There are three reasons businesses today have a moderate to high focus on security – three main drivers for changing the approach to security:
- Mass media headlines on breaches.
- Businesses becoming more digital.
- A focus on becoming GDPR compliant.
But there remains confusion or lack of awareness about many different aspects of modern security.
Companies show a high focus on malware and hacking, two of the more traditional threats. However, they are less concerned about other nevertheless essential areas, such as the risks of emerging technology, regulatory compliance and human error.
One of the primary reasons for lower concern is that businesses are less sure of how to address these problems. Security defense against malware and hacking typically consists of firewall and antivirus. These are still necessary parts, but they are no longer sufficient.
Consider these six trends in IT security and learn how you can get ahead of them.
1. Security has become an incredibly complex field thanks to both internal and external factors.
Internally, companies are dealing with a broader range of technology that is more connected. At the same time, they have legacy systems that require a more traditional approach. The security effort is not completely shifting from one area to another, it is growing as companies expand their technology footprint.
Externally, hacking has become a serious activity, with cybercriminals forming organizations, using more sophisticated tools and performing attacks for a wide variety of reasons.
2. Data needs more protection.
Digital data is becoming the most critical asset for many businesses, as they use data for historical learning, daily operations and future insights. More and more companies are seeing data breaches, and those that don’t believe they have experienced data loss may simply not have strong enough monitoring of their data.
The types of data lost indicate the shifting motivations behind attacks – rather than seeking financial data or IP, hackers primarily look for employee data that can be used for attacks on larger targets.
3. Most organizations have admitted they do not do their due diligent to vetting out a cloud provider.
These are the essential areas to review:
- Business continuity.
- Data retention.
- Data encryption.
- Data integrity.
- Regulatory compliance.
- Identity and access management.
- Geographic locations.
4. Mobility is becoming a target.
Mobile platforms are now large enough to attract the attention of cybercriminals, so mobile malware and phishing are becoming greater threats.
Again, looking at the human factor of employees disabling security features or disregarding corporate data policies, the threats become even more viable.
5. Risk and security must be balanced.
While most firms currently believe that they have a good balance between risk and security, the trend is toward companies acknowledging that they have built up too much risk as a result of making moves to new technology without fully considering the security ramifications.
6. Human error is more important than we thought.
An essential area to consider in a modern security approach is the human element. The disconnect comes because of the nature of the solution—namely, technology and process are not enough to secure this weakest link in the chain. Companies need to consider new ways to improve the security savvy of their workforce.
CompTIA is here to help with tools that address all of this – particularly as you serve as a trusted security advisor to your clients.
CompTIA’s IT Security Assessment Wizard is a straightforward, three-page questionnaire intended to help build a profile of the interaction between your business and your clients. You’ll be asked to characterize some of the common security-related events in your company and to describe some of your everyday protection practices regarding recordkeeping, payment processing and exchange of possibly confidential data.
CompTIA CyberSecure is a self-paced training course that teaches your employees how to follow security practices vital to protecting your business. The 60-minute training focuses on situations relevant to everyone from the receptionist to the CEO – not just the IT department.CompTIA Buying Guide for IT Security assists you in navigating the decision-making process for an IT security engagement. This guide is not intended to be a Consumer Reports-style product review, but rather a framework for asking the right questions to ensure that you are making an informed decision.