October 3, 2016

The Four Cybersecurity Trends Organizations Can’t Afford to Overlook

Bob Hansmann

At Forcepoint™, we are very excited about the kickoff of National Cyber Security Awareness Month this week. Cybersecurity is always top of mind for me personally, but each October brings us the opportunity to educate a broader audience about its evolution and shifting landscape. I firmly believe awareness has to come from within an organization, so that a cybersecurity “knowledge culture” emerges. That’s what will enable enterprises to truly protect themselves.

This means employees at all levels and in all departments (not just IT) should stay on top of the most current trends. Below are four key areas we feel are too often overlooked. We will present a blog post each week during this month to dive deeper on these topics and further educate readers.

  • Insider Threats. The “Insiders” who can threaten our networks are more than the classic “intentional” and “accidental” buckets we commonly think of.  I reviewed the “Seven Profiles of Highly Risky Users” a few months ago, and we will dedicate one blog to revisit this topic and explore how strategies to combat the threat have evolved.  But, regardless of the intent, the insider threat represents a real and growing problem:

    • Nearly three-quarters of information security professionals say their organization is vulnerable to these threats, according to survey research from Palerra. And only 42 percent feel they have appropriate controls in place to mitigate their exposure to insider risks.

    • In our recent research report with the Ponemon Institute, “The 2016 Study on the Insecurity of Privileged Users,” we found that 49 percent of privileged users believe abuse within their ranks will increase over the next 12 to 24 months.

    • And IT is hard-pressed to keep up. More than three out of five respondents in the Ponemon report said they can’t keep pace with the number of privileged user access change requests that emerge on a regular basis, and nearly one-third said it’s difficult to audit and validate privileged user access changes. At the same time, one-in-three admit that it’s too expensive to monitor and control all privileged users.​

  • Ransomware. You click on a file, but it fails to load or run. Then you try to call up several more – getting the same result. All of your colleagues are experiencing the same situation, with no access to mission-critical files and data. Then someone receives a message from a cyber crook: “We’ve locked up your files, but we’ll be happy to restore them – for a fee.”

    Few in IT today would fail to understand this ransomware scenario, or dismiss it with a casual “It will never happen to us,” attitude. Ransomware incidents per day have quadrupled over the past year. When we feature this topic in a couple weeks – with research taken from our recent white paper, “Are You Prepared for Ransomware?” along with some updated data points and perceptions from Forcepoint experts – we will explore how these attacks happen, and how to avoid them. We will also weigh in on a very tough question which inevitably comes up during such a crisis: Do you pay the bad guys, or not? (This question is also addressed in-depth in our white paper.)

  • Privacy settings. Historically, IT has struggled to balance “Protection” with “Productivity.”  And now they have to add “Privacy” to that mix, further complicating their security options. With the rise of social media and internet usage for personal and professional reasons, users seemingly sprint their way throughout the online universe without thinking about privacy settings. To protect customer and proprietary data, users need help to understand the value and process for using the privacy capabilities they may not even be aware of.

  • Network segmentation. While this may sound like something only IT professionals would understand – or care – about, users across the board should have a working knowledge of this trend. Fortunately, it’s not a difficult concept to grasp: network segmentation classifies data based upon how critical it is, and then takes these now-separated data clusters and stores them securely in individual, isolated domains. With this, adversaries who compromise a system may find themselves inside the network, but they keep running into “locked doors” when attempting to get to the segmented data. Even better (and here’s why the average user should care), network segmentation doesn’t disrupt business operations. If you’re authorized to call up information, you can do so – and safely transfer it as needed.

We are excited to dive into all four of these topics in greater detail over the next several weeks. Please keep coming back to this space for our National Cyber Security Awareness Month blog posts. At Forcepoint, we believe that raising awareness ranks among our highest corporate duties – both internally and with our customers. If that sounds like the kind of company you’d like to work with, please contact us.


About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.