20 Critical Controls

Despite organizations’ increased spending on defense-in-depth, the number of data breaches and their costs continue to mount. Every second, 71 data records are lost or stolen worldwide according to Gemalto’s Breach Level Index. Using Ponemon Institute’s estimated average cost of $148 per record, this translates to a staggering $37,828,800 in combined global losses every hour.

Budget constraints, security staff shortage and complexities due to orchestration are the top three obstacles for security teams, according to a 2018 Cisco survey of more than 3,600 respondents across 26 countries. The growing number of security tools may especially be a hindrance, because organizations are adding more vendors every year, and frequently those products don’t integrate with each other.

Best Practices for Solving Top Security Challenges

The good news is that more organizations are becoming proactive with their defenses. IDG found that 52 percent of businesses planned to increase their security budget in 2018, compared to 42 percent the previous year. At the same time, more expected to increase their security staff headcount — 54 percent in the 2018 survey vs. 37 percent in 2017.

Solving the problem of incompatible vendor products, on the other hand, is more complicated. One major challenge is that as practitioners struggle with “alert fatigue,” they often have no choice but ignore security alerts, based on their priorities.

Organizations go about prioritizing their actions in different ways, but there are certain best practices you should be using. One set of widely-accepted best practices comes from the Center for Internet Security (CIS), a nonprofit whose mission is to “harness the power of a global IT community to safeguard private and public organizations against cyber threats.”

Based on the combined knowledge of its expert community and actual attacks and defenses, the CIS recommends 20 controls that are the most (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rodika Tollefson. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Y63xw8QE9yw/