The New Year is always a time for looking back on the past, and more importantly, looking forward and reflecting on the positive changes we want or need to make in the coming year. McAfee predicts that 2012 will continue to see cybercriminals improving their toolkits in many areas that pose a material threat to the business – from mobile security risks, to attacks on embedded hardware, digitally signed certificates and more. Below are a few resolutions to consider as your organization moves forward into the New Year:
- Collaborate with departments beyond the IT/security bubble – In 2012, make an effort to interact with department heads, product managers and application developers to get a sense of what they do and how they do it. Not only will this help you identify weaknesses in your security program, but it will also help put security on their radar. By making an effort to understand their responsibilities, objectives and concerns, you’re in a much better position to institutionalize security into company programs and processes.
- Make a commitment to cybersecurity awareness – As we discussed in our December #SecChat on enterprise security awareness, the role of people in an organization’s information security program cannot be ignored. This year, try out at least one new awareness tactic in your organization – be it a themed game of Jeopardy, or a monthly email list with rotating topics on cybersecurity.
- Consider the cloud – With tight budgets and a shortage of staff to administer and manage software, many IT departments are delaying some technology purchases, including much-needed security products. SaaS products can enable your business to focus its talent and resources where they can add the most value, in addition to cutting costs and easing the headaches of managing IT infrastructure and security internally.
- Enable mobile security for employees – Smartphones and tablets, while they have done wonders for employee mobility and freedom, have also complicated the security picture at organizations large and small. As the volume and variety of mobile malware continues to increase, it is imperative that businesses resolve to keep mobile security best practices in mind. Through education, policy, and software solutions, organizations can reduce the risk of device theft, data theft, data leakage, malware, and the financial impact they can have on the business.
- Make security a focus in 2012 – As the new SEC disclosure guidance on cybersecurity makes clear, companies can no longer pretend that attacks and vulnerabilities are immaterial to the business. This year, take steps to show how security directly and critically influences every aspect of the business. Start reevaluating your cybersecurity practices and audits, and become more proactive about disclosing cybersecurity vulnerabilities and attacks. If you haven’t already, implement an organizational Computer Incident Response Team focused on responding to attacks on company assets, and start thinking seriously about incorporating IT security experts in your Risk Management teams.
Here’s to you and yours having a happy, healthy and safe 2012. For more on McAfee’s predictions for the coming year, check out our 2012 Threat Predictions report, as well as my blog post that adds some color and additional observations to the McAfee Labs predictions. As always, we welcome your comments here in Security Connected, and on Twitter at @IntelSec_Biz, where we regularly update our followers on McAfee announcements and events, as well as news from the greater security community.