The comprehensive IT security guide for CIOs

Information Age's IT security guide for CIOs, covering everything from how to implement an effective cyber security strategy to how to respond to the security skills crisis

Security Guide CIOs

The importance of implementing an effective IT security strategy, instigated by the CIO, has never been more vital for businesses wanting to remain successful

Introduction

In the face of increasing cyber attacks and more complex, stringent data privacy laws, IT security has become an increasingly important discussion for the boardrooms of organisations across industries.

The IT security responsibility should lie with the CIO, but the culture of security should be adopted by a whole organisation. After all, the biggest cause of cyber security incidents results from employee negligence.

Cyber security efforts continue to flail against the growing number and variations of different cyber attacks. PwC’s Global State of Information Security Survey 2018 – of 9,500 senior business and technology executives from 122 countries, including 560 UK respondents spanning large to small businesses and public sector organisations – found that more than a quarter of UK organisations (28%) don’t know how many cyber attacks they suffered in the past year, and a third (33%) admitted to not knowing how the incidents they faced occurred.

To combat and understand these threats effectively, CIOs and IT executives need to establish an effective IT security strategy that uses the right tools and technologies, while fostering a culture of security.

In this guide, readers can explore how to implement an IT security strategy; attack prevention, the threat to business, the latest information on security solutions and companies, the impact of new regulation, the government’s response to security, dealing with the cyber security skills gap and how other companies are handling the changing IT security landscape.

Section 1 – Implementing an IT security strategy
Section 2 – Culture of security
Section 3 – Types of attack and how to mitigate
Section 4 – AI in security
Section 5 – Mobile security
Section 6 – Cloud security
Section 7 – IoT security
Section 8 – Regulation’s impact on security
Section 9 – Government and security
Section 10 – Responding to the cyber security skills crisis


_______________________________________________

1. Implementing an IT security strategy

The increasing number of cyber threats, and the financial and reputational implications of a data breach means that organisations need to adopt an the right IT security strategy for their organisation.

This section delves into what trends to look out for and how to protect your organisation, by adopting the best security strategy practices.

_______________________________________________

Feature

5 cyber security trends for 2018

The changing cyber threat landscape has corresponded with the evolution of IT, and organisations must take advantage of the new technologies available to provide better security protection. Continue reading

_______________________________________________

Feature

How to protect an organisation: Cyber security tips

Unfortunately, given the thousands of attacks directed at organisations everyday, the chance of keeping out every threat is slim to none. However, there are steps organisations can take to mitigate the risk, and respond in effective manner in the event of a breach. Continue reading

_______________________________________________

Feature

Cyber security is a ‘people problem’

Ultimately, in order to instigate an effective cyber security strategy, CIOs must foster a culture of security within the whole company. Only then will companies be the most secure they can be. Continue reading

Cyber security in the workplace is everyone’s business

Following in the same vein, it is the responsibility of everyone to make sure a company is implementing effective cyber security practices. Continue reading

_______________________________________________

Blog post

The importance of an integrated security strategy

Andrew Avanessian, the COO at Avecto, suggests that integrated security strategies with complementary solutions are more effective than multiple layers of complex protection software. Continue reading

_______________________________________________

Advice

6 critical steps for responding to a cyber attack

In the case of a successful cyber attack, which is likely, organisations and their CIOs need to have an effective response plan in place. Continue reading

Prevention, detection and response

The key to successfully navigating a cyber security breach, lies in prevention, detection and response. John Bruce, CEO of Resilient, discusses these essentials here
_______________________________________________

2. Culture of security

The biggest weakness in an organisation’s armour is the employee. Due to negligence or laziness, the insider threat (whether intentional or not) represents the biggest threat to a business.

This section will cover how to foster a culture of security, and the importance of staff security training.

