How Canadian Business Can Prepare for a Cyber Secure 2020
A recent survey of 208 Canadian firms finds that companies aren’t doing enough to enforce cybersecurity.
The survey by the Canadian Advanced Technology Alliance (CATA) studied physical cybersecurity in manufacturing and critical infrastructure firms such as government, banking, energy, transportation, and hospitals. The results were not promising, as many of the respondents lacked at least one of the factors identified as necessary for a clear and effective cybersecurity strategy.
Three steps to cybersecurity
According to Jean-Guy Rens, leader of the study, there are three components to cybersecurity:
- a chief information security officer (CISO)
- a written cybersecurity plan
- regularly scheduled penetration tests and security audits
A well-formulated cybersecurity strategy ensures that all devices comply with company policy. Factors such as compliance with industry and government regulations and standards, and aligning physical security devices with standard risk-management tools and practices should be considered when developing a cybersecurity strategy.
Security audits and penetrations tests are a systematic evaluation of your enterprise IT defences. Security professionals measure how well your company’s protocols comply with a list of established criteria. In penetration tests, multiple approaches are used to try and breach the system in search of vulnerabilities. External penetration tests focus on publicly exposed systems, while internal tests focus on internally connected systems.
Too often, the study found, cybersecurity wasn’t a priority for many firms, to the point where it was sometimes left up to the finance department. “IT and cybersecurity should be treated equally, and that means giving more value to the cybersecurity department,” said Rens.
A CISO dedicated to assessing risks and installing necessary technologies can help balance the equation—not to mention, help the company stay on top of the latest threats and tech.
Changes coming to cybersecurity
One problem for enterprises is that many cybersecurity tools are out of date.
“Cybersecurity has become a business-critical, extremely dynamic, massively scalable, and highly specialized discipline, but we still approach it with disconnected point tools, manual processes, and inadequate staffing,” according to CSOonline.com.
Changes coming to businesses in 2020 include:
- Tightly coupled cybersecurity tech platforms. Cybersecurity components such as endpoint/cloud workload security, network security, file detonation sandboxes, threat intelligence, and advanced analytics, will be combined on a single vendor platform.
- Cloud-based central management and distributed enforcement. The concept of a cybersecurity technology platform itself will expand under a cloud-based management plane. Configuration management, policy management, and monitoring will be overseen on the management plane, while actual security controls will be distributed.
- AI and machine learning. By drawing on ever-increasing and variable data-sets, AI tools will continue to improve at forming a bigger picture. Better AI means improved network security, data security, endpoint security, and identity and access management. Automation and services will be baked into products, taking care of day-to-day security operations while the security team protects business assets/processes and focuses on high-priority events like policy automation.
Heading into 2020, cybersecurity is going to be an ever-greater concern to enterprises. Investing in better tools and plans now may mean fewer headaches in the future.