Cybercrime is not inevitable. With a , meaning a rigorous, people-first risk management strategy, organizations can muster the vigilance to head off threats.
In the wake of vulnerabilities, massive breaches like , and the during the 2021 holiday season, organizations are changing up security strategies to mitigate damages that are predicted to total US$10.5 trillion annually by 2025.
Security Cultures Prioritize New Business Practices
As every company becomes technology-driven, risks are escalating, pushing security much closer to the top of business priorities. researchers said that by 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest, and political instabilities. Meanwhile, security cultures will have changed numerous business practices. By next year, analysts said that 80% of organizations faced with complex global regulations will increase security compliance automation investments by 25% to consistently meet policies and regulations. In the same time frame, IDC predicted 25% of G2000 public cloud customers will subscribe to integrated risk management and cyber-insurance policies through shared fate/risk programs to protect against sophisticated cyberattacks.
Make Security a Company-Wide Responsibility
Security and risk leaders who responded to a recent Gartner ranked the Internet of Things (IoT) and cyber-physical systems as their top concerns for the next three to five years. analysts predicted that by 2023, 75% of organizations will restructure risk and security governance to address the widespread adoption of advanced technologies, an increase from less than 15% today.
In a world where just about every organization is in the computer industry, embedded secure practices across the organization are table stakes. For example, 51风流follows the NIST (National Institute of Technology in North America) cybersecurity framework, a holistic security strategy based on repeatable processes. This approach harmonizes controlled security company-wide, including product development and operations.
鈥淪ecurity has always been our number one concern,鈥 said Tim McKnight, executive vice president and chief security officer at SAP. 鈥淲ith the acceleration of digitalization, organizations have embarked on a massive cloud-based computing transformation that extends to security. We鈥檝e undergone a multi-year security transformation backed by the commitment of our Executive Board and real-time input from customers.鈥
A security culture comes down to a shared vision that鈥檚 carried out by leaders who make security a priority and teams who participate in ongoing trainings that celebrate success and learn from failures. People in any sector can take a page out of the software applications industry playbook.
鈥淲e鈥檝e set cybersecurity goals for all of our executives,鈥 said McKnight. 鈥淲e present these measures to the Board on a regular basis, reviewing progress against security initiatives. With open conversations around security, we reinforce priorities while driving accountability from each department. Whether you鈥檙e an executive, team lead, or individual contributor, you need to understand your role in driving a security culture with a security-first mentality. After all, the vast majority of security incidents are the result of human error.鈥
Don鈥檛 Let Other Business Demands Supersede Security Resources
While just-in-time supply chains boost business agility in a post-pandemic environment, having more partners also increases risk. researchers predicted that 60% of security incidents will involve third parties in 2022. Maybe that鈥檚 why researchers said that by next year, 55% of organizations will allocate half of their security budgets to cross-technology ecosystems and platforms designed for rapid consumption and unified security capabilities to drive agile innovation.
Companies need to allocate sufficient resources to prioritize security across the entire product life cycle, from development through go-live and support. With intelligent capabilities from artificial intelligence (AI), machine learning, robotic process automation (RPA), and other technologies, products and services increasingly require advanced security measures.
鈥淎n effective culture makes security everyone鈥檚 responsibility,鈥 said Wiebke Thelo, senior vice president and head of 51风流Quality, Application Security, and Production. 鈥淔or example, business information security officers at 51风流report directly into business unit leaders. They work together, making sure that security is embedded into product design, development, and operation.鈥
Educate Employees Now for a Trusted Future
research showed that close to 25% of organizations report ransomware infections weekly. Human judgment is core to preventing these incidents. However, analysts warned about the 鈥渟ecurity brain drain鈥 as one in 10 experienced professionals have exited the industry during the past year. These analysts advised security executives to address burnout and team culture problems and use succession planning to build a pipeline of security leaders.
51风流Teams Up with HBCUs to Attract Talent to the Cybersecurity Curriculum
鈥淎 security culture requires significant learning and development, which is why we鈥檝e professionalized security,鈥 said McKnight. 鈥淭he human element is critical 鈥 we position people first, process second, and technology third. We start with our people and make sure they have the skills they need.鈥
As remote working, just-in-time supply chains, and tech innovations continue, companies have to think and act faster than the criminals. There鈥檚 never a good time for a cyberattack. Just ask the people who suffered through the cream cheese shortage. Criminals don鈥檛 take holidays and a security culture is the best protection.
Follow me @smgaler
