New Year’s Resolutions for IT Security Executives and the Cybersecurity Threats Facing Businesses in 2017

January 4, 2017 Elias Terman

In the second part of this beginning-of-year thought leadership series, we asked 9 venture capitalists, members of our Bot Defense Council, and industry experts to prescribe their top security resolution for IT security executives in the coming year and predictions for 2017.

David CowanDavid Cowan, Partner at Bessemer Venture Partners
@DavidCowan

What is one resolution every IT security executive should make for the coming year?

“Every CISO should resolve to take control of their business privacy through encryption.”

What’s the biggest cybersecurity threat facing companies in 2017?

“The biggest threat to cybersecurity is the door that President-elect Trump has graciously opened to Russian hackers who wish to steal customer data or IP, or to disrupt our country's critical infrastructure, government institutions and financial flows."


John Frankel, Partner at ff Venture Capital
@john_frankel

What is one resolution every IT security executive should make for the coming year?

“Continue to learn about new vectors of attacks. Last year’s solutions might not hold up. It is an arms race where you cannot only fight with the tools from the last war.”

What’s the biggest cybersecurity threat facing companies in 2017?

“The internet of things. Many new devices are being added with IP addresses that can become tools in attacks. Often they are not designed with security-first methodologies, making them easy to compromise and to be used to attack local or remote targets.”


Brian GressBrian Gress, Director of IT Systems and Governance at Hayneedle.com
@BrianGress

What is one resolution every IT security executive should make for the coming year?

“Remove as much sensitive data as possible from your network.”

What’s the biggest cybersecurity threat facing companies in 2017?

“IoT becomes more widespread and attacks using these platforms will increase.”


Rob GennaroRoberto Gennaro, Chief Digital Officer at RedTag.ca
@rob_gennaro

What is one resolution every IT security executive should make for the coming year?

“One resolution every IT security executive should make this year is to change the mindset of their organization to make security and keeping our data secure from all Cyber Threats always top of mind and to decrease risk from insider threats from human error.”

What’s the biggest cybersecurity threat facing companies in 2017?

“Some of the biggest threats facing companies in 2017  will be an increase in data breaches, ransomware & web applications attacks with known vulnerabilities. New technologies will create new risks to organizations and having a Cyber security strategy in place is key. Hackers and scrapers are persistent and we need to stop them at the door before they get in.”


Barry KlawansBarry Klawans, Site Reliability Architect at Glassdoor.com
@Glassdoor

What is one resolution every IT security executive should make for the coming year?

Do a better job of applying security patches in a timely manner.  As an industry we tend to do well at keeping our operating systems and app servers patched, and addressing the big security vulnerabilities.  But we can get lax about keeping the dusty corners of our networks as secure as possible.  For example, when was the last time you updated the firmware in your network switches or edge devices?  Does that one WordPress server you have that serves up your engineering blog have the latest fixes applied?  I'm betting not.  It's a daunting task to keep track of all the technology we have deployed and track security fixes for all of them, but we owe it to our users.

What’s the biggest cybersecurity threat facing companies in 2017?

I think the biggest threat facing cybersecurity this year isn't technical at all - it's political.  Last year we saw the US Government (especially the FBI) trying to force Apple to unlock an iPhone used by the San Bernardino terrorist suspect.  Several members of Congress and the press started asking for "golden keys" and backdoors built-in to all encryption systems. The problem is  it’s possible that a golden key can get leaked to the underground and used to circumvent cryptography for criminal gain.  We went through this twenty years ago with the Clipper chip.


Ernie RegaladoErnie Regalado, Founder, at Bizety Technologies
@BizetyCDN

What is one resolution every IT security executive should make for the coming year?

“Have an open mind and test drive 2-3 new security products from the startup community. The startup community is the driving force behind innovation within the industry, bringing new ideas and approaches to dealing with evolving threats.”

What’s the biggest cybersecurity threat facing companies in 2017?

