<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

Top 5 Focus Areas for IT Security Budgets in the Coming 12 Months

Topics: Ransomware, GDPR, Information Security, Malware, IT Security, NIS, Incident Response, Cloud Security, AI

Posted: 10 August 2017

Top 5 IT Security Budget Focus Areas Next 12 Months

The IT security industry, having grown each year since the dot-com bubble, is famously known as being a recession-proof investment. As more of our lives and our businesses grow to rely on the benefits of IT and the internet, so does the need to protect that reliance from any event which threatens it.Some may suggest that it has never been better for the IT security industry, with such global ransomware attacks and continent-wide regulations coming into force. Giving justification to increase budgets, purchase solutions and recruit more specialist staff, it is indeed a great time for the IT security industry, as it will be throughout the next year and the year after that, for as long as our appetite for a digital life continues.

So, what does an IT security manager, CISO or administrator have to do with this newly won level of importance and budget? After all, there are thousands of solutions in the market, offering protection and reactionary features for various problems. For each organisation, the focus for the next 12 months will depend on their business, digital exposure and risk. However, for those beginning their journey of planning, we have compiled our list of the five key areas to consider:

1. Incident Response

A measure of any good security set up is not how well you can prevent an attack but
how well you respond to one. Security is a game of risk and chance, and one which you won't always win. Incident response solutions will detect or be informed of an anomaly and thereafter enact or promote follow up actions, which can mitigate, inform or correct the incident. This allows you to respond to such scenarios with a prescribed and proven methodology, consistently each time.

2. Regulations and Legislation

For the previous 18 months it has been almost impossible to escape news of the
GDPR (General Data Protection Regulation) and its possible record breaking administrative penalties. Depending on your industry, this focus will only continue with the EU NIS (Network and Information Security) directive in 2018 and beyond. If there was ever a time to hire or have on contact an information security specialist, it is now. Breaches, unauthorised disclosure and weaknesses in the IT security of organisations globally have made governments nervous and hungry for change. The GDPR and NIS is unlikely to be the end.

3. AI Powered Defences

Malware or more commonly today, ransomware, is becoming increasingly sophisticated. In the recent case of Petya, it could behave differently depending on the host it infected and the permissions it had. In other examples, the use of so-called "file less" malware is worrying solutions providers who rely on the scanning of stored files. Solution providers
utilising the benefits of AI (artificial intelligence) to hunt and understand malware as it exhibits non-standard behaviour, occupy many of the top spots cool lists from authorities such as InfoSec Magazine, Gartner and the BlackHat conference.

4. Cloud Security Solutions

Statistics show that the vast majority of organisations now use at least one cloud solution on a regular basis
. Traditionally the job of the IT administrator to protect a network had focused on building an ever increasingly high wall at the perimeter. Now, the idea of a perimeter has been forever eroded. The challenge of how to apply the same levels of protection both inside the network and in the cloud, have caused some anxiety. However, with micro-segmentation technologies creating mini-firewalls around each virtual machine and encryption services ensuring cloud storage services store nothing in clear text, those sleepless nights are becoming fewer and far between.

5. User Behaviour and Analytics

If you thought the image of the masked hacker wearing a hood, whilst somehow typing in gloves was your primary threat, then you are forgetting that most research points to the
insider being both more dangerous and more prolific. With better access to your sensitive data or systems and being harder to predict, the UBA (User Behaviour and Analytics) industry offers a solution. By tracking the behaviour of your users by the files they access, systems they log into versus their previously assessed actions and job role, UBA solutions can spot changes in behaviour and assess their risks. High risk activities are flagged up for review with the hope of intercepting malicious insider activity before it occurs.

This list is of course not exhaustive but instead serves as a general list of recommendations for key areas of IT security in the coming year. Any chosen solution should address both the common and unique risks which your organisation has exposure to.

After all, any budget increase you may have acquired, has been given to avoid everything which your board has witnessed in the popular media and wants to avoid. Spending it unwisely will not only jeopardise your network and information security, but also your ability to justify future investments.

GDPR Data Protection Legitimate Interests and planning your Strategy

Infinigate UK
Posted by: Infinigate UK
Share via:

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts