Although company awareness around cybersecurity issues is increasing, Chief information security officers (CISOs) still struggle to convince corporate executives about how impactful cybercrime can be over business processes and stakeholder relations.
The good news is that CISOs are getting more involved in strategic meetings, but business leaders are often unable to understand when a new project is likely to generate too much risk for the organisation, exposing it to vulnerabilities that would require intensive effort and investments to be adequately addressed. This sort of cultural disconnection between security and business teams should be bridged, as Gartner experts point out in recent “Top Security and Risk Management Trends” research report.
Given the increasing complexity of cybersecurity attacks and the growing need for effective crisis monitoring and response orchestrator tools, Gartner also observes that more organisations are working to build or revitalise their security operations centres (SOCs). By 2022, at least 50% of all SOCs will integrate incident response, threat intelligence and threat hunting capabilities, up from less than 10% in 2015. This means SOCs are more and more perceived as a critical business asset.
Companies are overall enhancing their data governance framework to prioritise data security investments. It’s not merely a matter of technology, as a data-centric blueprint should be defined to manage both structured and unstructured datasets across all enterprise computing assets, leading to accurate, robust data security policies.
About user authentication and access, industry analysts expect passwordless methods to achieve higher market traction thanks to the availability of biometrics and hardware-based techniques. Eliminating passwords reduces the risk of phishing, credential stuffing and malware attacks, but CISOs need to be careful before introducing alternative authentication methods – this decision should be part of the data security governance framework too.
More, as cloud-based platforms become mainstream, CISOs should mature their cloud security know-how, and possibly invest in skilled people, processes and tools to master this rapidly changing environment. A SecDevOps workstyle might be knocking at your door.
Photo credit: Designed by rawpixel.com / Freepik