Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cloud
    • Cloud
    • Cybersecurity
    • IT Management

    Five Security Truisms That Have Stood the Test of Time

    Written by

    Chris Preimesberger
    Published February 16, 2018
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      We’ve all seen it: The data security industry has been on a wild ride during the last three decades, from the initial “glory attacks” of the 1990s and early 2000s, to the rise of financially motivated and hacktivist attacks, to current profoundly dangerous nation-state campaigns against governments, businesses and public infrastructure.

      As these threats have evolved, so have enterprise security requirements. We’ve also seen many new technologies–ranging from antivirus and firewalls, to data loss prevention and log management, to next-gen SIEM (security information and event management) and threat intelligence–emerge over the years, each promising to solve our cyber security woes.

      eWEEK, led by security journalists Sean Michael Kerner, Robert Lemos, Ryan Naraine, Wayne Rash, yours truly and a number of others over the years, has chronicled the rise and fall of various security approaches. These include the basic client-server schemes, along with network-centric, server-centric, workload centric, cloud-centric, file-centric and even block-centric security.

      Here is a go-to listing of 100 articles in this publication for your reference dealing with security trends.

      However, through all of the changes, there is some fundamental security advice that has stood the test of time. Security software and services provider Optiv Security, through Infrastructure Security Expert Brian Wrozek, offers eWEEK readers five security adages that are as relevant today as they were years ago.

      The “throw-money-at-the-problem” approach doesn’t work: For years, companies have battled advanced malware and sophisticated cyber criminals in a reactive mode, where new security challenges and regulatory requirements are met with the same response: purchase new technology and hire more people and partners to manage it. This approach has created a crisis in enterprise security, where security teams don’t know what assets they have, and infrastructures are bloated and unmanageable.

      Not only is this strategy a waste of money, but IT infrastructures are a mix of various point solutions that aren’t orchestrated to work together. Many times, this leaves cracks in the foundation that companies thought they successfully built, allowing cyber criminals to penetrate their walls. The hard truth is that more spending doesn’t always translate to reduced incidents.

      Organizations must rethink how they approach security spending. Before every new purchase, they must carefully weigh the need for best-of-breed technology with the importance of building a security infrastructure of fully integrated products, services and systems. To combat today’s sophisticated cyber criminals, companies must transform their security infrastructures and operations from a reactive, unwieldy and product-centric model, to one that is planned, predictable, and centered on optimization and orchestration.

      People are the weakest link: Security influencers have been warning about the dangers of insider threats for years. There are malicious employees and other insiders who want to steal corporate data, gain unauthorized access to confidential systems and services, and execute malware to hurt their company. Then there are accidental cases, such as an employee mistakenly putting confidential data in the cloud. Though benign, this can be equally damaging. 

      Today, there’s a third factor exacerbating the insider threat problem: The chronic shortage in cyber security skills makes it incredibly difficult to hire enough resources to manage complex infrastructures. As a result, IT security teams suffer from widespread burnout, which creates gaps in defenses. This is why so many data breaches are caused not by brilliant cyber attacks but simple human error: misconfigurations, unpatched systems and other elements of basic hygiene.

      Companies don’t need more, they need “right”–the right strategy, the right infrastructure and the right policies and processes in place. Optimizing cyber security portfolios is a good first step to make security simpler, more manageable and less costly, which lessens the burden on security pros and frees them to prioritize higher-level tasks that deliver increased protection and business value.

      Employees also serve as your first line of defense: While it’s true that employees can pose a serious security risk, they can also serve as their company’s first line of defense against cyber criminals. The most effective way to prepare them for this role is to create a strong cyber-security culture that encourages and rewards security awareness and safe online behavior.

      If employees understand their roles in keeping company networks and data protected, they’ll be more inclined to uphold their responsibilities and follow company policy. As such, it’s important to implement ongoing education and training programs that teach employees about cybercriminals’ attack methods and tactics, such as ransomware and phishing, as well as how they should react if a threat is identified.

      It’s also important to clearly explain how employees should manage their online activities and define acceptable and unacceptable ways to access and use company networks, software and devices. To promote adoption of safe cybersecurity behavior and boost employee engagement, consider implementing recognition and reward programs, running monthly contests or rolling out gamification programs.

      Developing a strong cyber security culture founded on awareness, training and clearly defined security policies takes time and effort, but the end result is well worth the upfront investment.

      Patching makes perfect: Patching may seem like a trivial task in the age of next-generation cyber security tools, but it’s a vital component of strong cyber security programs – and Meltdown and Spectre have reminded us of this fact. Addressing the Meltdown/Spectre vulnerabilities will likely require an exponential increase in the level of effort compared to the remediation of prior widespread vulnerabilities.

      This is due to the number of patches required, the complexity of putting the right patch on the right system, and the testing required to understand the performance and stability impacts of the patches on the impacted systems and applications. The patch-management issue is exacerbated by companies failing to refresh their old equipment, which may be harder to patch than newer systems.

      In a world where shiny new security products emerge daily, companies must focus on going back to the basics by putting fundamental security technology and processes, such as patching, in place to minimize risk, maintain protection and bring clarity to the current state of chaos.

      Security is a business problem: CIOs and CISOs have always had a difficult time getting a seat at the table with fellow senior executives and in the boardroom. One of the main reasons for this is they have not been able to articulate their operations in a way that other executives and board members can understand; they haven’t been able to correlate security spend with the company’s overall risk profile. As a result, they are relegated to playing catch-up as strategic decisions are made without the input of security, making it difficult for them to be proactive in securing business operations.

      While this has been an issue for years, it’s still an area of immaturity for many companies. Security executives must implement metrics and key performance indicators, so they can begin to report on their operations in an understandable and meaningful way. Budgeting and evaluating security operations in a way that is consistent with other business units will help security executives take a more prominent role in business strategy and planning, while enabling enterprises to accurately align security investment with risk profile.

      Additionally, being able to speak the language of business will become the single most important factor in security executives finally getting that seat at the proverbial “executive table.”

      Chris Preimesberger
      Chris Preimesberger
      https://www.eweek.com/author/cpreimesberger/
      Chris J. Preimesberger is Editor Emeritus of eWEEK. In his 16 years and more than 5,000 articles at eWEEK, he distinguished himself in reporting and analysis of the business use of new-gen IT in a variety of sectors, including cloud computing, data center systems, storage, edge systems, security and others. In February 2017 and September 2018, Chris was named among the 250 most influential business journalists in the world (https://richtopia.com/inspirational-people/top-250-business-journalists/) by Richtopia, a UK research firm that used analytics to compile the ranking. He has won several national and regional awards for his work, including a 2011 Folio Award for a profile (https://www.eweek.com/cloud/marc-benioff-trend-seer-and-business-socialist/) of Salesforce founder/CEO Marc Benioff--the only time he has entered the competition. Previously, Chris was a founding editor of both IT Manager's Journal and DevX.com and was managing editor of Software Development magazine. He has been a stringer for the Associated Press since 1983 and resides in Silicon Valley.
      Linkedin Twitter

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.