Cybersecurity has never been more relevant than in the past year. With crippling ransomware attacks, and now Spectre and Meltdown, security and risk management leaders must agree on how to define and address risks and threats in a new digital environment. The mission of cybersecurity must evolve to accommodate these concerns.
Organizations have tended to focus on stopping data breaches, despite the fact that it’s a losing battle
Security and risk management leaders should monitor the following developments to prepare purchasing strategies and technology adoptions:
- Within the past year, leading global companies have seen sales and revenue impacts as high as $300 million due to malware-based cyberattacks.
- As more security technologies move to the cloud and to either subscription or pay-as-you go models, enterprises have more opportunity to evaluate security technology and reduce long, resource-intensive and costly RFP processes.
- Cybersecurity due diligence in mergers and acquisitions (M&A) cannot be one-size-fits-all; as with any diligence effort, the scope depends on the participants’ industry, the value of assets, the regulatory environment and deal size.
Jeffrey Wheatman, research director at Gartner and conference chair for the U.S. Gartner Security & Risk Management Summit, outlines the current and future needs and threats facing IT as the threat landscape evolves.
Cyberattacks are making the front pages on a regular basis. What does this climate of continuous risk mean for security leaders?
Organizations have tended to focus on stopping data breaches, despite the fact that it’s a losing battle. Leaders need to focus on supporting business resiliency and responding to cyberattacks, including ransomware, denial-of-service outages and other types of attacks. Additionally, it’s important to craft and implement strategic plans that balance prevention, detection, response and recovery.
Cloud solutions are now at a point where it’s time to dive in and start investing
We know that cyberattacks can be extremely costly, with significant consequences for businesses and security leaders. Insurance companies are insisting on high deductibles when these attacks occur to encourage businesses to make appropriate investments in security. Senior executives — not just CIOs — are losing their jobs over data breaches, and there’s an increasing impact on intangibles, such as brand reputation, that can be difficult to quantify.
As risk exposure increases, how can organizations secure the entire digital supply chain?
New tools are emerging to help enterprises better understand their risk exposure throughout multilayered risk environments. One important step is to implement a strategy called CARTA (continuous adaptive risk and trust assessment). This is a strategic, continuous and proactive approach to help better manage the risks associated with digital business ecosystems. It means identifying issues early, stopping what you should and responding to what cannot be prevented.
Skip the long and costly RFP process, and give more options for meeting the needs of expanding digital businesses
Levels of trust and risk associated with digital business entities and their actions are dynamic, and need to be assessed continuously as interactions happen and context changes. CARTA, together with investments in people, process and tools, can help keep up with complex ecosystems and continuous change.
What trends are impacting security and risk management strategies this year?
Data protection is evolving to include emerging technologies such as artificial intelligence and machine learning, blockchain, OT-IT convergence, advanced analytics, and the pervasive presence of mobile, cloud and the Internet of Things. These technologies are bringing new opportunities, as well as new risks and challenges. For example, the highly skilled talent that’s needed to support these new technologies is becoming very scarce. However, companies can do more with some of their existing resources.
Cloud security has evolved in a positive direction. Cloud solutions are now at a point where it’s time to dive in and start investing. Subscription and pay-as-you-go security technologies enable organizations to skip the long and costly RFP process, and give more options for meeting the needs of expanding digital businesses.