APAC CIO Outlook
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Agile

    AI Healthcare

    Artificial Intelligence

    Aviation

    Bi and Analytics

    Big Data

    Cloud

    Cyber Security

    Digital Infrastructure

    Digital Marketing

    Digital Transformation

    Digital Twin

    Drone

    Internet of Things

    Low Code No Code

    Networking

    PropTech

    Remote Work

    Singapore Startups

    Smart City

    Startup

    Unified Communication

    Wireless

  • E-Commerce

    Education

    FinTech

    Healthcare

    Manufacturing

    Pharma and Life Science

    Retail

    Travel and Hospitality

  • Dell

    IBM

    Microsoft

    Salesforce

    SAP

  • Cognitive

    Compliance

    Contact Center

    Corporate Finance

    Data Center

    Data Integration

    Digital Asset Management

    Full Stack Development

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    RegTech

    Travel Retail

Menu
    • Cyber Security
    • SAP
    • Aviation
    • HR Technology
    • Manufacturing
    • Cloud
    • Data Center
    • Education
    • Salesforce
    • Digital Infrastructure
    • Bi and Analytics
    • Unified Communication
    • IBM
    • AI
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Cyber Security
    Editor's Pick (1 - 4 of 8)
    left
    Cyber Security - Integrated enterprise approach required to address the multifaceted challenges

    Sumit Puri, CIO, Max Healthcare

    Leadership Framework for Building Elite Teams

    Douglas Duncan, CIO, Columbia Insurance Group

    Four Cybersecurity Weak Spots You Should Care About When Others Don't

    Marc Probst, CIO & VP, Intermountain Healthcare

    Enterprise Security And The Elusive

    Andre' Allen, CISO, City of Houston

    Secure Text Messaging in an Academic Medical Center - Experience and Lessons

    Kari Cassel, SVP & CIO, UF Health

    It's Time to Turn Security Inside Out

    Gilad Raz, CIO, Varonis

    Top 3 Challenges Growing Businesses Face and How the Cloud Can Help

    Ken Shulman, CIO & CTO, Broadview Networks

    Cloud Security Grows Up

    Kevin Winter, VP & CIO, Booz Allen Hamilton

    right

    The Changing Landscape of Cyber Security

    Scott Brandt, CIO & Director of IT, Texas Office of the Secretary of State

    Tweet
    content-image

    Scott Brandt, CIO & Director of IT, Texas Office of the Secretary of State

    As threats to information resources evolve, so must the cyber security community’s defense tactics. Gone are the days of implementing technology solutions solely on the network perimeter to thwart attackers. Information security defenses must include technology to detect and respond to malicious activity throughout the technology environment. Security organizations must partner with business area leaders, provide a robust security awareness program, and maintain a talented information security staff to effectively protect an organization.

    Recent security incidents and data breaches have increased the visibility of information security, not only within organizations but also with partners, customers and the general public. Recent high-profile data breaches have elevated information security to a board room discussion item. A survey of 200 corporate directors conducted jointly by NYSE Governance Services and Veracode earlier this year found that 80 percent of board members say that cyber security is discussed at most or all board meetings. Information security organizations should take advantage of this to partner with business area leaders within the organization to understand the information and processes important to business operations as well as the associated risks. By developing a relationship with business area leaders and working together to identify and mitigate security risks, the information security organization becomes a partner in delivering service to customers. Risk management considerations can be discussed and addressed throughout the lifecycle of business initiatives rather than as a final “gate” to get past during implementation.

    While perimeter defenses remain important, defenders must assume that malicious actors may already have a presence inside their corporate network. Threats have evolved to include advanced actors such as cyber criminals and nation state sponsored espionage. Attackers are becoming more advanced and persistent. The continuing rise of phishing attacks, “drive-by” web attacks, “watering hole” attacks and the modification of malware code to defeat signature based defenses requires defenders to focus more attention and resources on detecting and responding to threats inside their established defensive perimeter.

    The 2015 Data Breach Investigations Report from Verizon estimates that 70 percent to 90 percent of malware samples are unique to a particular organization. This doesn’t mean the malware has unique functionality, but rather that the malware code has been adjusted to have a different hash value or signature to avoid detection. Bad actors have learned that it is frequently easier to trick users (employees of your organization or partner organizations) into executing malicious code than to attack computer systems and applications directly.
    If attackers can make minor changes to their code to avoid anti-virus and other signature based technologies, tricking a user into executing malicious code may give attackers a foothold inside the network perimeter. Likewise, malicious actors may be able to trick an unsuspecting user into providing credentials to access an application or system. It is essential to have a security awareness program that educates workers. Employees must understand that in many cases they are the first line of defense.

    To be effective, the information security organization should not only educate users regarding good security practices in the workplace, they should also work to provide additional value to the users and promote an “always aware” attitude. Security organizations should go the extra mile to provide useful information regarding how employees can stay safe at home and on their personal mobile devices. By adding value for users, the security organization fosters a positive relationship rather than being viewed as either an impediment blocking the employees from what they want to accomplish or as a “big brother” always watching over their shoulder waiting to correct or admonish them. Users should feel comfortable reporting suspicious items to the information security organization.

    One of the key takeaways from the M-Trends 2015: A View from the Front Lines report by Mandiant is that: “Advanced threat actors continue to evolve their tools and tactics to reduce the forensic footprint of their actions and evade detection. Establishing a baseline of normal activity in an environment, and proactively hunting for deviations from this baseline, are essential to stay a step ahead of intruder’s efforts.” Mandiant also notes that the median amount of time that threat groups were present in a victim’s network before detection is 205 days. The organization must have skilled information security staff who not only partner with business areas and users to mitigate risks, but who can also regularly and effectively monitor the technology environment, recognize anomalies and respond to threats. As attackers become more sophisticated, security organizations are challenged to keep pace. While a malicious actor can concentrate on developing specific expertise needed to execute an attack, the defenders must possess the knowledge to combat many different attack vectors. Security staff must constantly be aware of new vulnerabilities and exploits. While the “bad guys” need but a few successful attacks, the defenders are expected to be successful 100% of the time. Security staff should not only receive regular training, but also practice their skills. This may involve white hat hacking of their own systems or the use of a cyber range. On a cyber range, security professionals can gain real world experience attacking or defending systems dedicated to the exercise. Participants are free to fully engage in this isolated environment without fear of impacting the real world. It is an excellent opportunity to experiment with security techniques, to make mistakes and to gain valuable experience.

    Threats have evolved to include advanced actors such as cyber criminals and nation state sponsored espionage

    Organizations with more limited information security resources may consider using a managed security services provider to supplement internal resources. A managed provider can provide expertise in a broad range of areas by leveraging the demands of multiple customers to maintain a larger pool of expert resources. The managed service provider can also compile threat intelligence from a much broader pool of potential targets due to monitoring multiple clients. An organization employing a managed provider benefits from the knowledge and experience the provider obtains when working with their other customers.

    As cyber threats evolve, cyber security professionals must focus not only on perimeter defenses and breach prevention, but also on internal monitoring and incident response to address the increased threat from inside the private network. The information security organization must build relationships with the organization’s business leaders and users to work effectively to address security risks that pose a threat to the data and business operations of the organization.

    tag

    Information Security

    cyber criminals

    Cyber Threats

    Weekly Brief

    loading
    Top 10 Cyber Security Companies - 2022

    Featured Vendors

    I-Sprint Innovations

    Dutch Ng, CEO

    HP

    Richard Bailey, President - Asia Pacific & Japan (APJ)

    ON THE DECK

    Cyber Security 2022

    Top Vendors

    Cyber Security 2021

    Top Vendors

    Cyber Security 2020

    Top Vendors

    Cyber Security 2019

    Top Vendors

    Cyber Security 2018

    Top Vendors

    Cyber Security 2017

    Top Vendors

    Previous Next

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Agile Transformation Journey

    Agile Transformation Journey

    Sachin Nair, VP CIO, Khan Bank
    Meeting the IT Profitability Objective

    Meeting the IT Profitability Objective

    Steve Heilenman, CIO, Computer Aid Inc
    The Changing Landscape of Cyber Security

    The Changing Landscape of Cyber Security

    Scott Brandt, CIO & Director of IT, Texas Office of the Secretary of State
    Accelerating Petcare Innovation through CRM and Digital Vision

    Accelerating Petcare Innovation through CRM and Digital Vision

    Miao Song, Chief Information Officer, Mars Petcare
    How Cloud Systems are Impacting Business Environments

    How Cloud Systems are Impacting Business Environments

    Martin Stegner, CIO, NOVUM Hospitality
    Digital Tack

    Digital Tack

    Claus Nehmzow, Chief Innovation Officer, Eastern Pacific Shipping Pte
    Brokering the Cloud Services

    Brokering the Cloud Services

    Eric Boyette, Secretary & State CIO, Information Technology
    Defining a Cloud Strategy: A Higher Education Paradigm

    Defining a Cloud Strategy: A Higher Education Paradigm

    Russell M. Kaurloto, VP and CIO, Clemson University
    Loading...

    Copyright © 2022 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    |  Sitemap |  Subscribe |   About us

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://cyber-security.apacciooutlook.com/ciospeaks/the-changing-landscape-of-cyber-security-nwid-8034.html