The IT security industry, having grown each year since the dot-com bubble, is famously known as being a recession-proof investment. As more of our lives and our businesses grow to rely on the benefits of IT and the internet, so does the need to protect that reliance from any event which threatens it.Some may suggest that it has never been better for the IT security industry, with such global ransomware attacks and continent-wide regulations coming into force. Giving justification to increase budgets, purchase solutions and recruit more specialist staff, it is indeed a great time for the IT security industry, as it will be throughout the next year and the year after that, for as long as our appetite for a digital life continues.
So, what does an IT security manager, CISO or administrator have to do with this newly won level of importance and budget? After all, there are thousands of solutions in the market, offering protection and reactionary features for various problems. For each organisation, the focus for the next 12 months will depend on their business, digital exposure and risk. However, for those beginning their journey of planning, we have compiled our list of the five key areas to consider:
1. Incident Response
A measure of any good security set up is not how well you can prevent an attack but how well you respond to one. Security is a game of risk and chance, and one which you won't always win. Incident response solutions will detect or be informed of an anomaly and thereafter enact or promote follow up actions, which can mitigate, inform or correct the incident. This allows you to respond to such scenarios with a prescribed and proven methodology, consistently each time.
2. Regulations and Legislation
For the previous 18 months it has been almost impossible to escape news of the GDPR (General Data Protection Regulation) and its possible record breaking administrative penalties. Depending on your industry, this focus will only continue with the EU NIS (Network and Information Security) directive in 2018 and beyond. If there was ever a time to hire or have on contact an information security specialist, it is now. Breaches, unauthorised disclosure and weaknesses in the IT security of organisations globally have made governments nervous and hungry for change. The GDPR and NIS is unlikely to be the end.
3. AI Powered Defences
Malware or more commonly today, ransomware, is becoming increasingly sophisticated. In the recent case of Petya, it could behave differently depending on the host it infected and the permissions it had. In other examples, the use of so-called "file less" malware is worrying solutions providers who rely on the scanning of stored files. Solution providers utilising the benefits of AI (artificial intelligence) to hunt and understand malware as it exhibits non-standard behaviour, occupy many of the top spots cool lists from authorities such as InfoSec Magazine, Gartner and the BlackHat conference.
4. Cloud Security Solutions
Statistics show that the vast majority of organisations now use at least one cloud solution on a regular basis. Traditionally the job of the IT administrator to protect a network had focused on building an ever increasingly high wall at the perimeter. Now, the idea of a perimeter has been forever eroded. The challenge of how to apply the same levels of protection both inside the network and in the cloud, have caused some anxiety. However, with micro-segmentation technologies creating mini-firewalls around each virtual machine and encryption services ensuring cloud storage services store nothing in clear text, those sleepless nights are becoming fewer and far between.
5. User Behaviour and Analytics
If you thought the image of the masked hacker wearing a hood, whilst somehow typing in gloves was your primary threat, then you are forgetting that most research points to the insider being both more dangerous and more prolific. With better access to your sensitive data or systems and being harder to predict, the UBA (User Behaviour and Analytics) industry offers a solution. By tracking the behaviour of your users by the files they access, systems they log into versus their previously assessed actions and job role, UBA solutions can spot changes in behaviour and assess their risks. High risk activities are flagged up for review with the hope of intercepting malicious insider activity before it occurs.
This list is of course not exhaustive but instead serves as a general list of recommendations for key areas of IT security in the coming year. Any chosen solution should address both the common and unique risks which your organisation has exposure to.
After all, any budget increase you may have acquired, has been given to avoid everything which your board has witnessed in the popular media and wants to avoid. Spending it unwisely will not only jeopardise your network and information security, but also your ability to justify future investments.