As 2014 comes to an end, you might be putting the finishing touches on your 2015 security plan, or perhaps you haven’t even started yet. Whatever the case may be, if you didn’t catch the 2015 IT Security Outlook Rapid7 webcast yesterday - you are in luck! Read on for my top takeaways from the webcast, but if you want to see it now, you can watch the webcast on demand now.
Thanks to our panel - Rapid7's expert Strategic Services team (Nicholas J. Percoco, Wade Woolwine, and Maranda Cigna) who presented their findings on the top tactics and strategies being implemented by best in class organizations in 2015.
Here my Top 3 Takeaways on what to account for in your 2015 security planning:
- Attacker Behaviors: Know thy enemy! - A lot of companies seem to solely pay attention to what the media tells them is their enemy and not spending enough time investigating who is attacking them and why. Nick puts an emphasis on the need to know your attacker and find out what data is valuable to them. As Wade points out, Malware and tools will change, attacker behavior won’t. Once you have that information, you will be better equipped to fill in the gaps in your security program.
- Prepare for a Long Term Outlook – Rome wasn’t built in a day and neither will your security program be! Nick advises not to rush things, it takes several years to build a mature program. Where to start? Get the basics started today, be innovative tomorrow, and be sure to vet and review your program once a year to ensure that you’re keeping up with attackers and technology. Wade advises that you rehearse, rehearse, rehearse, this will help you to perfect your security program over time and help to highlight your company’s capabilities and deficiencies.
- Top Down vs Bottom Up Approach – In the past, companies traditionally run an annual pen test discovering vulnerabilities and remediating any issues that pop up, repeating the tactic year over year in a patch and remediate cycle. The problem is that this doesn’t cover all of the systemic and pervasive issues that arise. Pen testing is important, of course, but measuring your security effectiveness and identifying your gaps is better done if you evaluate your security controls and schedule regular assessments. This helps get at the root of the cause and helps to cut down on associated costs of reoccurring issues.
To learn more about 2015 security strategies - view the recording of his webcast on demand now!
To learn more about our Strategic Services Team and offerings click here!