March 31, 2016
Information Security: The Changing Landscape
Companies are facing increasing risk from cybersecurity threats. According to Mashable, American banks and other financial institutions have suffered their “largest ever data breach” with more than 100 million records compromised. As noted by eSecurityPlanet, insiders often pose similarly grievous threats; 40 percent of companies surveyed said they “expect to experience a data breach resulting from employee behavior in the next 12 months.”
Dealing with cyberattacks — both internal and external — requires a commitment to continually improving information security, in addition to investing in both rapid detection and response techniques. Here’s a quick rundown on how these IT efforts can help safeguard corporate data and reduce the risk of network compromise.
The Basics: Infosec & IT Security
Information security, often shortened to “infosec”, is the discipline of safeguarding information from unauthorized access, modification, and destruction. This is inclusive of physical vs electronic, insider vs outsider, and intentional vs accidental. IT security, the infosec applied to technology, is the set of policies and procedures put in place by companies to protect their network, hardware, software and any IT infrastructure they own or rent.
Information security was once considered merely a subset of standard IT services, something any tech professional could implement and manage. Ten years ago, this wasn’t far off the mark; cloud computing was still in its infancy, Big Data was little more than a curious notion, and wearable devices were virtually non-existent. IT pros equipped with a state-of-the-art firewall and decent visibility into their server stack were effectively islands, able to reach out as needed, but largely separate from the public-facing Internet and potentially destructive malware.
Now, there’s a different story. New malware is discovered every day by security firms and research teams, and it is not confined to desktops. Smartphones, wearable technology and wirelessly connected devices such as temperature sensors, drug pumps and even vehicles are potential targets. Employees, meanwhile, run the risk of compromising company networks by leveraging insecure cloud services or downloading infected applications — both the App Store and Google Play now struggle to keep malware-laden programs out of their “secure” marketplaces.
An Emerging Approach to Infosec
As a result of the changing tech landscape, information security has evolved from a static, reactive discipline to one focused on speed and accuracy. According to IT Pro Portal, a new Digital Government Security Forum (DGSF) report speaks to a number of “key areas” that require improvement, including:
- Combating sophisticated attackers — While some malicious actors still prefer to “smash and grab,” many are using more subtle techniques or leveraging cheap exploit kits that contain sophisticated code to breach company networks.
- Addressing skills and people issues — Staff remain a critical part of IT security. They must be well-trained to meet the challenges of online phishing, fraudulent websites and shady cloud services.
- Speed of response — Companies must be prepared to quickly detect, analyze and respond to IT security threats.
These new focus areas form the basis of two emerging principles in IT security: Rapid detection and response. Rapid detection focuses on finding critical network threats, while response speaks to ways companies can quickly — and safely — contain these threats. Both are a critical part of effective infosec. While well-documented infosec policies and procedures are an important foundation to reduce risk, it is just as important to plan accordingly for the changing landscape.
Enter your email address below to receive updates each time we publish new content.