If you survived 2017 — a year full of data breaches, ransomware, distributed denial-of-service (DDoS) attacks and a multitude of other high-profile security incidents — you deserve a pat on the back. Some of us weathered the storm thanks to our careful preparations, the security controls we deployed, the incident response strategies we practiced and the recovery mechanisms we put in place. The rest of us can thank our lucky stars that things didn’t turn out for the worse.

Five Enterprise Security Resolutions for 2018

No matter how you navigated the treacherous threat landscape during the past year, it’s time for all of us in information security to make our New Year’s resolutions. If you’d rather not leave the fate of your organization to luck in 2018, here are five resolutions for chief information security officers (CISOs) to apply in the new year.

1. Explore AI and Machine Learning

Organizations of all sizes should review their technical controls to see if they are still as effective as they were thought to be. Obviously, firewalls and endpoint security solutions are crucial, but everyone in security knows that these controls alone will not keep you safe, much like antilock brakes and collision warning systems won’t prevent all possible automobile crashes.

Artificial intelligence (AI) and machine learning are worth exploring because, as the volume and sophistication of attacks continues to grow, all hope of keeping pace using manual incident response triaging processes quickly evaporates. A Cylance survey of Black Hat USA 2017 attendees found that 62 percent believed AI would be used to commit cyberattacks in the next 12 months. Can your organization, customers and shareholders really afford to wait before taking proactive steps?

One of the bright spots in the AI landscape has been the IBM Watson project. IBM constantly feeds its AI engine cybersecurity-related materials to digest, training it to connect the dots of an attack. Watson for Cyber Security can process more data, deliver better endpoint threat detection and improve the way incident response is orchestrated across the organization.

Listen to the podcast: What makes Watson the whole package

2. Educate and Engage With Top Leadership

In 2017, both the World Economic Forum (WEF) and the National Association of Corporate Directors (NACD) provided directors and C-suite executives with guidance regarding the need to keep a close eye on cyber risks and improve cyber resilience across the enterprise. More recently, the Committee of Sponsoring Organizations (COSO) of the Treadway Commission published an updated report on enterprise risk management (ERM) with 20 principles for directors and officers to connect strategy, risks and performance and to ensure strong alignment among all three.

3. Step Up Security Awareness

The CISO should, with the full support of top leadership, oversee an organizationwide effort to step up security awareness activities. Training materials should be relatable, direct and relevant to enact a gradual shift toward a strong security culture with reminders, fresh ideas, games and, yes, the dreaded phishing test.

This transition will not happen overnight, and there will be some pushback. But the days of writing passwords on sticky notes, sharing login credentials with office staff and practicing overall poor cyber hygiene, both at work and at home, need to end. CISOs should join forces with awareness evangelists to constantly remind staff members to follow security best practices.

4. Practice Your Breach Response

CISOs should work with HR, public relations, legal and other departments to prepare top leadership for a data breach. After all, you don’t want to be scrambling to determine what to do, who should talk to the press and how the public should be notified during a crisis.

Last year, IBM unveiled a cyberattack simulation as part of its X-Force Command Center (XFCC) to train C-level executives on crisis leadership. The XFCC also houses a cyber range and provides security operations center (SOC) training sessions.

5. Measure the Maturity of Security Activities

When it comes to cybersecurity, directors and officers should regularly ask themselves, “Are we getting better?” The answer to this question should be as straightforward as asking the chief financial officer (CFO) how year-to-date figures compare to those of the previous year.

Cybersecurity isn’t just a bunch of projects and activities — it’s a lifelong journey. Without the ability to measure its progress along that journey, an organization might find itself running in circles, too busy fighting fires with inadequate equipment and training to close the feedback loop. Then they may ask, “What lessons can we learn from this?”

Some organizations have formal enterprise risk management (ERM) frameworks in place. Those frameworks may use maturity ratings as part of the overall approach to governing enterprise-level risks. For organizations that haven’t yet deployed an overarching ERM framework, a good place to start is to evaluate the maturity of the enterprise’s cybersecurity capabilities. This past May, the Federal Financial Institutions Examination Council (FFIEC) updated its Cybersecurity Awareness Tool User Guide, which provides “a repeatable and measurable process for institutions to inform management of their institution’s risks and cybersecurity preparedness.”

Don’t Rely on Luck in 2018

As we turn the page to 2018, organizations and their CISOs should commit to improving the way they consider, manage, communicate and respond to cybersecurity issues. That means introducing cognitive technology into the security environment, educating top leadership about cyber risks, promoting a culture of security awareness throughout all levels of the organization, conducting data breach simulations and tabletop exercises to hone incident response capabilities, and measuring the progress and maturity of security activities.

Don’t leave it up to your lucky stars — given the rate at which cybercriminal techniques are evolving, your luck will surely run out soon enough. Whether you’re a CISO, security professional or everyday user, make security part of your New Year’s resolutions for 2018.

Listen to the podcast series: Take Back Control of Your Cybersecurity now

More from Artificial Intelligence

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

Now Social Engineering Attackers Have AI. Do You? 

4 min read - Everybody in tech is talking about ChatGPT, the AI-based chatbot from Open AI that writes convincing prose and usable code. The trouble is malicious cyber attackers can use generative AI tools like ChatGPT to craft convincing prose and usable code just like everybody else. How does this powerful new category of tools affect the ability of criminals to launch cyberattacks, including social engineering attacks? When Every Social Engineering Attack Uses Perfect English ChatGPT is a public tool based on a…

4 min read

Can Large Language Models Boost Your Security Posture?

4 min read - The threat landscape is expanding, and regulatory requirements are multiplying. For the enterprise, the challenges just to keep up are only mounting. In addition, there’s the cybersecurity skills gap. According to the (ISC)2 2022 Cybersecurity Workforce Study, the global cybersecurity workforce gap has increased by 26.2%, which means 3.4 million more workers are needed to help protect data and prevent threats. Leveraging AI-based tools is unquestionably necessary for modern organizations. But how far can tools like ChatGPT take us with…

4 min read

Why Robot Vacuums Have Cameras (and What to Know About Them)

4 min read - Robot vacuum cleaner products are by far the largest category of consumer robots. They roll around on floors, hoovering up dust and dirt so we don’t have to, all while avoiding obstacles. The industry leader, iRobot, has been cleaning up the robot vacuum market for two decades. Over this time, the company has steadily gained fans and a sterling reputation, including around security and privacy. And then, something shocking happened. Someone posted on Facebook a picture of a woman sitting…

4 min read