Resolving to keep assurance commitments in 2016
By now, many of us may have sidestepped some of our New Year's resolutions. Traditionally, even the best of us start out with the sincerest of intentions and then flag pitifully on even the more practical of our resolutions as life's day-to-day challenges dominate our time.
Still, there are some of us who have been unwavering in our commitments. We've made some promises to ourselves and, doggone it, 2016 is the year we're keeping them.
Such dedication by the lone individual also could be adopted by the larger organization. Maybe a company's executive leadership pledged with the New Year to be more inspiring to motivated and impassioned employees, devising more unique and stronger incentives, educational opportunities or evolutionary roles and promotions. Perhaps, listening to staff more to overcome systemic problems is tops for some. Being more nimble and less risk averse to launch new products could be a main goal for others.
A few stragglers, when looking at their fiduciary responsibilities, also finally may have accepted the fact that IT security needs must be at the forefront of priorities. Perhaps, like quite a few organizational leaders, they've taken some steps to address IT security requirements, but they really haven't embraced these with the gusto today's business environment requires.
Online crime trends that have now become the norm tell the tale. For example, one that has been growing for the last year or two – discussed more thoroughly in this edition's cover story – stems from the desire by less technologically savvy thieves to get a cut of what have become lucrative illegal activities online. Their various nefarious aims very handily underpin robust and profitable cybercrime-as-a-service business models for more knowledgeable, agile and experienced groups.
These and the endless number of other actions by cybercriminals are leading many IT security industry experts to predict that critical data won't just be stolen or exposed this year, but its integrity damaged as it is surreptitiously changed. IoT products and technologies will be compromised not only to thieve data, but also to penetrate physical structures. Ransomware incidents and DDoS attacks that result in extortion demands will rise. Phishing and other social engineering-based assaults will rule the days, making end-user education much more critical for all organizations.
Credit card fraud, data compromises, corporate extortion and more won't see marked improvements in IT security, say industry pundits. Despite this, however, organizational leaders must resolve to continue taking steps in the right direction, spearheading and updating security programs as part of their overall business plans. They should look to participate in the sharing of threat intelligence among their peers and government entities, develop business continuity strategies that keep networks running and web servers operating, establish policies that provide guidance in reaction to things like extortion demands or social engineering incidents, embrace technologies like encryption, develop basic educational programs for end-users, and so much more.
In short, the IT-security-related resolutions to which corporate executives should commit throughout 2016 are numerous. While Mark Twain once said we all typically “cast our reformation to the winds” too quickly after citing our list of goals for the New Year, 2016 shouldn't see us “cutting our ancient shortcomings considerably shorter” when it comes to IT security. None of us can afford to be that careless these days.