Information Risk in the COVID Era

Home is the new office. That’s the most visible change COVID has wrought on us. What’s also visible to business owners and managers is a shift in how buys happen, where, when, at what price points. There’s uncertainty of cash inflows. There’s uncertainty about how new offerings would fare. There’s uncertainty about receivables and locked revenues. There’s uncertainty about supplies. There’s uncertainty about how brands will be impacted by such comprehensive changes in the environment. Uncertainty breeds risk. Covid has unleashed a new set of risks to enterprises. The more global and diverse an organization, the bigger the challenge. But, with the world turning to the internet and the digital, perhaps the hugest pressure is on online security fabrics of companies. The biggest enterprise risks are on their digital infrastructure and data bases.

Information Risk is the Biggest Enterprise Risk

While organizations are now owning up enterprise risk management as a business strategy, their Information Officers have the most challenging job on hand. They have to protect the information infrastructure to shield their business from threats and keep them going on and growing. A large part of Enterprise Risk Management for most global firms today is Information Risk Management, as that’s what will prepare them for the most debilitating of potential disasters – those that may knock down the confidence of stakeholders, shareholders and potential investors.

CISOs have to battle with shortage of technical security staff, migration to cloud computing, regulatory compliance requirements, and the inexorable evolution of threats. Amid these challenges, responding to COVID-19 has become the biggest challenge for organizations in 2020.

Peter Firstbrook, VP Analyst, Gartner says that the pandemic and the changes caused by it to the business world have accelerated the digitalization of business processes, expansion of cloud computing, and endpoint mobility.

COVID-19 has forced security teams to refocus on-

  • Value of cloud-delivered security
  • Value of operational tools without a LAN connection
  • Review of remote access tools and policies
  • Migration to cloud data centers
  • Migration to SaaS applications
  • New efforts to minimize person-to-person interactions

Tracking Top Trends in Information Risk Management

Gartner identifies nine top trends that highlight the strategic shifts in the security ecosystem that might impact the industry and have a significant potential for disruption.

Trend 1: Improvement in productivity through extended detection and response capabilities

Extended detection and response (XDR) solutions are automated solutions that collect and correlate data from multiple security products to detect threats while improving the incidence response capability. Firstbrook says that centralizing the data will improve detection because it combines softer signals from many components while detecting the events. It increases -

  • Detection of accuracy
  • Productivity
  • Efficiency of security operations

For example, an attack causing alerts on email, endpoint, and network will get combined as a single incident.

Trend 2: Elimination of repetitive tasks through security process automation

The shortage of skilled security practitioners has driven organizations to automate security processes. Security process automation technology automates the computer-centric security operation tasks as per the predefined rules and templates. Security and risk management leaders are investing in automation projects to focus more on critical security functions. An automated security process –

  • Eliminates repetitive tasks
  • Performs tasks faster in a scalable manner
  • Is prone to fewer errors
  • Saves time

Trend 3: Protection of digital business initiatives through AI security responsibilities

Artificial Intelligence today is automating and augmenting human decision making in security and digital businesses. Security expertise addresses these three key challenges while implementing AI technologies:

  • Protecting AI-powered digital business systems
  • Improving security defense while leveraging AI with packed security products
  • Anticipating nefarious use of AI by attackers

Trend 4: Emergence of chief security officers (CSO) to combine multiple security-oriented silos

Emerging threats such as ransomware attacks on business processes, siegeware attacks on management systems, GPS spoofing, and IoT system vulnerabilities are disturbing the cyber-physical world. So, leading organizations are introducing enterprise-level CSOs who can bring together the multiple security-oriented silos as business enablers or for defense purposes.

CSOs can combine health, safety, and environmental programs, IT security, OT security, physical security, product management security, and supply chain security into a centralized organization and governance model.

Trend 5: Introduction of privacy as a discipline

Privacy is more of a discipline of its own and no longer just a part of compliance. Privacy should get integrated throughout the organization as it co-directs the corporate strategy and aligns with security, procurement, HR, legal, governance, IT, IoT, and more.

Trend 6: Maintenance of integrity in all interactions

As consumers interact with brands through varied touchpoints [social media to retail], it is essential to make them feel secure about their data. The extent of secure feeling a consumer experiences, acts as the business differentiator. To manage the security of these touchpoints, companies are adopting cross-functional trust and safety teams to supervise interactions and ensure a safety standard across each space where consumers tend to interact with the business.

Trend 7: Transformation of Network security to SASE technology

With the evolution of remote office technology, cloud-delivered security services are becoming more popular. Secure access service edge (SASE) technology facilitates the organization to protect cloud applications and mobile workers by routing traffic through a cloud-based security stack.

Trend 8: Protection of cloud-native applications through a full life cycle approach

Cloud-native applications require different rules and techniques rather than lift-and-shift cloud migrations. Organizations are combining cloud workload protection (CCPP) with emerging cloud security posture management (CSPM) accounts to address all evolution in security needs.

Trend 9: Replacement of VPNs with zero-trust network access technology

The newly emerging zero-trust network access (ZTNA) enables organizations to manage their remote access for specified applications. ZTNA is more secure than traditional VPNs as it hides applications from the Internet. It can get access via the ZTNA provider’s cloud service alone and thereby reduces the risk of an attacker piggybacking on the VPN connection.