March 11, 2016 By Kevin Beaver 2 min read

Now that we’re in 2016, more than two decades after the advent of the Internet as we know it, we have a general idea of the best industry practices for security. There are known threats, means for assessing risks and proven technical controls and sound methodologies for managing it all.

Given the latest news and trends coming out of this year’s 25th annual RSA Conference, what security issues should you be concerned with in the enterprise this year?

Concerns Arise at the Conference

One of the greatest areas of concern is not knowing what you don’t know. Security intelligence and analytics was a major theme of the RSA Conference this year and for good reason. So many people in charge of security know what needs to be done: Gather good information so that actionable security decisions can be made and risks can be reduced.

The real challenge is all the information that’s available on any given network; it’s overwhelming. From server logs and mobile usage to all the information that’s leaking out to the cloud and vendors you transact with on a daily basis, how do IT and security professionals keep up?

The answer lies in knowing what you need and then relying on good tools and people to sift through the noise so risks can be properly analyzed. Rather than merely doing what’s assumed to be the best practice or whatever an outside party wants you to do, you have to think about the best approach for your business based on your unique requirements.

Another considerable area of concern and a core focus of RSA USA 2016 is the Internet of Things (IoT). These connected things are everywhere. They’re either on your network right now or they’re impacting your sensitive business information and assets in some tangential way through remote users, business partners or your own customers.

What are you doing about it? How does IoT affect your existing security program? What other security standards, policies and controls need to be put in place to keep things in check? Make IoT part of your security discussion starting now before you’re forced to.

RSA Focuses on Encryption

Finally, a key risk and topic of discussion at the RSA Conference this year was encryption. Keynote presenter Brad Smith, Microsoft’s president and chief legal officer, said, “The path to hell starts at the back door. We need to ensure that encryption technology stays strong.” You need to step back and assess how your critical assets (e.g., information and systems) fit into this discussion.

Storage security is part of this; so is information in transit. Everything your business depends on, especially its intellectual property, is hanging in the balance.

Information protection is not the sole responsibility of the government. But it will be if IT and security professionals, along with their business executives and legal counsel, don’t stand up and make their voices heard and do what’s right to keep their own systems in check.

The information security essentials we’ve known about for decades haven’t changed. Most organizations still need some serious discipline in order to have a resilient information security program. Business and the technologies we’ve become dependent on have evolved, so we have to be cognizant of how everything fits together.

Whether it’s 2016 or 2026 and beyond, it’s up to all of us to ensure that we’re doing our best to address what’s important and move past what’s not. Otherwise, we’ll continue on in the same old rut.

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today