Every new adoption of technology or any change in the digital transformation invites new risks. Last year, the advent of GDPR made customer data security and ownership of personal information a key issue. This year, higher levels of data privacy maturity and sophistication are expected at an enterprise level.
Gartner has recognized the most impactful security trends in their research ‘Top Security and Risk Management Trends’. However, these trends may not be mainstream but the strategic shifts in the ecosystem that they signify can have broad industry impact and even drive the significant potential for disruption.
The top 4 cybersecurity trends that CISOs should be aware of to create a resilient organization are:
- Creation of risk appetite statements linked to business outcomes to engage stakeholders
CISOs have been struggling to express the importance of risk-based decision-making. To this end, they find creating a risk appetite statement to be an effective tool that helps align IT risk management and business goals. Practical, simple, and pragmatic risk appetite statements enable CISOs to get the security teams on the same platform as varying business units.
Another factor is that while COSOs now have a strategic decision-making position, the other leadership executives are often not able to gauge the security risk and vulnerabilities. Risk appetite statements link risk treatment plans and business goals to inform stakeholders of the strategies to get together and fight the inevitable risk… Experts suggest that risk appetite statements need to be consistent, clear and relevant, and delivered in the right manner across units.
- Renewed interest in implementing security operations centers (SOCs) focused on threat response and detection.
Considering the complexity and impact of cybersecurity attacks as well as the complexity of security tools that generate alerts, building or revitalize SOCs or outsourcing this function is seen in 2019. According to Gartner, by 2022, half of the SOCs will transform to ‘modern’ SOCs the will have threat intelligence, integrated incident response, and threat hunting capabilities.
Organizations are investing in a higher level of sensitive tools with a focus on balance between detection and response versus prevention. The rise in sophisticated alerts and tools has led to a higher need to centralize and optimize operations, making SOCs a business asset.
- Utilizing data security governance framework to prioritize security investments.
It is now widely recognized that data security is also a policy issue. Effective data security requires a governance framework that can provide a data-centric blueprint to identify and classify structured as well as unstructured datasets. Once SRMs address the risk tolerance and business strategy, technology investments can be prioritized by using the framework as a guide.
- Biometrics driven authentication
Lately, ‘passwordless’ authentication driven by the availability of biometrics delivered by strong hardware-based authentication methods, is becoming a norm. Eliminating passwords has been a longstanding goal, and that seems to be reached in 2019. Passwords create susceptibility to many types of attacks like phishing, social engineering, malware, and credential stuffing. Fast emerging passwordless standards have increased the availability of devices that can support these authentication methods and are driving increased adoption. In addition, there are options like those that hardware tokens, fast Identity Online, and analytics based on passive behaviors, and phone as a token.