Cyberattacks are making the front pages on a regular basis. What does this climate of continuous risk mean for security leaders?
Organizations have tended to focus on stopping data breaches, despite the fact that it’s a losing battle. Leaders need to focus on supporting business resiliency and responding to cyberattacks, including ransomware, denial-of-service outages and other types of attacks. Additionally, it’s important to craft and implement strategic plans that balance prevention, detection, response and recovery.
“ Cloud solutions are now at a point where it’s time to dive in and start investing”
We know that cyberattacks can be extremely costly, with significant consequences for businesses and security leaders. Insurance companies are insisting on high deductibles when these attacks occur to encourage businesses to make appropriate investments in security. Senior executives — not just CIOs — are losing their jobs over data breaches, and there’s an increasing impact on intangibles, such as brand reputation, that can be difficult to quantify.
As risk exposure increases, how can organizations secure the entire digital supply chain?
New tools are emerging to help enterprises better understand their risk exposure throughout multilayered risk environments. One important step is to implement a strategy called CARTA (continuous adaptive risk and trust assessment). This is a strategic, continuous and proactive approach to help better manage the risks associated with digital business ecosystems. It means identifying issues early, stopping what you should and responding to what cannot be prevented.
“ Skip the long and costly RFP process, and give more options for meeting the needs of expanding digital businesses”
Levels of trust and risk associated with digital business entities and their actions are dynamic, and need to be assessed continuously as interactions happen and context changes. CARTA, together with investments in people, process and tools, can help keep up with complex ecosystems and continuous change.
What trends are impacting security and risk management strategies this year?
Data protection is evolving to include emerging technologies such as artificial intelligence and machine learning, blockchain, OT-IT convergence, advanced analytics, and the pervasive presence of mobile, cloud and the Internet of Things. These technologies are bringing new opportunities, as well as new risks and challenges. For example, the highly skilled talent that’s needed to support these new technologies is becoming very scarce. However, companies can do more with some of their existing resources. Cloud security has evolved in a positive direction. Cloud solutions are now at a point where it’s time to dive in and start investing. Subscription and pay-as-you-go security technologies enable organizations to skip the long and costly RFP process, and give more options for meeting the needs of expanding digital businesses.