Will concerns over complexity see a return to basics for CISOs in 2019?

Will concerns over complexity see a return to basics for CISOs in 2019?

By Infosecurity Group

Most of us have bought into the concept of ‘New Year New You’ – the race to get fitter, eat more healthily and approach life with a better work/life balance. No doubt 2019 will be like so many other years with many of us making the same New Year resolutions.

But when it comes to information security, it appears that many organisations plan to kick off the New Year by reviewing their security infrastructure and taking a more ‘back to basics’ approach. This is according to our latest Twitter poll earlier this month, which generated over 8,000 responses.

This resolution to ‘go back to basics’ in 2019 is the ‘security mantra’ for more than half (55 per cent) of our respondents, while the remaining 45 per cent plan to invest in more technology. Worldwide spending on information security products and services is set to grow by 8.7 per cent to $124 billion in 2019 according to Gartner [1].

The issue of complexity in the security architecture is clearly top of mind for many businesses. Many will look to reduce levels of complexity this year by maximising the technologies they already have in place. According to our poll, 60 per cent admit that maximising existing technologies is more important than using fewer vendors (40 per cent).

Stephen Bonner, cyber risk partner, Deloitte highlights new and impactful challenges and advises security leaders to see the ‘big picture’. It’s often said that complexity is the enemy of security, he notes, and this remains as true today as it was twenty years ago. He believes the difference today is that, in addition to technical complexity, companies now have to grapple with overlapping cyber security regulations, legacy technology, and intricate supply chains that stretch around the globe. These challenges can no longer be managed with point solutions. Security and IT leaders must consider how their technology fits into – and interacts with – the wider business and beyond. In other words, they must integrate ‘systems thinking’ into business as usual. Cyber security is now a core operational risk for many organisations, and an ability to see the big picture has rarely been so valuable.

All too often the word ‘complexity’ is associated with cybersecurity today, with various industry figures suggesting that large organsations on average use between 80 and 100 different technologies. Add to this the challenges of finding the right skills to manage a complex security environment, rising costs and host of compliance requirements, then it’s no wonder that CISOs are looking for not quite a simpler life, but one that makes more of less!

Nigel Stanley, Chief Technology Officer – Global OT and Industrial Cyber Security CoE at TÜV Rheinland Group, part of our CISO community, points to the huge challenges he faces in the complex world of operational technology (OT) where control equipment is often old in terms of IT and often overlooked when it comes to corporate cybersecurity. His OT security world is getting more complicated each day as fresh challenges arise. For him, the New Year stock-take and review of security systems will enable him to understand the key areas of business risk and help formulate a plan to address it.

Our Twitter poll also reveals that two-thirds of respondents believe securing devices and personal data will become more (rather than less) complicated over the next 12 months. With 85 per cent of businesses implementing or planning to implement IoT solutions in 2019[2] (Forrester) the speed of IoT development, according to Paul Watts, CISO at Dominos Pizza UK & Ireland, will make it increasingly challenging as more and more connected devices come online.

Whether systems become harder to secure as they become more complex or whether organisations see 2019 as the year to streamline technologies and processes to simplify their security architecture, the topic will be hotly debated during Infosecurity Europe 2019.

[1] https://www.gartner.com/en/newsroom/press-releases/2018-08-15-gartner-forecasts-worldwide-information-security-spending-to-exceed-124-billion-in-2019

[2] http://images.email.forrester.com/Web/Forrester/%7B62b0c555-cddd-4bf0-bb3b-09161369b65f%7D_Forrester-Predictions-2019.pdf


Leave a Comment

Your e-mail address will not be published. Required fields are marked *