Security and risk management trends: What IT leaders should focus on

Security and risk management trends: What IT leaders should focus on [Image: MF3d via iStock]

Business leaders are increasingly conscious of the impact cyber security can have on the outcomes of a company. They have little choice, when almost half of organisations have been hit by cyber attacks in 2018.

Research firm Gartner Inc has identified six emerging trends for these leaders to pay particular attention to and take advantage of. It said doing so could improve their organisation’s resilience, while elevating their own standing.

Leaders understand cyber security plays role in achieving goals

The first trend Gartner identified is the fact senior business executives are “finally becoming aware” that cyber security can have a significant impact on companies’ ability to achieve goals and protect their corporate reputations.

According to the researchers, business leaders have not always been receptive to the message that IT security is a board-level topic and an essential part of business strategies. However, a recent string of high-profile incidents have led to a change in sentiment.

Gartner pointed out a number of prominent examples, including the Equifax data breach; the WannaCry attack that caused worldwide damage, estimated at between $1.5 billion (£1.1 billion) and $4 billion; and the Yahoo! data breach that led to Verizon receiving a $350 million discount on its purchase.

Peter Firstbrook, research vice president at Gartner, said: “Business leaders and senior stakeholders at last appreciate security as much more than just tactical, technical stuff done by overly serious, unsmiling types in the company basement. Security organisations must capitalize on this trend by working closer with business leadership and clearly linking security issues with business initiatives that could be affected.”

Data protection impacting plans

Gartner also identified the issue of legislation on data protection practices as impacting digital business plans and demanding increased emphasis on data liabilities. According to the researchers, incidents like the recent Cambridge Analytica scandal highlight the business risks inherent to handling customer data.

In addition, the regulatory and legal environment is getting ever more complex, with the recently introduced General Data Protection Regulation (GDPR) resulting in even greater regulatory mandates. GDPR has also resulted in exponential increases in the potential penalties for failing to protect data.

“It's no surprise that, as the value of data has increased, the number of breaches has risen too,” Mr Firstbrook commented. "In this new reality, full data management programmes – not just compliance – are essential, as is fully understanding the potential liabilities involved in handling data."

Security requires more agile cloud solutions

The third trend Gartner highlighted was the fact security products are rapidly exploiting cloud delivery to provide more agile solutions.

New detection technologies, activities and authentication models require huge amounts of data, which can overwhelm current on-premises security solutions, the company’s findings revealed. This is resulting in a shift towards cloud-delivered security products, which are more capable of using data in near real time to provide more agile and adaptive solutions.

Mr Firstbrook advised that IT leaders avoid making outdated investment decisions. He recommended finding providers that propose cloud-first services, that have solid data management and machine learning competency, and that can “protect your data at least as well as you can”.

Machine learning elevates suspicious events

Machine learning is providing value to organisations in simple tasks, as well as elevating suspicious events for human analysis.

The shift to the cloud creates opportunities to exploit machine learning to solve multiple security issues. This includes adaptive authentication, insider threats, malware and advanced attackers. Gartner predicted that by 2025, machine learning will be a typical factor of security solutions, offsetting increasing skills and staffing shortages.

Mr Firstbrook said IT leaders should look at how machine learning can address narrow and well-defined problem sets, such as classifying executable files, but warned that they should not be “suckered by hype”.

Geopolitical factors influence security buying decisions

According to Gartner’s researchers, rising levels of cyber warfare, cyber political interference, and government demands for backdoor access to software and services have caused new geopolitical risks in software and infrastructure buying decisions. They highlighted recent government bans against Russian and Chinese firms as examples of this trend.

“It's vital to account for the geopolitical considerations of partners, suppliers and jurisdictions that are important to your organisation,” said Mr Firstbrook. He advised business leaders to include supply chain source questions in requests for proposals and contracts to mitigate this risk.

Concentrations of digital power driving decentralisation efforts

The final risk Gartner identified was that dangerous concentrations of digital power are driving decentralisation efforts at several levels in the ecosystem.

According to the firm, the internet is driving “a wave of centralisation”, with one of the more obvious examples being cloud computing. Although there may be many benefits to these systems, security teams should also be accounting for the risks.

Mr Firstbrook’s advice is to evaluate the security implications of centralisation on the availability, confidentiality and resiliency of digital business plans. “Then, if the risks of centralisation could seriously threaten organisational goals, explore an alternative, decentralised architecture.”