The beginning of a new year is always a great time to plan for the road ahead by reflecting on the successes from the past 365 days, and that’s what we’re doing now. 2018 was an attention-grabbing year in the cyberworld! Ever-emerging risks and trends, along with new security solutions and industry insights, provided us with a wealth of information to share through our blog.
In addition to keeping our audience apprised of the goings-on in the world of cybersecurity, we also gave you a peek into what we had been working on at Armor to better our communities—both physical and virtual. From our Honeypot and Black Market research reports we were able to gain industry insights. This year’s second annual #ArmorU Twitter poll shows us the cloud security posture in companies around the world and approaches to cloud security in corporate environments. Finally, our inaugural Fight For the Greater Good video contest celebrated the first pillar of our core values and asked our social media followers to share their stories about how they are fighting for the greater good, giving back, and paying it forward.
To our tremendous satisfaction, you loved what we had to say in 2018. The readership levels and responses made it clear that the information provided in our blogs resonated with you as well. Here’s a quick recap of the 10 best Armor blog posts that rose to the top with IT and security professionals:
EXECUTIVE:
The Cost of a Data Breach: What CFOs Should Know about Cybersecurity Risks
Historically, if you were to ask most chief financial officers (CFOs) about cybersecurity, they would respond with a quick “sorry, not my department.” However, the numbers don’t lie. A joint Centrify and Ponemon report found that on the day a company discloses a data breach, its share value index drops an average of 5%.
This blog discusses the massive financial impact of data breaches, their increasing frequency, why CFOs need to enter the conversation, and how they can—and must—play a key role in proactive strategic cybersecurity investments for their organizations, versus relying on reactive measures post-breach.
The Benefits of Being Blonde: A Journey to Information Technology
According to a recent study, women make up only 11% of the information security workforce. But what’s even more amazing is that number has remained unchanged since 2013. Clearly, women are a largely untapped workforce for security, especially when those who pursue a career in this realm are often celebrated by their superiors and peers as extraordinarily talented security analysts, engineers and forensic investigators.
This blog is the compelling story of one woman who, fortunately, refused to acknowledge the stigmas, sarcasm and insults that might have prevented her from following her dream and becoming a certified, professional IT specialist.
Enough with the Cybersecurity Talent Shortage
The cybersecurity industry is currently facing a talent shortage, and the problem is expected to only grow for the next several years. While the problem is well-known within the IT community, no one has offered advice or recommendations on how educational institutions, security groups and private companies, can help mend it and begin producing educated, experienced workers.
This blog discusses how cybersecurity professionals, academia and community/industry groups can work together to fill the gaps by collaborating on relevant curricula, special programs, internships, community outreach, and more that incite and encourage the pursuit of a career in cybersecurity.
FOUNDATIONAL:
SOC Strategy: Let’s Put Down the Hammer
When it comes to cybersecurity, most companies recognize the need for a full-time security operations center (SOC). The fact is, maintaining a company’s security is more than a full-time job. It truly requires dedicated 24/7/365 attention from a comprehensive, qualified team of cybersecurity experts, but most enterprises don’t comprehend the resources and time required to manage one in-house.
This blog discusses what’s at stake, the pros and cons of in-house vs. outsourced, costs vs. savings and the requirements of an effective SOC strategy.
Reselling Hospitality: A Look at Hotel Rewards on the Dark Web
Just about any piece of data can be sold for cash on the Dark Web—from social security numbers to utility bills to credit card information. Since everything is fair game, it should be no surprise that rewards points are just another piece of data on that list.
This blog examines the various ways thieves and scam artists succeed in compromising points accounts and what you should do as a consumer to protect your just rewards.
Cybersecurity Attacks vs. Physical Disasters
Natural disasters caused by extreme weather conditions, particularly hurricanes and typhoons, are becoming more devastating than ever. But while the World Economic Forum has tagged extreme weather events and natural disasters respectively as the top two global risks most likely to occur, a purely man-made risk isn’t far behind. No. 3 on that list is cybersecurity attacks.
This blog discusses how destructive cybersecurity attacks are compared to natural in terms of cost, business downtime, the chance of forcing businesses to close shop, and several other factors, as well as why enterprises should not only factor cybersecurity into their business-continuity/disaster-recovery plans but also treat it as a top priority.
COMPLIANCE:
Security vs. Compliance: A Love-Hate Relationship
Although closely related and serving equally important roles in today’s data-driven business environments, security and compliance are two fundamentally different principles. In 2017, we saw multiple examples of companies adhering to regulatory compliance standards fall victim to data breaches, including Equifax, Yahoo!, Uber, Chipotle, and more. Although these organizations were likely compliant, that doesn’t mean they were secure.
This blog dives into the distinction between compliance and security and provides steps organizations can take to enhance their security posture.
How Healthcare & Retail Initiatives Impact Security & Compliance
2018 saw new retail and healthcare partnerships and initiatives emerge, such as CVS and Aetna joining forces and talks of Amazon entering the pharmacy industry, which indicate a larger movement afoot to reform the healthcare industry by analyzing retail buying patterns. With every buying and shopping decision being tracked, these initiatives beg questions such as, “What is this company going to do with my purchasing trends? Is it so far-fetched to think Amazon will make product suggestions based on my health records? Will Aetna raise my premium based on my recent CVS purchases?”
This blog takes a look at the potential privacy and security risks of healthcare and retail partnerships, as well as how businesses planning for the healthcare-meets-retail movement need to truly evaluate what security measures are in place as they become a data mecca.
TECHNICAL:
Containers & Cybersecurity: Automation Is Key
As companies begin to understand container technology and the benefits that come with containerization, a sense of comfort tends to set in. In today’s ever-changing security landscape, the concern moves away from the containers themselves and becomes security based; more specifically, if we store our data in containers, how can we assure it’s secure?
Seeking new ways to secure containers for their different environments, there are several factors to keep in mind. This blog provides a process that organizations can adopt to secure containers no matter the environment in which they’re deployed.
Reevaluating Dwell Time and Incident Response
At Armor, we interpret the term “dwell time” to mean “the duration a threat is present on a protected system until it has been remediated.” However, several security service providers (this generically covers managed security services providers (MSSP), managed detection and response (MDR), and security-as-a-service (SECaaS)) have viewed dwell time in a narrower way.
This blog discusses how the traditional view of dwell time came to fruition, the role of MSSPs in shaping this view, and its related consequences.
Like you, we’re looking forward to what 2019 has to bring for our company and our communities. Mostly though, we’re excited to see what we can bring you in 2019 through our blog.
So, cheers to another year of engaging with you and providing our audience with information regarding cybersecurity, technology and industry insights. Happy New Year!