Want to hire and retain top IT security talent? Here's how.

Top 10 Cybersecurity Stories of 2016

There’s no doubt that 2016 was an eventful year, particularly on the cybersecurity front. Resourceful hackers found newer, better and more invasive ways to access the sensitive information they were after and ransomware continued to be a lucrative venture. Meanwhile, security professionals fought an uphill battle leveraging every tool and technology available to them in order to remain one step ahead of their attackers. In case you missed it, our friends over at Computer Weekly and TechTarget rounded up the ten biggest stories of the year. They were as follows: 1. C-suite executives confused about cyber-attacks … In a study that polled more than 700 executives, IBM discovered that key business leaders remain confused about the topic of cybersecurity. Despite the fact that 68 percent list security as a major concern and 75 percent believe having a comprehensive incident response plan in place is important, the reality is many execs don’t know who their true adversaries are or how to combat them. The study also highlighted the importance of key executives taking a more active role and being more engaged with CISOs. → Read more 2. National Cyber Security Centre to be UK authority on information security… The UK’s National Cyber Security Centre (NCSC) will focus on the financial sector as a top priority. The NCSC was announced as part of the government’s National Cyber Security plan for the next five years. It will ultimately become host to a “cyber force” ready to handle cyber incidents in the UK and ensure “faster and more effective responses to major attacks”. The centre will also be a unified source of advice and support for the economy, replacing the current array of bodies with a single point of contact. One of the NCSC’s first tasks will be to work with the Bank of England to produce advice for the financial sector for managing cybersecurity more effectively. → Read more 3. Hunters: a whole breed of enterprise cyber defenders … Security leaders agree that the days of relying on security system alerts to scramble first responders to cyber-attacks are past. In the face of increasing volumes of attacks, defenders need technologies that take care of the bulk of the low-level stuff so that they can concentrate on those slipping through the net. Enter the “hunters,” a rare breed of information security analysts who sniff out traces of cyber attackers and go in pursuit, relentlessly tracking and hunting down their quarry. → Read more 4. Security should be driven by business (says Corvid’s Andrew Nanson)… According to Andrew Nanson, chief technology officer of Corvid and former cyber security adviser to Nato and the UK’s intelligence and defence agencies, information security systems driven by products are no good for business. Instead, he believes Information security should be business-driven and investments assessed for their effectiveness and business value. → Read more 5. Darktrace says business needs AI defense against AI attacks… According to Emily Orton, director of UK information security startup Darktrace, the world is entering a new era of cyber-attacks in which the integrity of data is at risk. Cyber attackers are turning to machine learning to create smarter attacks and defenders will require similar technology to detect them. There has also been an increased usage of artificial intelligence (AI) by attackers to enable highly customized attacks that can be detected only if the defenders are also using AI. → Read more 6. IoT security window is closing rapidly… According to Intel's IoT security manager, Lorie Wigle, the window of opportunity for addressing security risks in internet of things devices is closing rapidly. Industry players need to address the security of IoT devices urgently before it is too late. Equally important is the need to ensure that security can be “operationalized” in the sense that these devices must be capable of being updated and upgraded when necessary. → Read more 7. Sage data breach highlights risk of insider threats… UK-based accounting software firm Sage issued a warning to customers in the UK and Ireland, noting a recent data breach that may have compromised personal details and bank account information of employees at nearly 300 UK firms. The breach, which occurred due to unauthorized access using an internal log-in, brings to light the critical importance of addressing the risk of insider threats. → Read more 8. No endgame for cybersecurity… Two of the most valuable lessons in cybersecurity are to know your enemy and not to rely on users to be secure. According to industry veteran Mikko Hypponen, there really is no endgame when it comes to cybersecurity. Cyber attackers are continually evolving their techniques and capabilities to steal and monetize data in new ways, which means the goalposts are continually moving. Security professionals must continuously adapt at the same rate. → Read more 9. UK firms could face £122bn in data breach fines in 2018… UK businesses could face up to £122bn in penalties for data breaches when new EU legislation comes into effect in 2018, the Payment Card Industry Security Standards Council (PCI SSC) has warned. As such, The PCI Security Standards Council is urging firms to act now to avoid exponentially increased penalties under new EU data protection regulations. → Read more 10. Breaches should be on the decline by now, says infosec veteran John Walker… According to security veteran John Walker, data breaches should now be declining. A focus on the board, governance and compliance is distracting many infosec leaders from the real objective of securing data. Walker also defines a good information security leader as someone who is willing to speak out and say things no one else is willing to say, which he admits can be painful at times. → Read more What was your biggest cybersecurity takeaway from 2016? Please share in the comments below. And don’t forget to download your free trial of Ayehu security automation and orchestration platform to avoid becoming a cybersecurity victim in 2017!There’s no doubt that 2016 was an eventful year, particularly on the cybersecurity front. Resourceful hackers found newer, better and more invasive ways to access the sensitive information they were after and ransomware continued to be a lucrative venture. Meanwhile, security professionals fought an uphill battle leveraging every tool and technology available to them in order to remain one step ahead of their attackers. In case you missed it, our friends over at Computer Weekly and TechTarget rounded up the ten biggest stories of the year. They were as follows:

