New Standard Requires New Safety Leadership Structure

At Omdia’s inaugural analyst summit, experts discuss the past year’s gaps in traditional security strategy and how organizations can address them.

BLACK HAT USA 2021 – Many organizations have undergone radical technological and operational changes in the past 18 months, creating new conversations about how these new technologies and processes need to be secured and who is responsible for protecting them.

This was the heart of the speech delivered by Maxine Holt, Senior Director of Cyber ​​Security at Omdia, at this year’s inaugural Omdia Analyst Summit at Black Hat USA. Holt pointed to data from Omdia’s latest ICT Enterprise Insights survey, which found that 31.7% of organizations said cloud service adoption is “significantly higher” than it was before the pandemic.

“Anything that needed to be done had to be done quickly,” Holt said. Every business has had to assess data and business needs as employees move to home offices. As they do, “what we are seeing now is that the bandage is being removed,” she continued. Now, security teams are faced with a “mishmash” of security controls originally designed for offices.

“They are not suited to their purpose in this world of ‘resetting to normal’, which means organizations are effectively failing in their security responsibilities,” added Holt.

Customer experience is one example: Forty-two percent of Omdia respondents said customer experience is more important now than before the pandemic, while 34% said it was significantly more important. A quarter of those surveyed said building digital capacity was significantly more important, while 45% said it was more important. Almost 40% said managing security, identity and privacy is more important now, while 33% said it is significantly more important – a statistic Holt found encouraging.

“We cannot have transformational work going on in an organization without considering security and privacy,” she said. With these priorities, the security team “absolutely needs more investment” as it shifts from survival mode to helping the business thrive.

As remote and hybrid working becomes the new normal for many organizations, there is an increasing pressure on security teams to refine security controls using people, processes, and technology. More than a fifth of companies said their security had kept pace with change in 2020, Holt said, citing data from the Dark Reading survey. But for many, security has fallen behind.

“The inference from there is that there are more gaps in the security posture of these organizations than there were in 2019,” she noted. Omdia data shows that 15% of companies have a “fully developed” proactive approach to digital security and risk, and 27% have a “well-developed” approach. The remaining 58% have a “substantially inadequate” approach, Holt said.

Security teams struggle to keep pace as they overcome the many obstacles that stand in their way, Holt continued, listing the challenges of consistently disclosing vulnerabilities, the obstacles to compliance, the difficulty of hire security professionals, poor visibility into expanding cloud environments, a new generation of security operations center (SOC) capabilities, cyber attacks against critical infrastructure and the understanding and management of a broad user community.

The complexity of cybersecurity demands a revised management structure, Holt said. She suggested assigning responsibility for organization-wide security with the role of cybersecurity manager. Below this person are leadership positions including an information security officer, information officer, risk manager, compliance officer, digital manager and others.

“All of them have a dotted line to the cybersecurity officer,” she added. “Without someone to take the lead in cybersecurity… it’s so much harder to put all of these necessary cybersecurity components together, it’s no longer out of whack.”

Having someone in charge can put the organization in the right direction.

Kelly Sheridan is Editor-in-Chief at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously covered InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered finance … See the full bio

Recommended reading:

More information

Source link


About Author

Comments are closed.