Unfortunately, the ever-changing digital environment that we all now live in will continue to drive all types of data threats in the new year ahead, especially since many adversarial organizations are well-funded, smart and determined.
Even closing the security gap between information security and operational IT will be a critical need to address in the new year ahead. But, what are all of the check-list items that organizations need to overcome in 2018 in order to keep their customers’ data off of the black market?
To answer this question, Inside Counsel sat down with Kurt Long, CEO and Founder of FairWarning, to discuss the ongoing pitfalls that organizations will face with cyber security in 2018, the role that innovative solutions like AI and data analysis will play in the year ahead, and predictions about the types of organizations that will survive cyber threats in 2018.
As we move into 2018, organizations will continue to face damages associated with insider threats. In fact, 60 percent of all attacks are carried out by insiders. Organizations across industries from healthcare to financial services have adopted cloud technologies in recent years, and with this shift, employees now have more access to sensitive data.
“Data breaches associated with insider threats and collusion to sell data to dark-web actors will remain a growing threat,” he said. “Our own government in 2017 is struggling to identify an insider who is leaking highly secretive cyberweapons of the NSA. Organizations should ditch the ‘mote mentality’ of security and focus on a people-centric security approach.”
Survival of 2018 threats comes down to preparedness and a people-centric security approach, according to Long, as 66 percent of organizations won’t survive a cyber-attack, according to Ponemon’s Cyber Resilient Organization study.
“Companies who survive a cyber attack or a breach will have rehearsed the scenario beforehand, and likely have an incident response plan in case of a security incident,” he explained. “The response and survival of your organization is dependent on the skills and preparedness of your employees. Organizations who have driven a culture of security into their organization will likely face far less damages in the case of an attack.”
So what are the gaps that will still need to be closed in the year ahead? Per long, in 2018, businesses must address the human element of cybersecurity. Breaches and attacks will continue to occur and cause damage, and can only be mitigated by strengthening the workforce. So, organizations should get serious about vetting out a strong workforce and training the entire organization in security.
He added, “It is no longer the job of the CISO to thwart attacks, but the entire company. They should start with implementing a plan that outlines best processes, implementing monitoring and security technologies, in addition to employee training.”
Amanda G. Ciccatelli is a Freelance Journalist for Corporate Counsel and InsideCounsel, where she covers intellectual property, legal technology, patent litigation, cybersecurity, innovation, and more.