2017 Resolutions for IT Security Executives and the Biggest Threats Facing Companies This Year

January 3, 2017 Elias Terman

In the first part of this beginning-of-year thought leadership series, we asked 10 industry analysts and reporters to prescribe their top security resolution for IT security executives in the coming year and predictions for 2017.

Rob Westervelt

Rob Westervelt, Analyst and Research Manager at IDC
@rwestervelt

What is one resolution every IT security executive should make for the coming year?

“Incident Response: individuals must assess and update their incident response plans and schedule a date to test them. Far too many organizations lack an IR plan or have not updated one in years. IR plans must involve both IT and non-IT personnel and require a decision maker at the helm when a security incident or suspected data breach takes place. Today’s modern enterprise security solutions may require process changes to enable responders to rapidly investigate, contain, and/or elevate the criticality of a threat.”

What’s the biggest cybersecurity threat facing companies in 2017?

“The false sense of security businesses may gain after buying and deploying modern security solutions without adequately employing security best practices. Numerous IDC studies have shown that many IT security teams fail to properly allocate resources to protect the most critical data to the business. Organizations are investing in so-called next-generation security solutions without understanding the resources they are trying to protect. Some of these organizations will find that letting security basics lapse enables attackers to bypass many innovative solutions. There is still a need in proactively managing user privileges, ensuring strong password policies and two-factor authentication, and addressing critical vulnerabilities and configuration errors.”


Mike RothmanMike Rothman, Analyst and President at Securosis
@securityincite

What is one resolution every IT security executive should make for the coming year?

“Find some semblance of balance by spending more time doing non-security things. Security can be all consuming. So having hobbies or other activities that don't involve security can help recharge and in order to not get beaten down by the nature of the job.”

What’s the biggest cybersecurity threat facing companies in 2017?

“Not being able to find and retain security professionals. Attackers are gonna attack with more innovative attacks. That's always going to be the case. The constraint to almost every organization I talk to is the talent and skills to execute on the security program. So softer skills like personnel development and career growth need to be top priorities for every security manager.”


Bob TarzeyBob Tarzey, Service Director at Quocirca
@tarzey

What is one resolution every IT security executive should make for the coming year?

“Much of the activity of cybercriminals is automated so as attacks can scale. Make sure your defences can scale too; review all you cyber security measures and evaluate where more automation can be introduced. Free your staff to focus on exceptions!”

What’s the biggest cybersecurity threat facing companies in 2017?

“Users are and will remain the weakest link in cyber-security. For example, there have been reports that the recent attack on Tesco Bank in the UK was using ‘a tool that tested thousands of login and password combinations.’ Such attacks rely on poor user practice; the use of common passwords etc. There will be continued pressure from service providers and governments for users to improve their online security practices, along with more widespread use of stronger means of authentication and efforts to block the sort of automated threats that enable criminals to mimic users behaviour at scale. More breaches are inevitable and they will be more serious; however, it does not have to be your business. Those organisations with the most advanced practices and protections are the least likely to be impacted.”


Eric Ogren, Security Analyst at 451 Research
@451Research

What is one resolution every IT security executive should make for the coming year?

“I resolve to get 3 security products out of my business in 2017. One per quarter starting in Q2. We all have security products that we know don’t work that are only there to satisfy compliance auditors. If a security product doesn’t actively help get to the cloud and service customers, then it’s time to make a change.”

What’s the biggest cybersecurity threat facing companies in 2017?

“Easy, it is abuse of business logic once a hacker is in your systems. Who needs to create malware, slip it into a network, and sneak data out all without getting caught? It is so much easier to simply impersonate a user or authorized remote app and let the Web site give you everything you want. It is easily the biggest threat because most security teams don’t even see the attacks.”


Steve RaganSteve Ragan, Senior Staff Writer at CSO
@SteveD3

What is one resolution every IT security executive should make for the coming year?

“Stop being reactive. Do as much proactive work as you can to defend the network and its users. Many of the common threats organizations face and be addressed proactively, from patch management and awareness training, to stronger QA in the development cycle to quash vulnerabilities before they hit production. It isn't an easy task, but the payout is worth the effort and initial investment of resources.”

What’s the biggest cybersecurity threat facing companies in 2017?

“Ransomware and poorly maintained backups. By far this will be one of the major issues in 2017, and it will be especially painful to organizations that assume their backups are functional and current, but never really test them.”


Sean Michael KernerSean Michael Kerner, Internet consultant, strategy and developer, writer and entrepreneur
@TechJournalist

What is one resolution every IT security executive should make for the coming year?

“Use strong authentication for everything.”

What’s the biggest cybersecurity threat facing companies in 2017?

“Old passwords from old data breaches, but still in use by current end-users on current websites.”


David StromDavid Strom, Freelance IT writer and speaker, editorial and business consultant
@dstrom

What is one resolution every IT security executive should make for the coming year?

“Know how to protect yourself against insider threats. There is a wonderful article by J Oquendo that shows the view from outside and inside (see this diagram) -- the difference being what you actually defend (such as the web ports 80 and 443) and what you forgot to defend (such as your Tomcat server, SSH connection and SQL ports). Just because you have a firewall and other security apparatus in place doesn’t mean that someone can’t take over a trusted local machine and proceed to launch attacks as an insider.”

