Early this month Tech Republic carried a feature by N.F. Mendoza who reported on the prestigious Gartner Security & Risk Management Summit during which eight critical trends for security and risk-management leaders were identified. One of the fundamental challenges identified as that COVID-19, has “accelerated digital business transformation and challenges traditional cybersecurity practices.” This meant that most organisations do not have sufficiently trained staff or are unable to hire security professionals. This has a major impact on the manner in which their organisations can roll out solutions, and the security of those solutions, to meet the new challenges they face.
Other key challenges identified include, “the complex geopolitical situation and increasing global regulations, the migration of workspaces and workloads off traditional networks, an explosion in endpoint diversity and locations, and a shifting attack environment, in particular, the challenges of ransomware and business email compromise.”
That’s a whole load of difficult challenges to address! The complex geopolitical situation often means that online security challenges easily cross borders. Past experience has shown that some countries actively encourage international hacking activities and this means that online challenges to business need not necessarily be local, but can in fact be directed and controlled from countries or regions very far from the victim’s area of operation.
Increasing global regulations calls for higher standards in the management and use of data. The GDRP provisions in the EU is just one example of the higher standards of operation imposed on EU organisations in the manner in which they handle personal data of EU citizens. This added layer of protection to EU citizens imposes strong obligations on EU organisations in the manner in which they operate, and this can make them targets of criminal organisations that seek to reach out to steal and misuse personal data in their custody.
The migration of workspaces and workloads off traditional networks provides new challenges to organisations that have been forced to rapidly roll-out web-based solutions to support internal and external clients over the past year. In many cases, the speed of deployment did not provide for sufficient testing and these solutions were released with insufficient levels of security. Many companies had to switch from inhouse server and network systems that were operated within controlled environments to cloud based solutions that were more exposed to attacks. The explosion of endpoint diversity and locations ties in with this new reality of the anywhere office that calls for data and systems accessibility form the most remote and poorly internet serviced locations to the multiplicity of access devices that include top end laptops to the more basic smart phones.
It is within this context that Gartner have identified the the top 8 security and risk management as being:-
1. Cybersecurity mesh – this is fast evolving practice of deploying controls where they are needed most through an integrated network or mesh of inter-operational core security tools based on centralized policy management.
2. Identity-first security – this approach replaces the previous focus on convenient access and calls for new security design and demands
3. Security support for remote work is here to stay – this calls for a re-thin in the existing policies for data protection, disaster recovery and backup to ensure functionality for remote staff
4. Cyber-savvy boards of directors – more involvement of tech savvy directors to provide informed opinions to the Board
5. Security vendor consolidation – reduction in ad hoc cyber-security tools to provide greater focus on integrated comprehensive security approaches
6. Privacy-enhancing computation – greater focus on these tools to protect in-use data for more secure data processing, sharing, cross-border transfers and analytics, even in untrusted environments.
7. Breach and attack simulation – more emphasis on the use of these tools to provide ongoing security assessment and defence rather than relying on ad hoc penetration testing.
8. Managing machine identities – the continued growth of the Internet of things (IoT) means that corporate systems have to deal with ever increasing numbers of bots and managing and controlling machine identities is becoming more important and a critical element in a comprehensive security strategy.
Knowing the trends in IT security should provide a general framework within which each organization should check its state of preparedness in each of these areas. Hopefully, one will find that there is already a strong level of security in each area. If not, then it is well worth investing resources to review and build up the necessary levels of security wherever possible. Building IT security defences may cost thousands of Euros, but fixing the outcomes of a breached system may cost hundreds of thousands of Euros in damages and downtime apart from the impact on the corporate brand.
For further details on what eBusiness Systems can do for your organisation in strengthening your IT systems and the security and control processes kindly contact us via firstname.lastname@example.org