In this season of new year resolutions and predictions we, at Seclore, have come up with our own "top 10". This is the first of the 2 part series.Governments & Enterprises are increasingly targeted by overlapping surges of cyber attacks from within, from criminals and nation-states seeking economic or military advantage. This article lists the top 10 security risks in front of such organizations for 2012 and recommends ways to deal with them :
10. Information Security Skills Mismatch : The fundamental structure on which every information security initiative stands is the skill of the security worker. Every control can be compromised if this skill is not updated. Enterprises need a combination of specialist information security personnel and IT personnel to make and security initiative a success. Enterprises should collect a cross-functional-team responsible for information security and invest in constant skill upgrade to mitigate this risk."Ignorance is bliss" does not work here !!
9. Disclosure Norms for Data Breaches : The regulatory and legal framework for cyber crime and disclosure of data breaches in most countries is lagging behind the on-the-ground scenario. For enterprises this means that cyber crimes, data breaches and their causes do not get known. This means that the same incident could repeat itself many times before an enterprise comes to know about it. Enterprises should collaborate in closed forums and setup industry interaction sessions to exchange incident information as well as knowledge. "Sharing is caring."
8. State Sponsorship of Cyber Threats : National sponsorship of cyber attacks is no longer targeted only towards other nations. It now extends to private organizations holding any kind of valuable digital asset like citizen data or car designs. Advanced Persistent Threats (APT) attacks will combine every technique old and new to gain control of information and infrastructure. Enterprises can mitigate this threat by deploying a multilayer security strategy against such attacks. Enterprises should evaluate Intrusion Detection & SIEM systems to mitigate this risk."Just because the prime minister does it ... does not make it right"
7. Security Systems : Security systems themselves pose a significant risk to the security of enterprises. The year 2011 has seen some very public disclosure by security companies announcing security breaches themselves. Rogue anti-virus companies are mushrooming all over. Before adoption of any security system, enterprises need to put the system itself through a security test."Who will monitor the monitors ?"
6. Identity and Access Control : Security begins with identity and errors in managing identity and authorization can reflect in every other system and process. Lack of the right technology and the right process presents a significant risk for enterprises today with a large, distributed, mobile workforce with a high manpower churn. Enterprises should evaluate identity management, single sign-on and authorization management systems to mitigate this risk."Who am I is an important question to ask for me and you !
9. Disclosure Norms for Data Breaches : The regulatory and legal framework for cyber crime and disclosure of data breaches in most countries is lagging behind the on-the-ground scenario. For enterprises this means that cyber crimes, data breaches and their causes do not get known. This means that the same incident could repeat itself many times before an enterprise comes to know about it. Enterprises should collaborate in closed forums and setup industry interaction sessions to exchange incident information as well as knowledge. "Sharing is caring."
8. State Sponsorship of Cyber Threats : National sponsorship of cyber attacks is no longer targeted only towards other nations. It now extends to private organizations holding any kind of valuable digital asset like citizen data or car designs. Advanced Persistent Threats (APT) attacks will combine every technique old and new to gain control of information and infrastructure. Enterprises can mitigate this threat by deploying a multilayer security strategy against such attacks. Enterprises should evaluate Intrusion Detection & SIEM systems to mitigate this risk."Just because the prime minister does it ... does not make it right"
7. Security Systems : Security systems themselves pose a significant risk to the security of enterprises. The year 2011 has seen some very public disclosure by security companies announcing security breaches themselves. Rogue anti-virus companies are mushrooming all over. Before adoption of any security system, enterprises need to put the system itself through a security test."Who will monitor the monitors ?"
6. Identity and Access Control : Security begins with identity and errors in managing identity and authorization can reflect in every other system and process. Lack of the right technology and the right process presents a significant risk for enterprises today with a large, distributed, mobile workforce with a high manpower churn. Enterprises should evaluate identity management, single sign-on and authorization management systems to mitigate this risk."Who am I is an important question to ask for me and you !
Posts
0 comments:
Post a Comment