2016 is here, which means you have a clean slate to adopt and deploy new security strategies that will turn things around for your organization. OK, maybe not exactly a clean slate - but at least a chance to make good on previous transgressions.
Spoiler alert: There are no secrets when it comes to implementing sound data protection. Generally speaking, everything you should be doing to protect your organization from both external and internal threats is something you probably already know. No need to reinvent the wheel. The key, however, is committing to applying - and sticking - to the core intentions.
The good news is they can work for any size organization. Of course, depending on the security-maturity level of your company, not every suggested technology solution will be right for you, but this list of four essential "resolutions" provides you a basic framework from which you can the shed the block-and-tackle, check-off-the-box mindset - and move toward a more risk-based focus.
Identify
With the available attack surface for criminals increasing by the day - given the rise of remote workers, and technologies like cloud, virtualization, mobile and the Internet of Things - businesses that address vulnerabilities before the bad guys do will find themselves light years ahead of the pack.
Suggested solutions: Vulnerability scanning, penetration testing, risk assessments, gap analyses
Protect
The best outcome if you are under attack is that the adversaries will be turned away thanks to a defense-in-depth strategy. The good news is that both rudimentary and sophisticated attacks can be halted at the source if you have the right package of integrated defenses in place.
Suggested solutions: Firewalls, anti-malware gateways, email security gateways, web application firewalls, unified threat management, mobile security, whitelisting
Detect
The reality, however, is that skilled hackers have a knack of successfully infiltrating their targets. And when they do, organizations are very poor at actually figuring out they've been compromised. According to the 2015 Trustwave Global Security Report, which examined hundreds of data loss investigations, 81 percent of businesses failed to detect a breach themselves. In case of a breach, organizations need to know as early as possible to limit damage and losses.
Suggested solutions: Threat management, SIEMs, intrusion detection systems
Respond
Incidents will happen. The Identity Theft Resource Center tabulated 781 identified breaches in 2015, compromising more than 169 million records. When a company experiences a breach, you'll want to respond in a meticulous and efficient manner specific to the type of intrusion occurring to determine the source, cause and extent.
Suggested solutions: Incident readiness and response
**
Security leaders require confidence. They are less willing to gamble on one-off products and desire more integrated, comprehensive and proven solutions that can win points both in the board room and the server room. And when they can't manage them themselves - due to a lack of in-house resources such as expertise and budget - they require help from a partner they can trust with the proven intelligence and expertise to not only build the solutions, but also run them.
Here's to a triumphant 2016!
Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor
