4 Security areas you should focus on in 2015 | Striata
  • Subscribe   
  • Subscribe   

4 Security areas you should focus on in 2015

2015 security areas

Over the past few years we have not only seen an increase in the number of cyber-attacks, but also a disturbing upward trend in the sheer amount of data that has been stolen. The maliciousness of the attacks has also reached the point where data is not only being stolen, but also deleted.

Just look at these estimated numbers:

  • Home Depot – 56 million cardholders affected
  • Target – 40 million cardholders and 70 million others affected
  • JPMorgan Chase – 76 million households affected
  • Sony – 33,000 private files resulting in 47,000 social security numbers, personal information of employees and contractors, financial data and feature length movies being stolen

It should go without saying that companies are going to be focused on security more than ever in 2015. In fact, Gartner (1) has predicted that global spending on enterprise IT security will reach up to $76 billion this year.

Attempting to prevent attacks by increasing spending on intrusion detection and data loss prevention is, however, only addressing part of the solution.

4 Key security areas for 2015

1. Vendor ManagementThird Party Vendor Icon

If you are using third parties/vendors to manage any part of your IT, then ensure that their security protocols align with yours. In both the Target and the Home Depot attacks, hackers gained entry to the core systems via a third party exploit.

Not only should vendors have security protocols in place, but their staff and contractors must be educated accordingly.

2. Educating usersEducating Users

Phishing is not only a product of stolen data, but it has been used in at least one of the recent major hacks. Target’s systems were compromised due to a third party vendor opening and executing malicious code via a targeted phishing attack.

It is especially important when running an email program, whether for eMarketing, transactional or eBilling purposes, that consumers be aware of the potential of phishing emails.

Educate customers on what emails they can expect to receive, versus what to look out for when suspecting phishing. This communication needs to happen often, as the threats themselves mature.

3. Technical ControlsTechnical Controls Icon

Authentication controls such as DKIM and SPF are no longer optional and should be accompanied by a DMARC policy to further combat phishing attempts.

Learn more about the technical set up of DKIM and SPF

Read more about DMARC:

4. Response ManagementResponse Management

While the aim is to never have a system compromised, there is never a 100% guarantee of this. Communication to stakeholders, including customers is imperative after a breach to avoid further attacks. Often in these hacks, personal data including email addresses are part of the stolen assets.

We’ve learned that cyber criminals are opportunists, for example, when Air Asia QZ 8501 went missing late last year, it took around 24 hours for phishing emails and posts on social media linking to malware to be seen in the wild.

If you are still unsure or have any security concerns – we will gladly assist.  Let’s chat…

Reference:

  1. Gartner Press Release, “Gartner Says Worldwide Information Security Spending Will Grow Almost 8 Percent in 2014 as Organizations Become More Threat-Aware” August 22,2014

Get in touch with us

Keen to find out more or get an expert's opinion?

By submitting your details via this form, you are consenting that we receive and store your information for the exclusive purpose of contacting you.
  • We will not share or publish your information or process it for any other reason.
  • Once your request is fulfilled, we will either delete your information or request your consent for further processing.
  • Please find additional information in our Privacy policy.
View our Terms of use | Protected by reCAPTCHA.