• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Latest Stories

7 security and risk management trends for 2019

Allan Tan by Allan Tan
May 31, 2019

Gartner has identified seven emerging security and risk management trends that will impact security, privacy and risk leaders in the longer term.

According to the analyst these “top” trends are ongoing strategic shifts in the security ecosystem that are not yet widely recognized but are expected to have broad industry impact and significant potential for disruption.

Peter Firstbrook, research vice president at Gartner“External factors and security-specific threats are converging to influence the overall security and risk landscape, so leaders in the space must properly prepare to improve resilience and support business objectives,” said Peter Firstbrook (photo right), research vice president at Gartner.

Trend No. 1: Risk appetite statements are becoming linked to business outcomes

As IT strategies become more closely aligned with business goals, the ability for security and risk management (SRM) leaders to effectively present security matters to key business decision makers gains importance.

“To avoid exclusively focusing on issues related to IT-decision making, create simple, practical and pragmatic risk appetite statements that are linked to business goals and relevant to board-level decisions,” said Firstbrook. “This leaves no room for business leaders to be confused as to why security leaders were even present at strategic meetings.”

RELATED: CROs at FSIs most concerned with digital transformation and cybersecurity

Trend No. 2: Security operations centers are being implemented with a focus on threat detection and response

The shift in security investments from threat prevention to threat detection requires an investment in security operations centers (SOCs) as the complexity and frequency of security alerts grow. According to Gartner, by 2022, 50% of all SOCs will transform into modern SOCs with integrated incident response, threat intelligence, and threat-hunting capabilities, up from less than 10% in 2015.

“The need for SRM leaders to build or outsource a SOC that integrates threat intelligence, consolidates security alerts and automates response cannot be overstated,” said Firstbrook.

He Feixiang, a mobile security researcher at Check Point Software Technologies noted that data flow usually contains highly sensitive personal (ID, address, credit assessment, current location) and financial (banking detail, payment instructions). Such data are often transmitted from not-so-well defended mobile device to enterprise-grade servers. It challenges companies to extend protection from company-owned infrastructure to customer devices (mobile device in particular).

Figure 1: Cyber risk management challenges

Cyber risk management challenges

Source: Deloitte

Tony Jarvis, CTO, Check Point Software TechnologiesCheck Point’s chief technology officer for Asia-Pacific, Middle East & Africa, Tony Jarvis (photo left), chimed in: “While threat detection and response is a core part of a security program, we advise clients to treat it as a beginning rather than an end state. Prevention should be prioritized so as to minimize the number of compromised assets and mitigate damage. So too should the entire enterprise be protected. That means getting visibility over mobile devices, cloud services, and perhaps most critically, ensuring end users are constantly kept updated with regards to best practices and recent attacks to watch out for.”

<--pagebreak-->

Trend No. 3: Data security governance frameworks will prioritize data security investments

Data security is a complex issue that cannot be solved without a strong understanding of the data itself, the context in which the data is created and used, and how it is subject to regulation. Rather than acquiring data protection products and trying to adapt them to suit the business need, leading organizations are starting to address data security through a data security governance framework (DSGF).

RELATED: FSI tips for mitigating risks in the digital age

“DSGF provides a data-centric blueprint that identifies and classifies data assets and defines data security policies. This then is used to select technologies to minimize risk,” said Firstbrook. “The key in addressing data security is to start from the business risk it addresses, rather than from acquiring technology first, as too many companies do.”

Anne Petterd, a principal at Baker McKenzie Wong & LeowAnne Petterd (photo right), a principal at Baker McKenzie Wong & Leow, a member firm of Baker McKenzie in Singapore noted that regulatory requirements around data protection are increasing in many parts of Southeast Asia.

She added that financial services regulators, Singapore and Malaysia, are looking to set particular cyber hygiene requirements for financial institutions. Regulators looking to require a certain level of C-suite competency and accountability on technology and cybersecurity matters.

When privacy and cybersecurity laws across South East Asia are discussed, the first issue often mentioned is the absence of harmonization, with each jurisdiction approaching issues differently, opined Petterd.

“The different and developing requirements in South East Asia on privacy and cybersecurity can make it challenging for businesses assessing the jurisdictions where they can offer their products.  This may be particularly the case for e-payment offerings that would operate across borders,” she added.

It is also an issue for financial institutions in South East Asia wishing to make use of cloud solutions hosted outside their home jurisdiction in order to take advantage of big data analytics or other data-heavy activities in their businesses. The ability to use cloud-based solutions and secure protection of data are likely to be frequent topics of conversation between financial institutions and regulators for some time, particularly as the consumer demand for mobile and web-based banking solutions continues to grow.

Trend No. 4: Passwordless authentication is achieving market traction

Passwordless authentication, such as Touch ID on smartphones, is starting to achieve real market traction. The technology is being increasingly deployed in enterprise applications for consumers and employees, as there is ample supply and demand for it.

“In an effort to combat hackers who target passwords to access cloud-based applications, passwordless methods that associate users to their devices offer increased security and usability, which is a rare win/win for security,” said Firstbrook.

Trend No. 5: Security product vendors are increasingly offering premium skills and training services

The number of unfilled cybersecurity roles is expected to grow from 1 million in 2018 to 1.5 million by the end of 2020, according to Gartner. While advancements in artificial intelligence and automation certainly reduce the need for humans to analyze standard security alerts, sensitive and complex alerts require the human eye.

“We are starting to see vendors offer solutions that are a fusion of products and operational services to accelerate product adoption. Services range from full management to partial support aimed at improving administrators’ skill levels and reducing the daily workload,” said Firstbrook.

Trend No. 6: Investments being made in cloud security competencies as a mainstream computing platform

The shift to the cloud means stretching security teams thin, as talent may be unavailable and organizations are simply not prepared for it. Gartner estimates that the majority of cloud security failures will be the fault of the customers through 2023.

“Public cloud is a secure and viable option for many organizations, but keeping it secure is a shared responsibility,” said Firstbrook. “Organizations must invest in security skills and governance tools that build the necessary knowledge base to keep up with the rapid pace of cloud development and innovation.”

The skills gap in cybersecurity is an issue that certainly needs to be addressed but not all hope is lost.

Tom Kellermann, chief cybersecurity officer for Carbon BlackTom Kellermann (photo left), chief cybersecurity officer for Carbon Black agrees that cybersecurity skills gap remains an issue that must be addressed. He is hopeful, however, that the gap can be remediated. “The rapid adoption of cloud technology provides an opportunity for organizations to be working with leading software providers to create a robust cybersecurity program comprising prevention, detection, response, and prediction,” he added.

Trend No. 7: Increasing presence of Gartner’s CARTA in traditional security markets

Gartner’s continuous adaptive risk and trust assessment (CARTA) is a strategy for dealing with the ambiguity of digital business trust assessments.

“Even though it’s a multiyear journey, the idea behind CARTA is a strategic approach to security that balances security friction with transaction risk. A key component to CARTA is to continuously assess risk and trust even after access is extended,” said Firstbrook. “Email and network security are two examples of security domains that are moving toward a CARTA approach as solutions increasingly focus on detecting anomalies even after users and devices are authenticated.”

Related:  Top trends impacting I&O for 2024
Tags: Baker McKenzieBaker McKenzie Wong & LeowCARTACheck Point Software TechnologiesDeloitteGartnerSecurity and risk management
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe