cyber trends
and more username and password pairs
are out there. balance to enable employees in a way
that works for them.”
“Or we might reach a tipping point where
organisations decide they need to block
some login attempts that have the right
username and the right password but
are not coming from the right person.
In the US, enforcement cases are being
brought against ‘corporate victims’ of
credential stuffing. It’ll either get worse,
or organisations will have to adapt.” Some CISOs believe that solutions
will come from the industry working
more closely together. “I believe we
will start to see greater collaboration
between security companies, hopefully
resulting in greater end-to-end security
capability,” said Nicholls.
When it comes to the security
approaches that will mitigate the risks
which dominate in 2020, David Boda,
Head of Information Security, Camelot
Group believes ‘back to basics’ is best.
“A focus on robust and timely access
control and patching will still give the
biggest reduction in risk for the majority
of organisations across all sectors.
These are the two areas that vendors,
consultants and end-user organisations
should all be talking about.”
Killian Faughnan, Group CISO of William
Hill, agrees that access control will be
important – particularly in the next-
generation workplace. “Access control
is difficult to solve without being either
too restrictive or too lenient. Given that
in 2020, 35% of our workforce will be
millennials, we need to find the right
Gooch thinks convergence will be a key
trend: “2020 could see a number of
high-profile mergers and acquisitions as
well an expansion and formalisation of
vendors into a more converged world.
This is likely to be similar to the ERP
revolution that transformed the way
many finance and operations teams
function and could mean a more efficient
operational model for those in cyber.”
We must continue to
educate to ensure
humans are our
strongest line of
defence.
Two topics that were ‘hot’ in
2018/2019 are not front of
mind with our CISOs this
year. One of these is the
skills shortage. Killian
Faughnan commented:
“I think we may have hit
a critical point and that
more companies will begin to
recruit from pools of potential
security professionals rather than
existing ones. It’s easier to teach
a developer how to be an application
security professional than the other
way around.”
There was also less focus on GDPR,
probably due to the fact that the
regulation and its impact are no longer
the unknown they once were.
Paul Watts, CISO, Dominos Pizza UK
and Ireland, has observed signs of
‘breach apathy’ and wonders whether
2020 will see a continuation of this
trend. “While this could be attributed in
part to political distractions, I do think
industry seems to be reporting more,
but are the public caring less? I’m still
reflecting on whether this is a blessing
or a curse for CISOs. . . .”
Nicole Mills, Senior Exhibition Director
at Infosecurity Group, said: “2020
will see the continuation of some
long-standing trends, challenges and
security risks. For example, a number
of technologies that have been talked
about for some time will become more
widely adopted and we need to be
ready to implement, use and protect
these in an appropriate way.
“There was less emphasis on the skills
shortage and GDPR in our CISOs’
predictions this year, but we do need to
remember that these challenges haven’t
gone away.
“The ‘talent gap’ is still growing and we
need to continue working together as
an industry to find solutions. And while
GDPR is not the burning issue it was last
year, organisations can’t rest on their
laurels; if they’re compliant, they need to
work to stay compliant. It’s not just the
fines, keep top of mind that brand and
reputation can take years to redress.” u
www.intelligentciso.com
|
Issue 22
21