March 29, 2016 By Kevin Beaver 2 min read

Now that we’re well into 2016, you likely have various information security initiatives underway. The specifics you’re working on are, no doubt, priorities given your unique needs, budget and so on. But are you focusing on the right things? Are the things you’re doing really minimizing your business risks and addressing the right security trends?

It’s easy to get distracted and do what time management experts call majoring in minors — spending time, effort and money on areas of security that, in the grand scheme of things, might not provide much value to the business. You’re spinning your wheels and going through the motions rather than resolving what’s urgent and important. It’s classic 80/20 rule: Focus on the 20 percent of the initiatives that will provide 80 percent of the value for the investment.

Security Trends Come to Light

There are various trends impacting information security today that you need to stay on top of — many of which came out of the 2016 RSA Conference. This includes the Internet of Things (IoT) and data protection in the cloud, as well as the encryption and privacy of customer and corporate information. In a day and age when I’m still seeing people spend large sums of money on technologies such as network access control (NAC) and traditional antivirus solutions while data breaches are as prevalent as ever, it seems that something needs to change.

Instead of security teams focusing on more recent technologies such as cloud access security broker (CASB), advanced malware protection and the like, it’s as if they’re stuck in a vacuum; they’re bound and determined to fix what was important five to 10 years ago. As a result, they may be overlooking areas of risk and technologies that can help solve problems in newer, better ways.

What’s the state of security in your business? You’re likely experiencing modern challenges like most others. But are you paying close enough attention to see the details? A great exercise is to do what’s called zero-based thinking. Ask yourself: Knowing what we know today, what would we do more or less of? What should we now be focusing our efforts on given the current threats to our environment?

Transform Your Security Program

If you ask these questions, and answer them honestly along with your peers and management, you can truly transform where your security program is today. Look at what’s going on with the latest threats and technologies because that’s where we’ll likely be focusing our efforts in five years. You might just see your priorities change and be in a better position down the road by focusing on what’s important today.

I also recommend you take some time over the next few weeks to review the publicly accessible resources that came out of the RSA Conference and other recent industry events. There are keynote highlights on YouTube and considerably more videos on the RSA Conference website. Such resources are great for helping you build out or improve your information security initiatives, including security architecture, threat intelligence, policies and governance, and awareness and training.

All of this being said, you don’t want get too far off into the weeds addressing the latest and greatest information security trends if you haven’t yet fixed the basics. These fundamental flaws are on your network right now, and discipline is the only solution — not hype and short-term motivation from security conferences or media headlines, which will soon fade away.

Keep in touch with the latest happenings, but master the fundamentals. That’s the only true way to resolve your security issues over the long haul.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today