Digital Transformation
cancel
Showing results for 
Search instead for 
Did you mean: 

Your current security is no match for today's IT security threats

JudyGoldman

Your current security practices are no_Latest-Security-Threats-2048x780150h.jpg

By Ronda Swaney

Want perspective on the cost of IT security threats?

In the 2016 Cyber Risk Report sponsored by Hewlett Packard Enterprise (HPE) Security, Ponemon Institute explored cybercrime costs and found that the average cost of cybercrime per attacked company is $7.7 million, while the number of successful attacks per company per year is 99, and the average number of days to resolve incidents is 46. Let those numbers sink in for a minute.

 

securitygraphic1.png

 

 

Cybercrime is big business. Attacks have climbed globally because they're lucrative. How will your business respond? Will you be proactive or reactive to the proliferation of IT security threats?

Common-sense security is a great place to start...

If you aren't enforcing security basics, stop reading this and prepare yourself for the consequences. Hackers seek easy and vulnerable targets. Raise as many low-cost, low-effort defenses as you can. Strong password enforcement, written security policies, multifactor authentication, employee education about security concerns, role-based access controls, whitelisting and blacklisting apps—these can strengthen the perimeter defenses of your enterprise.

...but traditional security methods are no longer enough.

The basics may stop small-time criminals who rely on easy targets, but traditional data security methods are too simplistic to counter the IT security threats aimed at your enterprise. Cybercriminal organizations are comparable to online mafias. It's their business to target your business. They have the means, money, and associates to succeed. It will take more than strong passwords and written user policies to keep them out.

The hits keep coming

According to the 2015 Ponemon report, cybercrimes continue to be on the rise.  The mean cost of cybercrime to an organization is $7.7 million per year with a range of $.31 to $65 million. As the sophistication of professional hackers rises, relying on a strong perimeter to protect your data is insufficient.

Cybercriminals read the same security briefs, forums, and news sites that you do. In fact, they covet the places you visit to keep up with your security activities. You won't stay ahead of hackers by following the same information. Taking a proactive approach to IT security threats is the only way to gain ground.

What best practices can you adopt to secure enterprise intelligence?

Automate security whenever possible

Many security processes are manual and can be improved with security automation. According to Albert Biketi, HPE’s VP & GM of Enterprise Data Security, it imperative to “safeguard sensitive data through its entire lifecycle with data-centric format-preserving encryption and tokenization technologies.”

Automate infrastructure buildout with scripting. Routinize security patches, instance checks, and code updates via scripts. Find and use tools that automate trend analysis and event log checks for early discovery of intrusion.

Prioritize peer conversations outside your company and industry

Most organizations approach security by facing inward. Employees collaborate with peers inside their company but have little to no opportunity to collaborate with peers outside. The lower staff are on the org chart, the less chance they get for outside collaboration. This is true despite the fact that this group is usually on the front lines of finding and fixing security holes. They are often best positioned to alert others to emerging threats because they are closest to them.

Share threat intelligence both inside and outside your company. Find opportunities for all staff levels to interact with peers outside your organization. This practice will provide better insight into emerging threats across technologies, industries, and organizations.

Follow cybersecurity leaders

Look beyond your own industry and organization, and take opportunities to gain the broadest view of what threats and trends are out there.

Rather than relying on forums and news sites to stay abreast of cybersecurity issues, do more independent research. Find security experts and leaders in the field to follow, such as Larry Ponemon of the Ponemon Institute. Government security organizations (like the cybersecurity section of the U.S. Department of Homeland Security site) and universities (such as Carnegie Mellon CyLab) often lead the way in combating security threats.

Invest in security audits and security analytics tools

The old approach to security focused on infrastructure and perimeter protection. The new approach recognizes that devices are beyond the control of the enterprise and business is rarely done inside the perimeter. Ensuring the safety of apps, users, and the data that apps and users can access is essential.

Frequent security audits can help reveal vulnerabilities and the need for patches and updates to close security holes. Security analytics tools can help you spot threats before they damage your business.

Make security a priority in your company culture

All the steps above will help, but if security isn't ingrained in your company culture, they may not be enough. Make clear in your organization, from top to bottom, that security is everyone's concern. Regularly communicate the costs of security breaches, and relate how breaches inside large companies are often enabled by careless or uninformed individuals.

 

Do you need to prioritize security inside your business? Minimize your security risk and arm yourself with more information with the HPE Cyber Risk Report 2016.

 

Judy-Anne Goldman
0 Kudos
About the Author

JudyGoldman

My work at HPE gives me a way to share my passion for emerging technology, connecting people to innovation, and sharing stories that help others engage with and understand the world around them. I'm a digital nomad, often found traveling with my micro companion KC, a 6-1/2 pound mini Dachshund.

Labels
Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all