June 26, 2014 By Martin Borrett 2 min read

For the latest strategies on fighting cybercriminals, read my new blog, “Checkmate: How to Win the Cybersecurity Game.”

Throughout the last year, I have been collaborating with Sogeti to develop an overarching cyber security point of view. We’re proud to announce that the resulting (free!) e-book, “Staying Ahead in the Cyber Security Game,” was published this month. This practical guide aims to inspire and provoke new thoughts and insights even if you are familiar with the topic; for those new to security, it’s a primer on what matters today.

We purposely chose to be brief with this resource and focus on the most recent and relevant topics; we avoided extensive descriptions of well-known practices, such as how to practice security risk management or how to build an authentication model, even though they are still important today. We decided to look at the organization as a whole and what you should consider doing differently.

Cyber Security Takes Center Stage

Cyber security is front and center in the tech world today thanks to near continuous revelations about incidents and breaches. In this context of unpredictability and insecurity, organizations are redefining their approach to security, trying to find the balance between risk, innovation and cost. At the same time, the field of cyber security is undergoing many dramatic changes, demanding that organizations embrace new practices and skill sets.

Cyber security risk is now squarely a business risk — dropping the ball on security can threaten an organization’s future — yet many organizations continue to manage and understand it in the context of the IT department. This has to change.

Technology is continuously evolving, and there is no recent shift larger than the explosion of mobile device usage. People bringing their own devices to work is an unstoppable wave that is engulfing organizations, regardless of their policies. This increased demand for BYOD poses serious challenges for how security is managed in terms of technology, process and policy. These mobile devices seem to be the antithesis of everything security professionals have been trying to do to keep things secure: They are mobile, rich in data, easy to lose and connected to all kinds of systems with insufficient security measures embedded.

The final key security highlight is the increased focus on people and their behavior. It is a common understanding that with enough determination and skill, a persistent attacker will eventually be able to break any defense, but making this process difficult every step of the way not only reduces risk and the time in which organizations can respond to incidents, but also improves the ability to intercept them before the impact becomes substantive. In order to get security right, it must be made part of the most elementary fiber of the organization, both in technology — including security as part of the design — as well as in behavior, by giving employees secure options. Simply using fear as a tool to motivate the organization will get blunt very rapidly.

Download the Free e-Book: Staying Ahead of the Cyber Security Game

More from CISO

Empowering cybersecurity leadership: Strategies for effective Board engagement

4 min read - With the increased regulation surrounding cyberattacks, more and more executives are seeing these attacks for what they are - serious threats to business operations, profitability and business survivability. But what about the Board of Directors? Are they getting all the information they need? Are they aware of your organization’s cybersecurity initiatives? Do they understand why those initiatives matter? Maybe not. According to Harvard Business Review, only 47% of board members regularly engage with their CISO. There appears to be a…

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

C-suite weighs in on generative AI and security

3 min read - Generative AI (GenAI) is poised to deliver significant benefits to enterprises and their ability to readily respond to and effectively defend against cyber threats. But AI that is not itself secured may introduce a whole new set of threats to businesses. Today IBM’s Institute for Business Value published “The CEO's guide to generative AI: Cybersecurity," part of a larger series providing guidance for senior leaders planning to adopt generative AI models and tools. The materials highlight key considerations for CEOs…

Bringing threat intelligence and adversary insights to the forefront: X-Force Research Hub

3 min read - Today defenders are dealing with both a threat landscape that’s constantly changing and attacks that have stood the test of time. Innovation and best practices co-exist in the criminal world, and one mustn’t distract us from the other. IBM X-Force is continuously observing new attack vectors and novel malware in the wild, as adversaries seek to evade detection innovations. But we also know that tried and true tactics — from phishing and exploiting known vulnerabilities to using compromised credentials and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today