30 Jul Top information security trends to incorporate into your company’s protection strategy
Organizations across every industry sector simply cannot be too careful with their information security these days. Cyber criminals and the malicious software and tactics they use to breach corporate systems, snoop and steal data are becoming more sophisticated than ever before. What’s more, external hacking threats aren’t the only worry anymore – increased pressure from industry regulations, advanced technology like the IoT and other inside threats are all creating challenges for information security.
By taking a look at the latest trending strategies for warding off these threats, and incorporating other best practices like the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, businesses can better safeguard their most sensitive and important data and systems.
Proactively working against trending attack styles
One of the most successful approaches for supporting enterprise information security is to take a proactive stance against the latest cybercrime approaches. This should involve education and awareness about the overarching threat landscape and the strategies hackers are using to attack corporate systems.
For instance, today’s threat environment is becoming more complicated due to the rise of Crime-as-a-service, noted CIO senior writer Thor Olavsrud. Like other on-demand offerings, this practice encompasses cyber criminals selling their malicious services for attack.
“[C]riminal organizations [will be] further diversifying into new markets and commodifying their activities at a global level,” Olavsrud wrote.
This translates to increased availability of malware to even novice hackers, expanding the overall threat landscape.
Taking cues from NIST
In order to fight this level of complex cybercriminal activity, organizations can look to align their internal information security practices with the NIST Cybersecurity Framework, which, as TechRepublic contributor Brandon Vigliarolo noted, recently became federal government policy.
The framework – the full text of which is available here – is divided into core functions, which are further broken down into categories and subcategories that describe the cybersecurity outcomes each function looks to achieve.
The five functions include:
- Identify: This function encompasses the identification of the critical systems, data, assets, resources and other elements that require protection. Outcomes here include asset management, understanding the business environment, risk assessment and governance.
- Protect: Once the essentials and associated resources are identified and understood, stakeholders can work to put protections in place. Goals here include identity management and control, awareness and training, data security and information protection processes and procedures.
- Detect:Here, organizational security leaders create a plan and put in place the appropriate resources to ensure that any threats to identified infrastructure elements can be properly detected, including through continuous monitoring and other detection processes.
- Respond: Within this function, organizations work to develop a plan of response. In this way, should an anomaly or suspicious activity be detected, security stakeholders can work to mitigate it. Outcomes include response planning, analysis, mitigation and necessary security improvements.
- Recover: This last function involves the recovery of any elements impacted by detected threats, including through recovery planning, improvements and internal communication.
Overall, the framework enables organizations to put proactive plans in place so that if and when a threat is detected, they are equipped to spot it, mitigate any damage and quickly recover. Building these practices into internal information security processes is essential within the current environment.
To find out more about supporting your data protection and infrastructure security, connect with the experts at Pinnacle today.