  1. C-suite executives confused about cyber-attacks …

In a study that polled more than 700 executives, IBM discovered that key business leaders remain confused about the topic of cybersecurity. Despite the fact that 68 percent list security as a major concern and 75 percent believe having a comprehensive incident response plan in place is important, the reality is many execs don’t know who their true adversaries are or how to combat them. The study also highlighted the importance of key executives taking a more active role and being more engaged with CISOs. → Read more

  1. National Cyber Security Centre to be UK authority on information security…

The UK’s National Cyber Security Centre (NCSC) will focus on the financial sector as a top priority. The NCSC was announced as part of the government’s National Cyber Security plan for the next five years. It will ultimately become host to a “cyber force” ready to handle cyber incidents in the UK and ensure “faster and more effective responses to major attacks”. The centre will also be a unified source of advice and support for the economy, replacing the current array of bodies with a single point of contact. One of the NCSC’s first tasks will be to work with the Bank of England to produce advice for the financial sector for managing cybersecurity more effectively. → Read more

  1. Hunters: a whole breed of enterprise cyber defenders …

Security leaders agree that the days of relying on security system alerts to scramble first responders to cyber-attacks are past. In the face of increasing volumes of attacks, defenders need technologies that take care of the bulk of the low-level stuff so that they can concentrate on those slipping through the net. Enter the “hunters,” a rare breed of information security analysts who sniff out traces of cyber attackers and go in pursuit, relentlessly tracking and hunting down their quarry. → Read more

  1. Security should be driven by business (says Corvid’s Andrew Nanson)…

According to Andrew Nanson, chief technology officer of Corvid and former cyber security adviser to Nato and the UK’s intelligence and defence agencies, information security systems driven by products are no good for business. Instead, he believes Information security should be business-driven and investments assessed for their effectiveness and business value. → Read more

  1. Darktrace says business needs AI defense against AI attacks…

According to Emily Orton, director of UK information security startup Darktrace, the world is entering a new era of cyber-attacks in which the integrity of data is at risk. Cyber attackers are turning to machine learning to create smarter attacks and defenders will require similar technology to detect them. There has also been an increased usage of artificial intelligence (AI) by attackers to enable highly customized attacks that can be detected only if the defenders are also using AI. → Read more

  1. IoT security window is closing rapidly…

According to Intel’s IoT security manager, Lorie Wigle, the window of opportunity for addressing security risks in internet of things devices is closing rapidly. Industry players need to address the security of IoT devices urgently before it is too late. Equally important is the need to ensure that security can be “operationalized” in the sense that these devices must be capable of being updated and upgraded when necessary. → Read more

  1. Sage data breach highlights risk of insider threats…

UK-based accounting software firm Sage issued a warning to customers in the UK and Ireland, noting a recent data breach that may have compromised personal details and bank account information of employees at nearly 300 UK firms. The breach, which occurred due to unauthorized access using an internal log-in, brings to light the critical importance of addressing the risk of insider threats. → Read more

  1. No endgame for cybersecurity…

Two of the most valuable lessons in cybersecurity are to know your enemy and not to rely on users to be secure. According to industry veteran Mikko Hypponen, there really is no endgame when it comes to cybersecurity. Cyber attackers are continually evolving their techniques and capabilities to steal and monetize data in new ways, which means the goalposts are continually moving. Security professionals must continuously adapt at the same rate. → Read more

  1. UK firms could face £122bn in data breach fines in 2018…

UK businesses could face up to £122bn in penalties for data breaches when new EU legislation comes into effect in 2018, the Payment Card Industry Security Standards Council (PCI SSC) has warned. As such, The PCI Security Standards Council is urging firms to act now to avoid exponentially increased penalties under new EU data protection regulations. → Read more

  1. Breaches should be on the decline by now, says infosec veteran John Walker

According to security veteran John Walker, data breaches should now be declining. A focus on the board, governance and compliance is distracting many infosec leaders from the real objective of securing data. Walker also defines a good information security leader as someone who is willing to speak out and say things no one else is willing to say, which he admits can be painful at times. → Read more

What was your biggest cybersecurity takeaway from 2016? Please share in the comments below. And don’t forget to download your free trial of Ayehu security automation and orchestration platform to avoid becoming a cybersecurity victim in 2017!



How to Get Critical Systems Back Online in Minutes