Over the last few years, we’ve witnessed countless cyber-attacks and massive data breaches. If we take a closer look at some of the more recent larger hacks such as Facebook, Uber, Yahoo and Capital One, we see that these breaches are hitting very advanced companies who often have extremely large security budgets.
These breaches leave them with serious financial and reputational damage, leading to a chaotic crisis management process which costs hundreds of millions of dollars and can take years to recover from, in the best case scenario.
The fundamental pillars of the security world have started to change over the last few years, and these changes are directly impacting the way in which companies approach their information security. I believe there are four emerging trends which will change the way all companies protect themselves in the coming two years.
The first trend is the recognition of the importance of cybersecurity within the organization.
While in the past cybersecurity and risk management were afterthoughts, today cyber risk has become the number one operational risk. Cyber-attacks are a constant threat, everywhere, all the time and can cripple an entire organization. Just watching how the attack on Yahoo sent its valuation down by $350m, or the $183m fine that British Airways had to pay has raised awareness on just how serious the cyber threat really is. In response, CISOs have begun to adopt a more strategic approach where they spend less time preparing for what happened yesterday and a lot more time on what tomorrow’s attack to look like.
The second trend is the migration over to cloud.
A large portion of the market has begun migrating, and hybrid IT strategies are in place at most mid-large companies in most industries. The advantages the cloud has to offer to the businesses are far too great to ignore, but there is one catch: the threat landscape has exponentially grown. This is not to say that cloud solutions are less safe, but rather the tools used until now to protect on-prem assets do not really fit anymore. A new set of tools are being deployed to protect the cloud, but they fit into the bigger picture is a challenge CISOs face every day.
The third trend is crisis communications.
Every time there is a large-scale breach, senior leadership is in the hot seat. It may be the CEO, the CISO or a board member, but someone at the top is held accountable, and faces repercussions, as seen recently when Capital One announced the removal of their CISO following a massive breach.
To protect themselves, senior leaders need to ensure they have quantified and mitigated the cyber risks in their organization to the best of their ability, demonstrated with quantifiable metrics. Without this, a long-standing career could be negatively impacted by a single breach. This has led to a significant increase in reporting to executive leadership on cyber risk – more transparency, more benchmarking, more structure and more socializing the topic at the board level.
The fourth and perhaps the most significant trend is compliance.
The world of cyber and privacy compliance is simply exploding. More frameworks and more regulatory interventions are being introduced. Staying up to speed on the requirements is extremely challenging and it is going to get more complicated. These requirements are complex, extensive and ever changing, which makes it very hard to stay compliant throughout the year, resulting in a very painful end-of-year audit, and potentially gaping holes in security posture in between. A lot is changing! Business and security leaders need to ensure their organization is adapting and preparing for this new environment. Keeping out of tomorrow’s headlines and away from regulatory scrutiny can be addressed by a healthy structured risk management program with the appropriate people, processes and tools in place to manage this dynamic area. By addressing this first, before purchasing the next set of security tools, cybersecurity leaders will without a doubt save significant time and money while increasing the security posture of the organization.
This is part of a blog series provided by CyLon, who find, grow and invest in the world’s best emerging cyber businesses, via its tailored acceleration programs in London and Singapore. Since 2015 CyLon has supported more than 80 companies and has a portfolio of international companies valued at more than £400m.