In all the excitement and hype that inevitably surrounds the identification of new threats, it’s important not to lose sight of the menace posed by previous security vulnerabilities and malicious actors – most of whom aren’t going away any time soon. The danger they present hasn’t diminished just because new ones have joined them. In fact, the older threats have matured and typically present a greater danger.
This is among the conclusions of Threat Horizon 2015, recently published by the Information Security Forum (ISF). Tracey Caldwell talks to Steve Durbin, global VP for the ISF, who highlights how organisations have a greater than ever dependence on the Internet, which is making them more of a target.
Both the ISF report and another by Ernst & Young, echoed by findings by the World Economic Forum, find that not enough enterprises are addressing the information security risks at a sufficiently senior level. At the same time, the risks are becoming more complex and difficult to understand, and people with the right skills to analyse the risks and put defences in place are difficult to find.
While you might be able to outsource some of the security function, you can’t outsource the responsibility and you need insight and skills in-house to drive an effective strategy. Companies need to understand their risks properly – something that represents a real threat to one organisation may not be so urgent to another – and this requires firms to take a long, hard look at themselves. Durbin discusses how you need to increase your situational awareness, and get the various parts of your business talking to each other.