The Future Is Now
- As cyber threats continue to evolve and become more sophisticated:
- We must change our mindset about how to ensure information security within an organization
- We must remain vigilant in order to protect information from internal and external compromise
- Ultimately, organizations must embrace and adopt a risk-based cyber security framework (ISO 27k) which will:
- Allow better communication and collaboration on cyber security efforts, internally and externally
- By adopting ISO27k security guidelines organizations will:
- Identify and prioritize threats, quickly detect and mitigate risks
- Understand security gaps within their organizations.
- Security is a mindset cultivated into a culture
Statistics
According to FBI director, James Comey, there are two types of companies in the United States:
“Those who’ve been hacked by the Chinese and those who don’t know that they have been hacked by the Chinese."
- Over 169 million personal records were exposed in 2015, stemming from 781 publicized breaches
across the financial, business, education, government, and healthcare sectors. – “ITRC Data Breach Reports – 2015 Year-End Totals” | ITRC
- In 2015, there were 38 percent more security incidents detected than in 2014. – “The Global State of Information Security Survey 2016” | PWC
- In 2015, even fewer than (29 percent) Small-to-Medium Businesses (SMBs) used standard tools like configuration and patching to prevent security
breaches, compared with 39 percent who did so in 2014. – “Cisco 2016 Annual Security Report” | Cisco
- The median number of days that attackers stay dormant within a network before detection is over 200. – “Microsoft Advanced Threat Analytics” | Microsoft
- 74 percent of CISOs are concerned about employees stealing sensitive company information. – “SANS 2015 Survey on Insider Threats” | SpectorSoft
Conclusion
These statistics are concerning, don't you agree? Here's the bottom line... We can either
accept things as they are or take responsibility and change them. From a professional
perspective, acceptance is the path to destruction. Offensive security within an
organization
leads to better security and less exposure to risk. At the end of the day... security
is a choice.