By Meeta Ramnani - July 12, 2019 3 Mins Read
Every new adoption of technology or any change in the digital transformation invites new risks. Last year, the advent of GDPR made customer data security and ownership of personal information a key issue. This year, higher levels of data privacy maturity and sophistication are expected at an enterprise level.
Gartner has recognized the most impactful security trends in their research ‘Top Security and Risk Management Trends’. However, these trends may not be mainstream but the strategic shifts in the ecosystem that they signify can have broad industry impact and even drive the significant potential for disruption.
The top 4 cybersecurity trends that CISOs should be aware of to create a resilient organization are:
CISOs have been struggling to express the importance of risk-based decision-making. To this end, they find creating a risk appetite statement to be an effective tool that helps align IT risk management and business goals. Practical, simple, and pragmatic risk appetite statements enable CISOs to get the security teams on the same platform as varying business units.
Another factor is that while COSOs now have a strategic decision-making position, the other leadership executives are often not able to gauge the security risk and vulnerabilities. Risk appetite statements link risk treatment plans and business goals to inform stakeholders of the strategies to get together and fight the inevitable risk… Experts suggest that risk appetite statements need to be consistent, clear and relevant, and delivered in the right manner across units.
Considering the complexity and impact of cybersecurity attacks as well as the complexity of security tools that generate alerts, building or revitalize SOCs or outsourcing this function is seen in 2019. According to Gartner, by 2022, half of the SOCs will transform to ‘modern’ SOCs the will have threat intelligence, integrated incident response, and threat hunting capabilities.
Organizations are investing in a higher level of sensitive tools with a focus on balance between detection and response versus prevention. The rise in sophisticated alerts and tools has led to a higher need to centralize and optimize operations, making SOCs a business asset.
It is now widely recognized that data security is also a policy issue. Effective data security requires a governance framework that can provide a data-centric blueprint to identify and classify structured as well as unstructured datasets. Once SRMs address the risk tolerance and business strategy, technology investments can be prioritized by using the framework as a guide.
Lately, ‘passwordless’ authentication driven by the availability of biometrics delivered by strong hardware-based authentication methods, is becoming a norm. Eliminating passwords has been a longstanding goal, and that seems to be reached in 2019. Passwords create susceptibility to many types of attacks like phishing, social engineering, malware, and credential stuffing. Fast emerging passwordless standards have increased the availability of devices that can support these authentication methods and are driving increased adoption. In addition, there are options like those that hardware tokens, fast Identity Online, and analytics based on passive behaviors, and phone as a token.
Meeta Ramnani is the Senior Editor with OnDot Media. She writes about technologies including AI, IoT, Cloud, Big Data, Blockchain across various industries with a focus on Digital Transformation. An avid bike rider, Meeta, is a postgraduate from Indian Institute of Journalism and New Media (IIJNM) Bangalore, where her specialization was Business Journalism. She carries four years of experience in mainstream print media where she worked as a correspondent with The Times Group and Sakal Media Group in Pune.
A Peer Knowledge Resource – By the CXO, For the CXO.
Expert inputs on challenges, triumphs and innovative solutions from corporate Movers and Shakers in global Leadership space to add value to business decision making.Media@EnterpriseTalk.com