For the latest strategies on fighting cybercriminals, read my new blog, “Checkmate: How to Win the Cybersecurity Game.”

Throughout the last year, I have been collaborating with Sogeti to develop an overarching cyber security point of view. We’re proud to announce that the resulting (free!) e-book, “Staying Ahead in the Cyber Security Game,” was published this month. This practical guide aims to inspire and provoke new thoughts and insights even if you are familiar with the topic; for those new to security, it’s a primer on what matters today.

We purposely chose to be brief with this resource and focus on the most recent and relevant topics; we avoided extensive descriptions of well-known practices, such as how to practice security risk management or how to build an authentication model, even though they are still important today. We decided to look at the organization as a whole and what you should consider doing differently.

Cyber Security Takes Center Stage

Cyber security is front and center in the tech world today thanks to near continuous revelations about incidents and breaches. In this context of unpredictability and insecurity, organizations are redefining their approach to security, trying to find the balance between risk, innovation and cost. At the same time, the field of cyber security is undergoing many dramatic changes, demanding that organizations embrace new practices and skill sets.

Cyber security risk is now squarely a business risk — dropping the ball on security can threaten an organization’s future — yet many organizations continue to manage and understand it in the context of the IT department. This has to change.

Technology is continuously evolving, and there is no recent shift larger than the explosion of mobile device usage. People bringing their own devices to work is an unstoppable wave that is engulfing organizations, regardless of their policies. This increased demand for BYOD poses serious challenges for how security is managed in terms of technology, process and policy. These mobile devices seem to be the antithesis of everything security professionals have been trying to do to keep things secure: They are mobile, rich in data, easy to lose and connected to all kinds of systems with insufficient security measures embedded.

The final key security highlight is the increased focus on people and their behavior. It is a common understanding that with enough determination and skill, a persistent attacker will eventually be able to break any defense, but making this process difficult every step of the way not only reduces risk and the time in which organizations can respond to incidents, but also improves the ability to intercept them before the impact becomes substantive. In order to get security right, it must be made part of the most elementary fiber of the organization, both in technology — including security as part of the design — as well as in behavior, by giving employees secure options. Simply using fear as a tool to motivate the organization will get blunt very rapidly.

Download the Free e-Book: Staying Ahead of the Cyber Security Game

More from CISO

How to Solve the People Problem in Cybersecurity

You may think this article is going to discuss how users are one of the biggest challenges to cybersecurity. After all, employees are known to click on unverified links, download malicious files and neglect to change their passwords. And then there are those who use their personal devices for business purposes and put the network at risk. Yes, all those people can cause issues for cybersecurity. But the people who are usually blamed for cybersecurity issues wouldn’t have such an…

The Cyber Battle: Why We Need More Women to Win it

It is a well-known fact that the cybersecurity industry lacks people and is in need of more skilled cyber professionals every day. In 2022, the industry was short of more than 3 million people. This is in the context of workforce growth by almost half a million in 2021 year over year per recent research. Stemming from the lack of professionals, diversity — or as the UN says, “leaving nobody behind” — becomes difficult to realize. In 2021, women made…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Detecting the Undetected: The Risk to Your Info

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories that usually contain some sort of sensitive information or credentials including web and login data from Chrome, Firefox, and Microsoft Edge. In other instances, they…