“The human bot. In 2016, security platforms did an excellent of job of distinguishing between human sessions from bot sessions, which was made possible with machine learning algorithms and behavioral engines. In 2017, sophisticated bot operators are going to incorporate the same machine learning algorithms into their bots so it mimics human behavior, making life difficult for everyone.”


Jim ManicoJim Manico, Manicode Security; Author of Iron-Clad Java: Building Secure Web Applications
@manicode

What is one resolution every IT security executive should make for the coming year?

“Identify and retain top security professionals. Take security professional retention seriously by training, listening, and giving the correct challenges to your security team.”

What’s the biggest cybersecurity threat facing companies in 2017?

“Without out doubt, the biggest cyber risk to organizations of all kinds is being able to hire and retain security professionals, especially top talent who are key for crucial decision making.

The technical challenges facing us is surmountable if the right people, technology and processes are in place. But it all starts with the right people.”


Jesper JurcenoksJesper Jurcenoks, Sr. Product Manager, Vulnerability Assessment at Alert Logic
@jesperjurcenoks

What is one resolution every IT security executive should make for the coming year?

“Here are a few pieces of advice:

  • Metric Driven Impact Security is the key to an efficient security organization.
  • Change your security metrics from measuring work done to measuring achieved outcome.
  • Measure daily and provide instant feedback to the security engineers.
  • Trend directionality is more important than absolute values.
  • Pivot from counting vulnerabilities to counting compliant hosts
  • Remediate for highest Impact not highest CVSS score.”

What’s the biggest cybersecurity threat facing companies in 2017?

“Working on the wrong item, lack of priority. 2017 is not about preventing breaches or attacks, but about containing the blast radius. Segment your networks, your data, your applications, and your cloud infrastructure to make watertight compartments to ensure that attacks will not sink your company.”


Stephen RidleyStephen Ridley, Founder and CTO, Senrio
@s7ephen

What is one resolution every IT security executive should make for the coming year?

“DATA, DATA, DATA. Effective Information Security departments these days are less about cool tech for IR, detection, policy, and orchestration. We have a wealth of those for traditional endpoints/networks. What we now see is that Information Security (like the rest of technology) is that we need to be better about storing and utilizing data (and in an actionable time-frame). The largest transportation networks own no cars. The largest search engines and social media sites generate no content. It's all about data management. Security is now no different. Solutions that don't speak to how data is stored, searched, parsed, and effectively plugged into your existing architecture need to be ignored. Security products need to provide Operational value now. We've evolved past the ‘how’ and now need to focus on the ‘why.’ Security solutions have the burden of bringing more to the enterprise than just security.

What’s the biggest cybersecurity threat facing companies in 2017?

“VISIBILITY, VISIBILITY, VISIBILITY. Networks have grown more diverse and now include more than just servers and endpoints that an agent can be installed into for policy, management, and enforcement. Gartner predicts that by 2020, over 15% of all network intrusions will leverage embedded devices. These devices are (from a CISO's perspective) impossible to ‘get into.’ So how do you make sure these devices aren't compromising your network security posture? Look for solutions that speak to this. This burgeoning blind-spot is symptomatic of the CURRENT ‘visibility’ problem. How can you cheaply and efficiently get visibility into the behavior of assets on your network without incurring the cost of archiving terabytes worth of pcaps? Visibility is king. And at the heart of the visibility problem is the DATA problem. The deluge of alerts. The overloaded SIEM. The ‘analysis paralysis’ of your Operations/Security team. Look for solutions with clever solutions to the Data/Visibility problem that are tractable and accessible.”

 

 
Previous Article
Re-thinking the Access Control List
Re-thinking the Access Control List

Distil launched web application security’s first Universal Access Control List - an update to outdated ACLs...

Next Article
2017 Resolutions for IT Security Executives and the Biggest Threats Facing Companies This Year
2017 Resolutions for IT Security Executives and the Biggest Threats Facing Companies This Year

We asked 10 industry analysts and reporters their top security resolution for IT security executives, as we...