What’s the biggest cybersecurity threat facing companies in 2017?

“The rise of ransomware. Numerous studies have shown a very big increase in attacks, and I am sure this will continue into 2017. Ransomware has several implications: first, having better training for your staff to recognize phishing techniques. But even the best training programs can’t cover everyone, and all it takes is for someone to slip up just one time and their PC can become compromised. Second, making sure that you actually have intact backups and you consistently test them to ensure that you are backing up valid data and images. Many companies that have been attacked by ransomware have found out the hard way that their backups were outdated. And finally, have a solid endpoint protection plan in place: relying on old-school anti-virus/anti-malware doesn’t work anymore. You need some solid behavioral-based tool that can watch for zero-day attacks and in-memory exploits that are subtler.”


Paul RobertsPaul Roberts, Founder & Editor-in-Chief, The Security Ledger and Security of Things Forum
@paulfroberts

What is one resolution every IT security executive should make for the coming year?

“Invest in talent. IT security executives are besieged daily with inquiries from vendors pitching revolutionary new products. Few, of course, are revolutionary, or even evolutionary. Talent, on the other hand, gets short shrift but will do more than any technology product to boost the security fortunes of your organization. My resolution, if I were an IT security executive, would be to focus my energies, attention and budget on finding the best and smartest IT professionals to fill out my team and then to listen to their input and suggestions. Be alert for ‘negative selection.’ Don't be afraid to hire brilliant people and step aside to let them do their thing.”

What’s the biggest cybersecurity threat facing companies in 2017?

“Sadly, the biggest cybersecurity threat facing companies in the new year is the same as in the old one: phishing attacks. These are the first stage of every malicious attack - no matter how complex or stealthy. That's because phishing works. Humans are gullible and our tools for spotting these attacks are imperfect. Beware!”


Mirko ZorzMirko Zorz, Editor in Chief of Help Net Security and (IN)SECURE Magazine
@helpnetsecurity

What is one resolution every IT security executive should make for the coming year?

“Businesses are not only consuming more data each year, but they are constantly using new devices and technologies. An efficient IT security executive needs to take ownership of the organization's digital journey and ensure an adaptive security management strategy that will quickly detect anomalous behavior and stop new threats. The primary objective for an IT security executive should be the same every year - learn about upcoming threats, and use a holistic approach to adequately harden the organization's security posture.”

What’s the biggest cybersecurity threat facing companies in 2017?

The industry's increasing reliance on IoT devices means it's only a matter of time before IoT technology becomes part of our critical infrastructure. Given a worrying lack of regulation, IoT devices continue to pose a severe threat - as we've seen in a surge of dangerous IoT-related attacks dominating the news in 2016.

Insider threat incidents, whether related to carelessness or malicious employees, will persist and cost companies millions. CISOs need to recognize the value of security awareness and educate their workforce, since often even well-intentioned employees don’t understand how their seemingly innocuous actions put the organization at risk.”


Sean MartinSean Martin, Founder & Editor-in-Chief at ITSPmagazine
@sean_martin

What is one resolution every IT security executive should make for the coming year?

“Cybersecurity is no longer an InfoSec professional’s responsibility…awareness, protection and control are now everyone’s business. This includes employees as systems and data are used while on the clock and citizens while spending time online at home and as part of society. Similar to the shared partnership between parents and schools in helping to educate students, I believe there is a responsibility for organizations to extend a cybersecurity olive branch to help their employees stay safe online—both at work and at home. It starts with awareness and could even turn into a more active model.”

What’s the biggest cybersecurity threat facing companies in 2017?

“From a business perspective, ransomware—driven primarily by phishing—will continue to be an extremely hot topic in 2017. Additionally, the Internet of Things (IoT) is only going to grow as an information technology infrastructure that will put pressure and strains on how we deal with privacy and security—not just in the business sense, but in society as a whole. This is especially true with the holiday season approaching and the number of connected devices hitting the consumer environment—drones, home automation, WiFi-enabled appliances and connected autos to name a few. It’s this intersection between IT security and society that we focus on here at ITSPmagazine.”

 

 

About the Author

Elias Terman

Elias Terman is VP of Marketing and is responsible for all aspects of the global marketing and communications strategy. Elias started his career as an entrepreneur, and now enjoys helping grow Silicon Valley startups into industry leaders. He built out the marketing and business development organizations at OneLogin leading to explosive growth, helped establish SnapLogic as the leading independent integration company, and led MindFire Studio to the Inc 500.

Follow on Twitter More Content by Elias Terman
Previous Article
New Year’s Resolutions for IT Security Executives and the Cybersecurity Threats Facing Businesses in 2017
New Year’s Resolutions for IT Security Executives and the Cybersecurity Threats Facing Businesses in 2017

We asked 9 venture capitalists what they believe are the top cybersecurity and IT security threats for 2017...

Next Article
How Distil Strengthens Advertiser Relationships for Real Good Media by Blocking Non-Human Traffic
How Distil Strengthens Advertiser Relationships for Real Good Media by Blocking Non-Human Traffic

By limiting non-human traffic, Distil improved ad interactions for agency Real Good Media's clients, such a...