_______________________________________________

Feature

The importance of creating a cyber security culture

The most vulnerable companies will always be those that fail to create a culture of security. How do you create that? Find out here

_______________________________________________

Blog post

Cultivating a culture of information security

Organisations need to think about information security as a business that facilitates increased competitive advantage and improved security. Continue reading

_______________________________________________

Analysis

Insider threat: Majority of security incidents come from the extended enterprise, not hacking groups

Threats from an employee – inadvertent or malicious – make up 42% of incidents, a number that has increased from 2015 when 39% of incidents originated from inside an organisation’s network. Continue reading

_______________________________________________

Blog post

Why insider threats are the next big security challenge

There are lots of security solutions sold by vendors, but what about the threat from within? Continue reading

_______________________________________________

Feature

How to prevent the most dangerous cyber threat: Insider attacks

Employee complacency is an overlooked risk factor for organisations, particularly when it comes to ensuring that the latest software versions or updates are installed. Continue reading

_______________________________________________

Blog post

The insider threat: 5 things to do if your employee has gone rogue

Sometimes an employee will intentionally leak an organisation’s data. Here is how to respond if this happens to you

_______________________________________________

Advice

Staff training key in defending against cyber attacks

Basic training could have a huge impact on security for those employees who inadvertently leak their organisation’s data. But, have UK businesses missed an opportunity with this? Continue reading

_____________________________________

3. Types of attack and how to mitigate

CIOs and businesses should anticipate the growth of DDoS, IoT and ransomware attacks. These attacks will continue to plague businesses in their variation and frequency, along with the increased determination of hackers, as the value of data soars.

_____________________________________

Feature

Ransomware represents ‘25% of cyber attacks’ as hackers target UK

Following the global attention of WannaCry and Not/Petya last year, ransomware is now the most likely threat to UK businesses, unsparring in what industry it targets. Continue reading

_____________________________________

Advice

Migrating data to prevent ransomware attacks

By creating gaps between back-ups – with data being stored offline and disconnected from any other data source – it becomes possible to protect critical data, and restore it without much downtime. Continue reading

_____________________________________

Feature

What can be expected from DDoS attacks in 2018?

The number of DDoS attacks almost doubled in the second half of 2017, with many companies experiencing an average of 8 attacks per day. The problem is exacerbated by the reality that DDoS attacks have become far more complex and deceptive in recent years. They are no longer simply designed to deny service, but to deny security, by acting as a camouflage to mask other malicious activities. Continue reading

_____________________________________

Advice

How organisations can eliminate the DDoS attack ‘blind spot’

Critical to any realistic DDoS defence strategy is proper visualisation and analytics into these increasing security events. Continue reading

_____________________________________

Advice

Top female CIO on IoT implementation and security

IoT cyber security attacks are still flying under the radar, but ForeScout‘s CIO – Julie Cullivan – looks to tackle the problem head on. Read on to see her IoT security strategy

Julie Cullivan, SVP, Business Operations and CIO at ForeScout Technologies

Julie Cullivan, SVP, Business Operations and CIO at ForeScout Technologies

_____________________________________

4. AI in security

Security solutions come with a range of technologies, but artificial intelligence is one that will help change the game for CIOs in protecting their business. AI solutions are in their relative infancy. However, as cybercriminals increasingly use automation-led hacking techniques, businesses will need to respond in kind. There are a number of these solutions on the market, and their pedigree will improve significantly over the next couple of years.

Cybel Angel — prevention and real-time detection cyber incidents
Cylance
 — cybersecurity that predicts, prevents and protects from threats
Darktrace — spots patterns and prevent cyber crimes before they occur
Deep Instinct — zero day attacked protection for endpoints and mobile
Delphi — security against malware and malicious internet activity
Demisto— combines security orchestration and incident management 
Drawbridge Networks— security-as-a-service
Emergent — helps predict where hackers will attack
Graphistry— helps teams investigate cyber threats quickly and easily
LeapYear— extracts threat insights from sensitive data
Pelican — a more intelligent and secure payment, compliance and banking
SentinelOne— predicts, prevents, detects and responds to threats
Shift Technology— helps reduce insurance fraud
SignalSense— evaluates traffic for threats occurring inside your network
Sift Science — helps prevent fraud and abuse for your web-scale business
SparkCognition— helps businesses predict a data breach
Versive — automates threat hunting supporting cybersecurity teams
Zimperium— real-time threat protection mobile and apps

