It appears that many organisations have begun the New Year by reviewing their security infrastructure and taking a ‘back to basics’ approach to information security.
This is according to the latest in a series of social media polls conducted by the European information security event, Infosecurity Europe 2019.
Asked what their ‘security mantra’ is for 2019, more than half (55%) of respondents say they plan to ‘go back to basics’ while 45% reveal they will invest in more technology. According to Gartner, worldwide spending on information security products and services is forecast to grow 8.7% to $124 billion (€109 billion) in 2019.
When it comes to complexity, two-thirds believe that securing devices and personal data will become more (rather than less) complicated over the next 12 months. With Forrester predicting that 85% of businesses will implement or plan to implement IoT solutions in 2019, this level of complexity is only set to increase with more connected devices and systems coming online.
However, many organisations will be looking to reduce complexity in their security architecture this year by maximising what they already have in place. According to Infosecurity Europe’s poll, 60% of respondents say that maximising existing technologies is more important than using fewer vendors (40 %).
Victoria Windsor, group content manager at Infosecurity Group, admits: “CISOs are managing increasingly complex security architectures and looking to streamline operations and technology in the wake of a growing skills crisis, rising costs and a myriad of compliance requirements. With many of us starting the New Year with well-intended ‘new year, new you’ resolutions, it seems that many security professionals are doing the same.”
Attracting 8,500 responses, the Infosecurity Europe Twitter poll was conducted during the week of 7 January, the first week back for many workers, and a time when many take stock of both their personal and professional goals for the year.
Infosecurity Europe also asked its community of CISOs about their focus for 2019 and discovered that complexity is major headache regardless of industry or size of operations.
Stephen Bonner, cyber risk partner, Deloitte highlights new and impactful challenges and advises security leaders to see the ‘big picture’. “It’s often said that complexity is the enemy of security, and this remains as true today as it was twenty years ago. The difference today is that, in addition to technical complexity, companies now have to grapple with overlapping cyber security regulations, legacy technology, and intricate supply chains that stretch around the globe.
“These challenges can no longer be managed with point solutions. Security and IT leaders must consider how their technology fits into – and interacts with – the wider business and beyond. In other words, they must integrate ‘systems thinking’ into business as usual. Cyber security is now a core operational risk for many organisations, and an ability to see the big picture has rarely been so valuable.”
Nigel Stanley, chief technology officer – Global OT and Industrial Cyber Security CoE at TÜV Rheinland Group, points to the challenges in the complex world of operational technology (OT), which covers everything from manufacturing plants through autonomous vehicles and power stations, and where control equipment is often old in terms of IT and often overlooked when it comes to corporate cybersecurity.
“The good news is that having a New Year stock take and further considering these security systems will help you understand the key areas of business risk and help to formulate a plan to address it. In my experience the uncomplicated process of changing default passwords, screen locking the engineering workstation and educating a workforce will be time well spent in 2019. My OT security world is getting more complicated each day as fresh challenges arise. As we run fast it seems the bad guys run even faster. I plan to get some new running shoes for 2019!”
For Paul Watts, CISO at Dominos Pizza UK & Ireland, the speed of IoT development will become increasingly challenging: “Accrediting the security posture of IoT devices is challenging for enterprises, particularly in the absence of any regulatory landscape. I welcome the voluntary code of practice issued by the Department of Culture, Media and Sport late last year. However whilst the market remains deregulated and global manufacturers not compelled to comply, it will not go far enough given the speed these products are coming onto the market coupled with the insatiable appetite of consumers to adopt them at break neck speed – usually without any due consideration for the safety, security and interoperability in so doing.”
Comment on this article below or via Twitter: @VanillaPlus OR @jcvplus
