Today, in the world of evolving cyber threats and cybercrimes, where new technologies are being targeted and are full of loop holes, making it an easy target for cyber criminals. It has become necessary to rethink and revise security policies to address technologies like IoT and Cloud services. Security policies should be effective enough to address these technologies and also the evolving ransomware and DDos attacks.
New business technologies and a younger workforce have prompted security budgets to shift from breach prevention to detection and response. This is the same reason that organizations are looking forward to revise their security policies to effectively defend against security threats. According to Gartner, by 2018, 50 percent of organizations in supply chain relationships will use the effectiveness of their counterpart’s security policy to assess the risks in continuing the relationship.
So the question is what are the reasons and potential threats that are making it obligatory to revise security policies? Here are some threats listed to which organizations should take quick response:
Ransomware, DDoS and APTs:
According to Kaspersky Lab, the number of ransomware attacks targeting companies increased threefold from January to September 2016 alone, affecting one in every five businesses worldwide. Previously, security policies focused on how to protect information. But today, “because of ransomware and advanced persistent threats (APTs), policies have to focus more on user behavior and on the behavior of the bad guys”, says Eddie Schwartz, chairman of ISACA’s cybersecurity advisory council and executive vice president of cyber services at DarkMatter LLC.
Cloud, IoT blockchain and other new technology:
Next generation technologies like cloud and IoT in manufacturing or blockchain in financial services, are driving changes to security policies. “Policy has to keep up with the dynamic environment you’re in,” says Bernard. He further added, “If your company is going to cloud, tech people are worried about uptime and security, but what about the policies that go along with it? Can I share information with one of my key vendors through a cloud app? If so, which one? And how do you facilitate that, which gets into standards questions”. It shows that due to change in technology, the revision in security policy is required.
Changing User Behavior:
Rapidly growing online workforce is changing the technology expectations and work behaviors that affect security policies and standards. “If you’re on Facebook at work watching that funny cat video, be careful because it might contain embedded malware, or just don’t do it at work,” says Schwartz. Instead of giving instructions to employees about protecting information, organization should look forward to restrict usage of personal smart devices for office works. Separating corporate and personal data is the key towards protection that can be achieved through revision in security policy.If security policy is timely assessed and revised on the basis of potential threats to the organization, it is possible to achieve high end security workforce and posture to defend against future advanced and enhanced threats. Moreover, revising security policies should be considered by organization in yearly or half yearly plan.