It’s a new year, a time to reflect and consider what we might do differently in 2017. 2016 saw a variety of security challenges, from spikes in ransomware to the rise of the insider threat. In fact, according to the IBM X-Force “2016 Cyber Security Intelligence Index,” 60 percent of all attacks are carried out by insiders.
We must learn from the past year of IT missteps and make a security resolution to adapt to the threats that lie ahead in 2017.
What We Learned in 2016
There is a widespread perception in the IT industry that people are the biggest threats to cybersecurity. Without stringent identity and access management (IAM) controls in place, a malicious insider can exploit a part of the organization. Insiders also pose other problems, since employees with poor security hygiene are the weakest links — prime targets for phishing and ransomware schemes.
The cybersecurity skills shortage can further weaken a company’s security posture. Additionally, as the number of connected devices continues to increase, so does the importance of securing the Internet of Things (IoT). This will be a major theme in 2017.
In short, IBM X-Force identified the most significant cyberthreats to emerge in 2016:
IT professionals should consider what they can do differently to steer clear of these pervasive attacks in 2017.
Embracing a Culture of Security
Here’s my New Year’s security resolution: Rather than understanding the technical details of the vast amount of security tools available, I aim to embrace the entire culture of security. Security culture can be described in many ways, but it primarily applies to people, processes and technology.
Get Back to Basics
For me, it security culture comes down to an individual’s perception and behavior that could impact security. For example, some individuals are wary of cloud-based apps, while some make a risk-based decision to use them.
We’re only human, but we can minimize inevitable human errors by spreading awareness of the threats surrounding our environments and following security best practices. This needs to start with the basics. Gone are the days of snoozing software updates. Passwords should be complex and changed often, and information must be managed and backed up.
Back Up Data Regularly
It sounds straightforward, but sometimes we slack when it comes to cybersecurity despite our best intentions. While I was working late on my dissertation one night during my final year of college, I spilled coffee all over my laptop. All my work was lost. Had I been backing up to an external hard drive, my files would have been safe. I even own an external hard drive, but it too often sits in a box on my shelf. Reflecting back on my dissertation and given the seriousness of a cyberattack compared to a coffee spill, I pledge to back up my data regularly in 2017.
Share Threat Intelligence
Developing good habits is a good start, but cybercriminals constantly reinvent their attack methods to stay one step ahead of security researchers. With this in mind, we need to be aware of the changing threat landscape.
The collaborative nature of cybercriminal activity is actually a great example for security researchers to follow when it comes to personal development and threat sharing. My brain can only absorb so many security articles, blogs, white papers, videos and webinars in one day. By using content organization tools and speaking to a wide network of security professionals, I will continually build on my understanding of the security landscape in the coming year.
A Security Resolution for 2017
There are threats we can predict and those we cannot as we enter 2017. We are, however, responsible for protecting our data and that of our employers. Through basic security hygiene and collaboration, we can keep 2017 secure, one leap at a time.
Here’s to a secure 2017!
Security Bid Excellence Leader, Europe, IBM