The holiday season is here. For chief information security officers (CISOs), as for Santa and his elves, it is the busiest season of the year.
For nearly all organizations, this season marks the run-up to an end-of-the-year security audit, a time to review and assess the organization’s cybersecurity progress and posture. And for retailers, it is also the busiest season of the year — one filled with its own security challenges.
A Season for Looking Back — and Ahead
The holidays are a time for making lists — not only of who’s been naughty or nice in the past year, but also for making resolutions on how best to meet the next year’s challenges. For CISOs, this means assessing and evaluating the security picture over the last 12 months, double-checking compliance needs and evaluating which issues are likely to be prime considerations next year.
CISOs will need to call on their elves to assist in these big tasks. These helpers may come from both inside and outside the organization, ranging from members of the security team and the rest of IT to representatives of other business units (IT’s internal customers), business partners and the broader cybersecurity community. Whether or not an external year-end audit is performed, WindowsObserver.com offered useful advice that goes beyond any specific operating system.
The first item on the CISO holiday checklist is looking back at how the security landscape developed in 2015. This means analyzing everything from internal event logs that give a highly granular picture of the organization’s own experience to surveying global trends that are shaping security. What threats has the organization faced and how effectively has it responded to them?
The second big item on the checklist is legal and regulatory compliance, a factor in all industries and absolutely critical for some, such as finance and health care. Official rules can be a pain to develop and implement, but most of them have been well-crafted by security professionals, and compliance requirements play a big part in building shared standards and best practices. But since new laws and rules often take effect at early in the new year, compliance must be not only reviewed, but also updated.
Finally — last but by no means least — this is the season to prepare for the year ahead. What new potential threats are looming, and what tools are available to protect against them? For example, Wired noted that an emerging threat as we head into 2016 is malvertising, innocuous-seeming online ads placed on popular websites through third-party brokers that conceal malware. The victim does not even need to click on the ad; simply visiting major media sites can expose users.
Malvertising is outwardly a consumer threat, but in a bring-your-own-device (BYOD) world, what attacks employees as consumers can also attack the enterprise. And for organizations with advertising-supported websites, inadvertently hosting malvertisements is a huge security threat and an emerging challenge that must be met.
In short, the holiday checklist for CISOs includes thinking ahead to who may be naughty or nice next year.
For Retail CISOs, Unique Holiday Challenges
All organizations face these challenges, though many benefit from a holiday slowdown or even scheduled downtime. Let’s face it, a lot of people — though not the security team, of course — can and do “check out” a bit during the holidays.
Not so for the retail sector, including firms and charitable nonprofits that are not retailers themselves but whose business follows the retail cycle. This cycle famously (or infamously) peaks during the holiday season. So do its cybersecurity concerns.
Not only are people shopping more, but they are doing it amid more hectic surroundings and often going outside their familiar safe zones to look for that special gift. That means potential security risks spike even more than overall traffic does. Retail-related CISOs will be very busy indeed, earning some holiday cheer they won’t even be able to enjoy until after the season is over.
The good news, in and out of retail, is that this busy security season will soon be over. Security leaders who meet the seasonal challenges will be heading into 2016 with their organization’s security posture in good shape. That could give them plenty to celebrate when this time rolls around again next year.
Read the complete IBM research report on security trends in the retail industry