2018 Cybersecurity Roadmap

Published On: February 2, 2018

February 2, 2018
Ed Snodgrass, CISO, Secure Digital Solutions

Roadmap CISO dashboardAre you thinking about your 2018 cybersecurity roadmap? Before you begin let’s look at the year prior.

2017 was a busy year for cybersecurity professionals and the organizations they’re chartered to protect. 

Attack surfaces increased significantly due to the rapid expansion of cloud infrastructure and cloud-based services and applications, data center virtualization, and the addition of millions of connected devices, forcing companies to extend their security posture externally in an attempt to protect an ever-dissolving perimeter.

2017 also saw a huge increase in the commoditization of ransomware. Ransomware-as-a-service and malware-as-a-service can now be purchased on the dark web in addition to a service known as fully undetected that allows cybercriminals to upload code and malware to an analysis service for a fee. Upon completion of the analysis service, uploaders receive a report detailing whether commercial security technologies can detect it, allowing for refinement of the malware to better defeat security tools employed by a targeted organization.

Security ‘housekeeping’ suffered significantly in 2017. Inefficient/ineffective patching and failure to sunset potentially vulnerable legacy apps and processes contributed to the vast number of exploits that targeted known vulnerabilities. WannaCry targeted vulnerabilities for which the respective vendors had already released a patch. On its heels, Petya targeted the same fixable vulnerability.

Bottom-line? Cybersecurity is a tough gig – at every level. There are, however, some things that can make a difference in terms of creating and enhancing an effective cybersecurity strategy despite the dynamic landscape. I recently read an article about cybersecurity in 2018 that quotes, among others, Lenny Zeltser, Vice President of Products at Minerva in which he talks about some of the cybersecurity strategy ‘difference makers’. While I could provide my take, I think Lenny does it extremely well. He suggests the following:

  • Evaluate the gaps that exist in the current security controls and processes.
  • Determine if there is any additional protection to be gained through configuration of existing security tools or implementing controls and features that aren’t currently being used in the products you already have.
  • Consider whether any new security investment adds unique value and ensure that it doesn’t simply overlap existing security controls.

Our team here at TrustMAPP agrees that the three points highlighted by Mr. Zeltser are key to having a successful security strategy. This is why we’ve done our part in automating cybersecurity program strategy activities, improvement tracking, and reporting. 

Learn more about TrustMAPP, and find out about our upcoming demos and offers at www.trustmapp.com 

Browse These Topics

Tags

2022 Cyber trends Affordable Information Security Platform Affordable Security Assessment Tool analyze security data findings analyze your security data Assess Company's Security Readiness ciso CISO investment strategies Common Employee Data Security Mistakes company cyber security plans company that specializes in preventing data breaches company’s Internet security cybersecurity budgeting cybersecurity is discussed in board meetings data breach readiness Data Security Data Security Tactics Facebook Safety Federal Trade Commission’s cybersecurity standards fighting security attacks financial data stolen improving the information security of your company increase cyber security across your entire company information protected from a Malicious Cyber Attack Information Security Best Practices interactive security software platform Keep Cloud Storage Secure long term information security solutions maintain a successful security roadmap predict and protect yourself from potential threats prevent a devastating security breach prevent unauthorized access to your network prioritize potential threats Real-time Cyber Security Software real time information security Recent High Profile Companies with Data Breaches reduce cyber vulnerabilities security software dashboard for your entire company security team assess risk Simple Internet Safety stay ahead of cyber security threats unintentional data leakage valuable metrics and processes verbally explain the cyber security threats victim of a cyber security breach