Magazine article Information Today

What's Next for Cybersecurity

Magazine article Information Today

What's Next for Cybersecurity

Article excerpt

* With the Equifax and other recent hacks still fresh in people's minds, for Information Today's annual predictions issue I decided to look to various IT companies for guidance on the current state of cybersecurity, how organizations can improve it, and where they think it will go next.

First, a few definitions. Isaac Kohen (CEO and founder of Teramind, an employee monitoring and insider threat prevention platform) shares what organizations need to know when planning a well-rounded security strategy:

* [W]hen we talk about risk management, to me it means being able to quantify the chances that information can be maliciously leaked or accidentally shared. For example, when an organization allows employees to use social media at work, they might think they're being nice by not blocking access, but they don't think about the fact that social media messengers allow attachments, which means employees can send data to outside sources via social media.

* Insider threats are what risk management tries to curb. Some insiders are malicious- unfortunately there are people who don't feel loyal to their organization and share privileged data with outside sources who can benefit from the knowledge. Other insider threats are accidental-they don't realize they've exposed your data, and those can be extremely dangerous as well. This usually happens when they follow their daily habits that might break company policy, which means if you've found out about one incident, there is a high chance there were many more incidents.

* Cybersecurity is really about focusing on threats from outside your network, so it differs from insider threats but is connected. Many times people from the outside target your employees, and the difference between a company that gets hacked or their data compromised is often employees that are aware of security policies and the threats that remain out there.

SolarWinds MSP, an IT service management solutions provider, issued a report on Oct. 30 stating that "four out of every five businesses across the US and UK will change how they deal with security in the coming 12 months" (globe newswire.com/news-release/2017/ 10/30/1160038/0/en/80-of-Busin esses-Plan-to-Change-Their-ITSecurity-Management-in-theNext-12-Months.html). Nearly half (49%) of the 400-plus companies surveyed are planning to outsource their security for the first time next year. While 25% say this is due to the cost of handling security internally, 24% "want to outsource it to improve performance."

Both businesses and libraries benefit from adopting the best possible security measures. One area they can start with is the use of strong passwords throughout the organization.

Passwords

Identity management provider OneLogin published a report showing that using weak passwords is posing unnecessary risks to U.S. businesses (prweb.com/releases/20 17/10/prweb14768123.htm). While 87% of the more than 500 IT decision makers surveyed believe their password protection policies are sufficient, OneLogin finds that they are actually not enforcing the use of strong passwords. About 25% of respondents don't require company passwords to have a minimum length, and 54% have users rotate their passwords quarterly. Organizations could adopt technologies that help them strengthen password management, such as multifactor authentication (MFA; more than one assessment for determining someone's identity). Only 36% of respondents said they use it within their company, and 34% use it for external access.

Alvaro Hoyos (OneLogin's chief information security officer) says that "IT teams face a perfect storm of challenges related to password security." He describes three challenges they're coming up against: the lack of an identity and access management (IAM) system for enforcing password policies (such as a minimum length) across applications, no support for authentication standards for exchanging data (such as SAML or OpenID Connect) that would "remove the burden of passwords from the login workflow and enable Single Sign On," and the rise of Shadow IT (applications used by employees that the IT department doesn't know about). …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.