A long-time friend of mine in the IT publishing business is Frank Ohlhorst. I got to know him over more than two decades of his writing at CRN and elsewhere. Frank’s latest column is a bit disturbing for our forecasts for cyber security in 2015. His title alone will get our attention, 2015 prediction: Expect massive spikes in global information security threats. It is an interesting read for our clients in Orange, Los Angeles and Riverside counties who are interested in IT and Network security issues.
Here is a snippet of what he wrote:
Is the victim at fault?
When it comes to cybercrime, the complacency of the victims is sometimes at fault. While that does not excuse the criminal nature of the attackers, it does highlight the need for organizations to be proactive in protecting their assets – after all, the law only comes into play after a crime has be committed, meaning that the numerous anti-cybercrime laws on the books hold little sway against determined cybercriminals.
PwC is forecasting that global security incidents are on track to grow some 48% in 2015, which should strike a dissonant chord with the majority of security professionals.
With the idea of a security paradigm shift on the table, today’s cyber-defenders should be thinking in different terms than just traditional security initiatives, shifting their focus towards an ideology of “cyber risk management”, which is being fueled by an initiative founded by the NIST. The NIST has set forth a security framework (NIST Cybersecurity Framework) that stresses management over technology and highlights several best practices that should help organizations defend against the imminent threats posed by increasing cyber-attacks.
So what should you do at your company?
1. Identify your most valuable IT systems within your company. What is the most important data that resides there? Determine your obligations to protect that data and how important is it that those systems are up-and-running.
2. Do you have a current network/information security policy in place? Once you determine which systems and data are most important to protect, developing your policy becomes much easier.
3. Discover where you are most at risk. A quick and easy solution is to have someone perform a vulnerability assessment on your system. Alvaka Networks can help you with this. Vulnerability assessments are our most common security service we provide. It makes your work easy. We will help you match the protection needs of your most important IT assets with the vulnerabilities identified in the vulnerability assessment. From there you can easily create a roadmap for what you should do to protect you, your company and your IT assets from cyber-attack.
Contact your Alvaka Networks consultant or write to me directly at oli@alvaka.net or call 949 428-5000 x213 if you need some assistance in improving your security posture in 2015.