AI’s promise in this space is the ability to consistently detect new and unknown threats – known as a zero-day exploit – in the absence of traditional indicators of compromise – such as a known pieces of malware.
_______________________________________________

Feature

The role of AI in cyber security

As mentioned, the integration of artificial intelligence into cyber security strategies can help reduce the risk of a successful attack breaching an organisation, while also helping detect threats that have entered the system. Continue reading

_______________________________________________

Feature

AI’s role in cyber insurance

As cyber attacks become more common – you only have to look back to the WannaCry, Petya and Equifax data breach – more businesses will take out your cyber insurance policies. These third parties can leverage AI to elevate their own defences against attacks. Continue reading

_______________________________________________

Industry case study

How can banks fight cybercrime?

The financial services industry is not admitting the full scale of cyber attacks. But experts believe the implementation of emerging technologies, like AI, can greatly minimise the risk of human error in banking security by automating processes. Continue reading

_______________________________________________

Feature

The success of artificial intelligence depends on data

Like most technologies, successful implementation depends on the quality of data available to make the right decisions.

_______________________________________________

Advice

Using AI intelligently in cyber security

However, as with implementing any new technology, CIOs must use the technology in a scalable and appropriate way. Done the wrong way, this could leave organisations more exposed to cyber attacks. Continue reading

_______________________________________________

5. Mobile security

As workforces become more mobile, the impetus on defending the increased use of personal devices outside the relative safety of the office environment becomes
paramount. The importance of these mobile devices, which everyone uses in both professional and personal spheres, can’t be an afterthought and must be a priority for a CIO looking to protect their organisation.

Crucially, CIOs need to understand how to encrypt mobile devices for an entire workforce, when the number of cyber attacks against them is increasing dramatically.

_______________________________________________

Feature

The impact of the mobile security in the enterprise

As the number of mobile devices continues to grow, the ability to secure them becomes increasingly difficult. How can CIOs and security executives ensure the productivity and flexibility gained by the mobile era, without hindering security? Continue reading

_______________________________________________

Advice

Common security vulnerabilities of mobile devices

To deal with the mobile threat, CIOs need to understand what the vulnerabilities of mobile devices are. Here, we look at what these are

_______________________________________________

Advice

Top tips for securing your mobile devices ahead of GDPR

As the GDPR deadline approaches (25 May 2018), the ability to defend an organisation’s data must be one of, if not the top priority for CIOs and their boards (see section 8).

Here, we identify mobile devices as the potential weak link that will leave organisations vulnerable to cyber attacks, and how to secure them.

_______________________________________________

6. Cloud security

Every business has now seen the merit of the cloud. First it was private, which was too costly, then public, which was too insecure and now many understand the need for a hybrid cloud strategy, across multiple vendors, to meet the modern challenges of digital transformation.

But, as more organisations adopt a hybrid cloud, multi-cloud or cloud computing strategy, how can they secure them and is it a priority? What cloud security providers solutions are out there?

Sophos
Hytrust
Cipher Cloud
Proofpoint
Netskope
Twistlock
Symantec
Fortinet
Cisco Cloud
Skyhigh Networks
vArmour
ZScaler

Palo Alto Networks
Qualys
CA Technologies
_______________________________________________

Feature

What are the threats that arise from adopting a cloud strategy?

Companies that adopt cloud solutions can release products quicker and achieve economies of scale at a faster rate than companies with traditional IT environments.

However, the shared nature of cloud also means that there is a increase in the number of threats organisations could face. Continue reading

What everyone should know about cyber security in the cloud

The use of cloud is now a necessity, so security decision makers need to, first and foremost, understand cyber security in the cloud. Continue reading

_______________________________________________

Feature

What to do when it comes to cloud security

Every business is an individual and has different security needs. However, there are widespread inconsistencies when it comes to their enterprise cloud security strategy. Continue reading to find out how to implement a unified solution

_______________________________________________

Feature

Benefits of cloud computing security tools for data storage

Companies adopting cloud computing can benefit from the array of security features and tools that are built in by service providers. Continue reading

_______________________________________________

Industry case study

Top cloud security risks for healthcare

The healthcare industry stores more sensitive and personal data than perhaps any other sector, and increasingly there organisations store this data in the cloud. How can they ensure this is protected? Read on

_______________________________________________

7. IoT security

More than half of the 45 billion IoT devices expected to be in use by 2023 will be implemented across businesses, cities and homes.

IoT will play, arguably, the most significant role in shaping the future of innovation through mass data collection helping power smart cities and facilitate business transformation. However, this successful transformation is dependent on dynamic security.

Over the last two years, failings in IoT security have caused widespread damage with DDoS attacks and the infamous Mirai botnet. As businesses and governments move forward, and rely more heavily on the Internet of Things, protecting it will become the great security challenge. Organisation’s will need to rethink their approach to data security and make heavy investments to meet IoT security requirements.

As a result, there are a number of IoT security solutions companies available for the enterprise:

ARM
Bayshore Networks
Cisco
Device Authority
Dell
Endian
Forescout Technologies
Gemalto
HPE
IBM
Infineon Technologies
Intel
Juniper
Kaspersky Labs
Lightcyber
Microsoft
Mocana
NXP
Palo Alto Networks
Risucre
Symantec
Thales e-Security
Utimaco
Venafi
Wurldtech
ZingBox

_______________________________________________

Feature

The Internet of Things: The security crisis of 2018?

As the use of IoT devices becomes more prevalent, it represents the greatest possibility of a security crisis across industries, with manufacturing particularly at risk as an early adopter of the technology. Continue reading

_______________________________________________

Video

Securing the Internet of Things

Ofer Amitai, the co-founder and CEO of Portnox, discusses securing the Internet of Things in the BYOD era with Information Age:

_______________________________________________

Blog post

Securing networks in the IoT revolution

The issue facing IT professionals and CIOs is not the number of unregulated IoT devices entering the workplace, but also the nature of the devices themselves – security needs to be improved in the design process. Continue reading

_______________________________________________

Feature

UK Government sets cyber security guidelines for millions of IoT devices

The government is demanding new measures for manufacturers to boost cyber security in millions of internet connected devices. They need to be built with security in mind. Continue reading

_______________________________________________

Advice

A complete guide to making life difficult for hardware hackers

Security needs to be considered throughout the design process of both software and hardware concerning IoT. With this in mind, more well-designed products will come to market, which protect both the vendors and their customers. Continue reading

_______________________________________________

Advice

4 modern challenges for the Internet of Things

What challenges can CIOs expect from securing the IoT? – IoT hardware design, low-power long-range communication, artificial intelligence integrated IoT and secure IoT. Continue reading

_______________________________________________

8. Regulation’s effect on security

The regulatory landscape is becoming more and more complex. Arguably the biggest new set of data protection laws is the impending General Data Protection Regulation, coming into force on 25 May 2018. This law is reasonable at its a core – a response to the growing importance of data – but it is more stringent, and organisations that fail to comply by having ineffective security strategies will face huge fines, and potentially irreversible reputational, customer and investor damage.

The importance of implementing an effective IT security strategy, instigated by the CIO, has never been more vital for businesses wanting to remain successful.

