The security threats and breaches of 2017, from WannaCry to Petya, Equifax to DaFont, have set new records for personal data invasion and impacted hundreds of millions of people globally.
These occurred despite a tremendous wave of innovation in the past ten years that has helped us detect and protect against security threats. During this time, the purpose of security – to protect, detect, and respond – has remained constant for everything from IT networks and data storage, to payment systems and IoT devices.
Yet the most neglected area of security is the part security specialists have most control over – our response. Attacks will continue in 2018 and beyond, how security operations fine-tune their responses to meet the ever-increasing volume and sophistication of these challenges will be the key determinant of impact. Here are some of our top predictions for the year ahead:
1. Security ’Haves’ and ‘Have-nots’ emerge
Security teams often struggle to quickly determine whether incidents are worth a response. Many organisations use dozens of security tools that create and funnel massive volumes of signal onto the desk of the security professional. Analysts use spreadsheets and email to manage reactions to this signal, and the sheer volume of alerts results in analysts spending too much time simply researching incidents.
In 2018, we will see security ‘Haves’ and ‘Have-nots’ emerge; those that begin to automate this research portion of security response, and those that don’t. In a world of increasingly complex networks and potential threats, companies with the tools and culture to embrace automation will perform better than those that don’t.
The ‘Haves’ will be expected to report on security operations as a key part of their day-to-day business, with scalable processes to measure progress. Automation will help them better determine which systems to patch and when. They will respond to phishing attacks in minutes rather than days. This will mean they will be freed from mundane and time-consuming manual research, having more time to focus on strategic projects.
2. Security gains a seat in the boardroom
Security programs are about tradeoffs and minimising risk. To achieve greater success, security teams need to better articulate those tradeoffs by putting the risk and material consequences into business terms, fundamentally bringing security into business strategy. CISOs need to help executives and board members understand the ROI, cost-benefits, and security program tradeoffs by defining the business risk versus business value.
In the coming year, CISOs will do more to present their security programs in business terms. Talking about securing data is one thing, but demonstrating the value that security offers the business is something else. With regulators around the world increasing financial tariffs on companies that fail to protect consumers’ data, this will become easier to do.
The boardroom needs to take a step toward security, and security operations needs to take two steps toward the boardroom. Bridging the knowledge gap between security leadership and the board provides the framework to ensure effective security by helping all parties assess the risks and decide how to mitigate them.
3. A breach enters our physical lives
The breaches that plague organisations today are primarily information security violations. While painful, having credit card information or a social security number stolen does not result in physical harm. In 2018, we will see a breach impact our physical, personal lives. It might be a medical device, wearable, or industrial IoT network that gets compromised. Or something closer to home – literally. Devices from the garage door to the refrigerator are becoming smarter and more connected. The impact of such an attack will force government, business and individuals to take a closer look at the security of our infrastructure.
4. Companies count the cost of data breaches
With the passing of the Privacy Amendment (Notifiable Data Breaches) Act 2017, a Notifiable Data Breaches (NDB) scheme will exist in Australia from February 2018. This echoes other regulatory measures around the world such as the General Data Protection Regulation (GDPR) in Europe, and will mean that companies that experience a compromise to customer data won’t just face a reputational cost, but a financial one too.
This change will mean greater protection for individuals, but will create additional costs and implications for organisations inside and outside Australia. Failure to comply with notification requirements could result in fines of up to $1.8m. One side-effect of this will be that the public will become more aware of the number and scale of security breaches, piling further pressure on companies that aren’t doing it right.
ServiceNow makes work better across the enterprise. Getting simple stuff done at work can be easy, and getting complex multi‑step tasks completed can be painless. Our applications automate, predict, digitize and optimize business processes and tasks, across IT, customer service, security operations and human resources, creating a better experience for your employees and customers while transforming your enterprise. ServiceNow (NYSE:NOW) is how work gets done. For more information, visit: www.servicenow.com.