fix the problems?

It appears to me that top level executives are more interested in covering up the issues and blaming other people rather than accepting their accountability, admitting their culpability and then taking sincere steps to fix the issues. And the very people who are trying to do the right thing are being fired. This is simply crazy! We can never fix an issue unless we are willing to admit culpability. I am not calling for the firing of executives who admit errors and then take concrete steps to fix the issue. People do make mistakes and true leaders learn from mistakes, admit the errors, learn from them and then work hard to fix the problem. Executives who are more focused on blaming someone else will never be able to fix the issue. These executives do not belong in the roles we have entrusted them with.

I think that the era of finance-minded CEOs is over – we need a new era – an era of technology strategists who are ethical leaders, willing to do the right thing, and are willing to use the right technology and cybersecurity strategy to power their organizations forward. Moving a company forward today is not about finance – it is about technology and cybersecurity strategy because without technology no organization can thrive in the modern era. Technology can reduce costs, increase productivity and efficiency, increase collaboration and teamwork, and dramatically increase innovation. This is why I think strategic minded CIOs of the world need to seek CEO positions.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.