With the New Year comes added awareness of the hazards social media can present to corporations, the risks of data exchange between business systems and other challenges inherent with technology. Here is a look at the top trends of last year and predictions for the year ahead.
2013 Key Trends
1. Growing Convergence between IT, Security and the Business
Evolving risk challenges require that internal and external stakeholders are on the same risk page. For many organizations, however, internal audit, security, compliance and the business have different views of risk and what it takes to build a risk-aware and resilient business. Effective risk management starts with good communications. This includes a common taxonomy for dealing with risk, and a collaborative discussion framework to facilitate the cross-functional sharing of ideas and best practices.
2. Focus on Managing Third Party IT and Security Risks
Organizations are increasingly global and hyper-extended, with a heavy reliance on third parties such as partners, vendors, and cloud-based service providers. Data flowing within and throughout this modern business ecosystem supports critical business processes, and also contains sensitive and regulated information. Therefore, strong oversight and management of the various IT and security risks is critical to protect the business and its reputation.
3. Movement Towards Risk-Based Security Operations Management
In 2013, IT & Security Operations adopted a more formal, structured approach that is more closely aligned with the business and its priorities. Using a risk-based approach to prioritize security initiatives drives efficacy and efficiency—which can help secure greater buy-in and support from senior management. Risk-based security management allows security teams to promote an understanding of risk by communicating in the terms and context needed to support decision-making.
4. Bring Your Own Device (BYOD) and Mobile Device Risk Management
Mobile, e-commerce, online, wireless—this is how business is done today. Furthermore, employees are increasingly mobile and rely heavily on their devices, such as smartphones and tablets, for a variety of business activities. The threats that come with this trend are many, including data leaks, theft, and misuse. Corporate IT departments have to create stronger policies and tighter controls to manage corporate data, applications, and user behavior.
1. Leveraging social media to drive situational awareness
Security and business continuity management teams have begun to realize the power of both social media and technology solutions that can mine and analyze data from sources such as Google Crisis Maps, Twitter, Facebook, and more, to provide real time crisis updates. Further extending this intelligence can help governments and businesses gain a complete understanding of a crisis and all of its associated financial, operational, and reputational risks.
2. Focus on Continuous Monitoring in Risk Management
Effective risk management requires the real-time monitoring of threats, vulnerabilities, and potential exposures. In 2014, IT, Security, Risk and Compliance teams will need to work more closely together to create mature monitoring processes, supported by technology, and guided by regulations and standards such as PCI DSS 3.0, ISO 27001, and NERC CIP 5.
3. Security and Risk Analytics Based on IT and Security “Big Data”
Incorporating security analytics and metrics alongside more traditional performance metrics such as liquidity and revenue will be critical for management to gain a much-needed holistic view of the operational risk portfolio. Leveraging IT and Security “big data” can provide the risk intelligence needed to create a truly data-driven business, guide continuous improvement processes, and lay the foundation for organizational transformation.