Being the last week of 2016, it only seems fit to evaluate what has been done up to now by organizations to secure their enterprise so that you can know what still needs to be done in 2017 and/or what you haven’t been doing all along that would benefit your enterprise’s cybersecurity.
The recent report published by ESG and the Information Systems Security Association (ISSA) gives a good idea of what organizations have been up to with cybersecurity for the past two years.
- 49% of cybersecurity professionals say their organization has engaged in one or more new cybersecurity initiatives in the last two years. These include cloud security projects and endpoint security plans, to name a few.
- 41% of cybersecurity professionals say their organization increased security controls and monitoring for privileged users.
- 40% of cybersecurity pros state that their organization has increased the size of their cybersecurity staff.
- 39% find their organization has adopted some portion of the NIST cybersecurity framework.
- 39% of surveyed security pros report their organization has implemented stronger controls to limit user and device access to sensitive data and applications.
- 39% saw an increase in cybersecurity budget.
From the report it’s clear that organizations have been taking cybersecurity more seriously, however there are some things missing from this list that need to be added so that you don’t miss them in your cybersecurity plan for 2017.
- With IoT devices increasing exponentially businesses will be seeing a lot more of them in the office and even though limiting user and device access to the company’s network and data is a step in the right direction, organizations must do more to match the influx of IoT vulnerabilities coming in. Add to your 2017 cybersecurity to do list a cybersecurity policies and procedures for IoT devices in addition to your existing BYOD policies and procedures.
- When increasing your cybersecurity budget in 2017 and/or security expert workforce, remember to consider security business partners like NCX Group to come in and assist where you couldn’t find the necessary expertise. As it’s been discussed throughout the year, organizations are having a hard time filling the cybersecurity skillset spot due to the lack of experts available for hire. Also, it’s always good to have an external security company perform an audit of your overall enterprise structure in case you’ve missed something, which can happen.
- What’s also important and not covered in the ESG and ISSA report is the need for organizations to make cybersecurity a part of the business process and create a cybersecurity committee to ensure all executives and staff are on the same page. People are the biggest link to some of the hacks that have happened in the past years. The human error is due to the communication gap between security pros and the enterprise, as a whole; and because of the absence of cybersecurity culture within the company.
This past year there’s been an increase in breaches, as well as types of cyber threats organizations face. 2017 isn’t going to look much different. Digital and technology evolve in a blink of an eye, which is why cybercriminals are finding new ways to get your data and inside your network.
Maybe 2017 will be the year businesses start catching up with cybercriminals. Give us a call if you want to make sure you’re on track with cybersecurity in 2017.
Schedule your free infosec consultation and start 2017 with a good bang!
Photo Courtesy of Mathias Rosenthal