_______________________________________________

Feature

Global organisations are failing to invest in much-needed security ahead of GDPR

In order to comply with GDPR, organisations must invest in the right technologies to achieve an effective security strategy, but are they doing this? A lack of sufficient IT security protection and a lack of efficient data security are the biggest challenges to compliance efforts. Continue reading

_______________________________________________

Blog post

GDPR – Are your tech platforms secured for first contact?

How can businesses ensure their websites are secure from data leaks ahead of the General Data Protection Regulation? Read on

_______________________________________________

Blog post

Could the cyber threat landscape grow under GDPR?

Taking advantage of the more strict data protection law, hackers might attack organisations with more ferocity, using the regulation as leverage. Continue reading

_______________________________________________

9. Government and security

The inception of the UK’s National Cyber Security Centre showed that the government is entirely serious about defending against the growing threats posed by cyber attacks, and recognises the dangers this landscape poses to critical infrastructure, people and businesses. The US government, as well, recognises the growing dangers of cyber attacks, and has released a new national strategy for addressing the growing number of cyber security risks as it works to assess them and reduce vulnerabilities.

To build a successful 21st century economy and society, the UK government needs a strong focus on cyber security, and has demonstrated its commitment to this.

_______________________________________________

Feature

When it comes to cyber security businesses must follow government’s lead

The UK government is taking clear action on cyber security, demonstrating its intention to lead in this area. Crucially, they have appointed named figures at the highest levels of government with accountability for cyber security – and businesses should follow suit. Read on

_______________________________________________

Feature

Will investment in the UK’s cyber defence system make a difference?

Real progress will only be made if the organisations themselves start to prioritise cyber security and collaborate with the public sector. Continue reading

_______________________________________________

Feature

Government response to tech skills gap: Cyber security and coding

In the face on increasing threats, a report from CWJobs found that only half of  employers look for cyber security skills when recruiting new tech talent. More worryingly, perhaps, nearly a third of tech employees said they felt they were insufficiently trained in coding, cyber security and cloud migration. Read on to see how the government aims to tackle this and address the security skills crisis

_______________________________________________

10. Responding to the cyber security skills crisis

Critical to any successful IT security strategy is a capable workforce, but this is a challenge. How can businesses negotiate the cyber threat landscape amid a cyber security skills crisis?

One way of addressing the skills crisis focuses on improving levels of diversity within the technology industry, taking advantage of the whole population and not just 50%. Getting more women in the tech space is crucial in addressing this skills gap. According to a report by ISC, the information security field will experience a 1.5 million deficit in professionals by 2020. Yet women, who could help to fill that gap, remain massively underrepresented – comprising just 10% of the global workforce. This can be improved, in part, by breaking down stereotypes, making STEM subjects more attractive and by highlighting female role models.

Collaboration between industry and government is also important in addressing the skills crisis, while providing an easier route in the cyber security space.

_______________________________________________

Feature

A guide to overcoming the skills crisis in the cyber security industry

Here is a detailed guide of how CIOs can respond to the skills crisis, and create a workforce capable of carrying out an effective cyber security strategy. Read on to find out how

_______________________________________________

Advice

Will blockchain solve the cyber security skills crisis?

For nearly six years, cyber security markets have struggled with near 0% unemployment leaving hundreds of thousands of positions vacant. According to Frost & Sullivan, by 2020 the number of empty security positions could grow to 1.8 million. These stats contrast against the increasing number and severity of high profile hacks. Today’s $8.5 billion/year antivirus market is broken, with 70% of threats going undetected and cybercrime damages expected to double by 2021 and reach $6 trillion.

Mark Tonessen, former McAfee Antivirus CIO, believes blockchain could be the answer to the perpetual shortage of security talent. Cryptocurrency could be used to gamify bug bounty markets for white hackers. Continue reading

_______________________________________________

Blog post

Restoring consumer trust with security

Major attacks like WannaCry and NotPetya are causing consumers to lose faith in the brands and services they use. And security is increasingly becoming a valuable competitive differentiator for businesses in all sectors. Continue reading

Comments (0)