These Four Key Trends are Shaping InfoSec in 2019
Brought to you by WBR Insights
It's been quite a year in the InfoSec world, as several high-profile stories have brought the need for better and stronger cybersecurity into sharp focus. From the Cambridge Analytica scandal which exposed the data vulnerabilities in the social media networks we use, to large-scale cyber threats from foreign powers, there has never been a more security-crucial period in human history.
With this in mind, let's take a look at four of the big topics and trends that are shaping the InfoSec landscape right now and are only likely to grow in prominence as we move into the future.
#1 Cyber Security Maturity
Due to the ever-shifting nature of cybersecurity threats, it's important InfoSec companies never sit still and allow their programs to stagnate. Conscientious security professionals are always assessing the effectiveness of their current protocols and trying to remain one step ahead of emerging threats.
This is where cybersecurity maturity models come in. While you may think you can count the number of vulnerabilities you've closed in each time period or report compliance with regulatory or industry standards - to assess your efforts and get a true picture of maturity is far more complex. Plus, simply performing the above gives you no way to build a framework for improvement and prepare for the future.
Cybersecurity maturity models such as the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and the Cybersecurity Capability Maturity Model (C2M2) give InfoSec professionals an accurate picture of their present maturity levels and detailed guidance on how they might reach the next stage.
#2 Infusing Security into Corporate Culture
One of the key components of effective security programs is to make cybersecurity a core principle of the company culture. While it may seem ambitious to suggest that your company's profit and loss statements should include security awareness, the changes can be achieved in incremental steps.
Doing something small is preferable to doing nothing at all.
Cybersecurity awareness should be a top-down process, beginning with strong and effective leadership. The chief information security officer (CISO) role is growing in importance, and it's crucial their input into the corporate culture is respected. CISOs are still often seen as simply one component of the IT team rather than its own independent profession.
Human factors still play a large role in cyberattacks, and it's only by infusing security into the corporate culture that you can make sure everybody is taking their responsibilities seriously.
#3 The Evolution of Phishing
Phishing attacks have been a cybersecurity concern since the 90s, and they've only been growing in number and sophistication during the last 20 years.
Phishing is now a huge industry, employing automation, email composition techniques - such as engaging subject lines - and many other practices which you often find in legitimate businesses' digital marketing strategies.
The modern phishing attack will often employ hacking techniques which allow attackers to use the contacts of people who have fallen for their scam. They can then send phishing communications from a familiar email address, significantly increasing the chances of the recipient opening it and clicking on the bogus link contained inside. The scammers can then repeat the process ad infinitum.
Your employees must be kept aware of the latest phishing scams plaguing your industry, and know the procedures regarding opening email attachments and clicking on links contained within suspicious communications.
#4 Incident Response Planning
Most of the recent scandals regarding data theft and other cybersecurity attacks have been compounded by a lack of incident response planning in the target organizations.
Insufficient incident response planning can have far-reaching consequences for those organizations affected. Take the example of a UK-based company which lost the personal information of 157,000 of its customers. Not only was the company severely criticized for its poor communication with affected customers during the incident, but it also lost 101,000 subscribers, spent PS42 million on repairing the breach, and was fined PS400,000 by the industry watchdog.
Your company's reputation and finances can be forfeited in the event of a poorly-managed data breach. Many customers are willing to forgive such a breach if the company handles it in the right way. However, those businesses who attempt to obfuscate and cover up these attacks are likely to find themselves on the receiving end of stringent penalties.
InfoSec Connect 2019
You can hear these industry-critical topics and more discussed in depth at InfoSec Connect 2019, taking place in March at the Rancho Bernardo Inn, San Diego, CA.
Download the agenda today for more information and insights.