Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cybersecurity News

Back to Basics to Address Evolving Cyber Threats

By Matt Brown
cyber 2 feat
October 30, 2014

The final entry in this four-part series really maps closely to the objectives set forth by National Cyber Security Awareness Month, focusing on what is really required to effectively protect systems against cyberattacks.  Concerns about evolving cyber threats –a major theme of this article series – have the industry increasingly talking about this topic.  Although the threat landscape has dramatically changed, in many instances system vulnerabilities have remained the same over the past 15 years.  That’s not to say that the volume of attackers or sensitive information stored in these systems hasn’t significantly increased.  The problems that organizations are facing are not necessarily new vulnerabilities, but more so the heightened attention paid to address those issues.

A prime example is the recent JPMorgan Chase data breach, which impacted 76 million households and seven million small businesses.  Although it is widely reported that this successful attack came from an organized cyber crime ring out of Russia – a threat scenario that was probably unthinkable 15 years ago – the attack is a case study that has been plaguing the industry for years: how to detect and block a persistent attack.  This situation has been witnessed over and over again, from Target and Home Depot to Albertsons and Dairy Queen, leading many to ask how organizations can address these cyber threats.

Going Back to the Basics

The previous article in this series spoke to the advancement of cyber tools and technologies, all the shiny new objects that organizations have at their disposal.  Yes, cyber technology is progressing for the better, and the market is in much better shape.  That said, organizations are often more concerned about buying and integrating the latest and greatest into their security posture.  In actuality however, the ability to take a step back to address the basics might serve them more effectively.

Chairman and CEO Robert Carr of Heartland Payment Systems has been outspoken about this fact given the recent retail and financial institution breaches.  In 2008, his organization suffered what was, at the time, the largest breach in history, with 130 million debit and credit card accounts accessed.  Carr went back to the basics after the breach, implementing end-to-end encryption and tokenization into the Heartland security infrastructure.  These technologies are not new, and they certainly are not considered “sexy,” but they are strong, stable solutions that are often overlooked for the “next big thing.” 

Organizations need to take a step back and look at their infrastructure and assets, while prioritizing vulnerabilities by potential impact in order to fix the worst problems first.  Instead of turning to the latest emerging technology, they should ensure that they have the foundational tools in place to understand 100 percent of their systems inventory, manage configurations, scan for vulnerabilities regularly and identify the most significant weaknesses for immediate remediation.

Consider Continuous Monitoring

Although going back to the basics is a priority, organizations should also consider integrating a continuous monitoring approach.  Continuous monitoring – which was made mainstream by the Department of Homeland Security (DHS) with its Continuous Diagnostics and Mitigation (CDM) program – is a process of conducting ongoing, real-time checks for compliance and risk, providing an accurate, near real-time state of network security.  The key to continuous monitoring is implementing the tools and processes to understand and manage the hardware and software inventory of the enterprise while scanning routinely to identify and remediate vulnerabilities.

The government is really leading the way with the CDM initiative.  CDM, and its $6 billion contract vehicle, set the stage to help fortify federal “.gov” networks – and the often classified, sensitive and personal data that resides on those networks.  The commercial market is also looking to adopt a similar concept, but is challenged by the dynamic and consistently changing network environment they face due to acquisitions, mergers, expansions, retractions and the like.  It is important to transition from focusing purely on compliance reporting towards combating threats consistently and proactively by enumerating the worst problems and prioritizing their remediation based on impact. 

No matter how comprehensive an organization believes its cyber systems are designed to protect against new and emerging threats, continuous monitoring enables them to remain a step ahead to close the most problematic attack vectors.

A lot has transpired in terms of cybersecurity technology advancement, mostly for the better.  These advancements, however, have sometimes led organizations astray in securing their infrastructure and operations.  It is still important to pursue new approaches, such as continuous monitoring, and emerging technologies, but it is just as critical to take that step back to conduct the due diligence to validate foundational capabilities are in place.

 

Previous articles in this series:

The Changing Cybersecurity Landscape

How Has Cybersecurity Changed Operations?

How Y2K Changed the Field of Cybersecurity Technology

KEYWORDS: continuous improvement cyber risk mitigation cyber security cyber security awareness

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Matt Brown is the Vice President of Homeland Security and Cyber Solutions for the Knowledge Consulting Group (KCG).

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • budget

    Security Leaders Must Adjust Cybersecurity Budgets to Effectively Address 2018 Cyber Threats

    See More
  • cloud-enews

    Back to Basics with Cloud Security

    See More
  • People using mobile phones

    Mobile phishing threats are evolving, according to new research

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • June 20, 2024

    Turning Threats into Solutions in Today's Cyber Landscape

    ON DEMAND: This webinar will also explore lessons learned and the evolving threat landscape of cybersecurity within local governments and how these key challenges and tactics can develop an effective security strategy.
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing