A Year in Review of the IT Security Industry and 2015 Predictions
February 10, 2015 No CommentsFeatured article by Yo Delmar, Vice President, GRC, MetricStream
Now that we are well on our way into 2015, we can look back on the year past to reflect on some of the challenges faced, and also on some of the lessons learned. Hindsight is always 20/20.
We live in a very different world today than we did just five years ago. Organizations today are global, mobile, social and interconnected in profound new ways. Organizations must keep pace with new risks and regulatory requirements, evolving demands from key stakeholders, and the changing context of how business is done.
Looking back on 2014, a few lessons stand out.
Year 2014: What Did We Learn?
In year 2014, we witnessed incredible innovation and technological change. One area of profound change was that of e-payments and mobile wallets. Apple Pay is especially unique; controlling both the software and the device, as well as integrating with other Apple devices, like Apple Watch. Innovations like Google Wallet and Apple Pay, which offer intuitive and seamless payment options to consumers, are disrupting more traditional credit card payment processes. As consumers and businesses increase their reliance and adoption of new payments technologies, we can expect cyber attackers to focus more resources in successfully infiltrating these systems.
In year 2014, media headlines captured our attention and instilled a sense of fear amongst business leaders around the world; from the Heartbleed bug, to cybersecurity attacks on some of our largest and most reputed businesses, to data breaches involving customers’ private and sensitive information. As cyber-criminals and nation-states employ more sophisticated cybercrime strategies with increasingly higher success rates, it is imperative that organizations bolster their mitigation and response strategies. In 2014, IT and risk leaders focused on cybersecurity, and as we move further into 2015, no doubt cybersecurity will remain at the top of every strategic planning meeting and corporate agenda.
The changing context of how business is being done gives way to a changing risk and compliance landscape. Building a truly well-governed, risk aware, and compliant organization that can keep pace with such change requires embarking and carrying forward on a GRC journey. In 2014, we saw organizations push the boundaries and expand their GRC programs into new areas such as audit and IT processes, supplier governance, ethics and compliance, privacy, quality management, environmental health and safety, and more. When it comes to designing a blueprint for long-term success, business leaders agree that GRC must be managed as a program with the correct teams, processes and technologies. Orchestrating pervasive GRC across the organization, extended ecosystem of suppliers, and third parties is challenging, but organizations are reaping the benefits of breaking down the silos in favor of a more holistic, integrated and collaborative approach.
By reviewing and understanding the past, we are more easily able to predict and prepare for what the future might hold. Here are a few predictions that will capture our attention in the year ahead.
2015 Predictions: What Does the Future Hold?
In response to the increasing prevalence of disruption and theft, we will see a rise in the use of corporate insurance to protect sensitive organizational assets.This year, organizations will need to prepare themselves for the potential of large-scale cyber threats and successful attacks. As an important preventive measure, we will see more and more organizations turn to corporate insurance as a safeguard. Likewise, we will see insurance companies put more focus on developing sophisticated corporate insurance products that can keep pace with, and stay one step ahead of, evolving technology and cyber-related risks.
Organizations large and small across all industries and geographies need to really think out of the box when it comes to security in 2015. As we saw in 2014, changing consumer preferences are giving way to new customer experiences and environments, spanning the real and virtual world. The retail industry in particular, is transforming right before our very eyes, and e-commerce giants Amazon and Alibaba continue to innovate and disrupt the space. Unlike other industries, retailers tend to have more physical and virtual environments, and more open endpoints spanning physical brick and mortar stores, points of sale, mobile apps, online websites, and APIs to/from others. Retailers are also unique, in that they store huge volumes of sensitive customer information, such as customer credit card details and personally identifiable information including demographics and home addresses. 2015 is the year of the customer, and retailers are keen to foster more loyal, longer-term customer relationships. They will achieve this by better listening to and knowing their customers. Customer loyalty programs, advanced analytics like shopping behavior analysis, and customer demographic information will be used by more groups within retail organizations to create a single customer view. This increase in collecting and sharing customer information across the organization also increases the likelihood for exposure.
If there was one key piece of advice I would offer for 2015, it would be this: Security is everyone’s job. We can no longer expect a single department – such as the IT group – to own security for their organization. Security must become the job of every individual, each actively contributing their small part to make sure that security processes are truly embedded across the business and its operations. In the spirit of collaboration, we will also see stronger private and public partnerships forged, collaboration across different organizations and industries, and financial investments made in order to develop security models that understand and proactively address emerging threats, motives and targets, today and into the future.
Yo Delmar joined MetricStream as Vice President of GRC Solutions focused on the company’s sales strategy and IT GRC market leadership. Yo comes to MetricStream with over 30 years of experience in Information Technology and Management, with a focus on Governance, Risk and Compliance over the past 10 years. Most recently, as Director, GRC, EMC Consulting, Yo was responsible for launching GRC Advisory Services for the Security and Risk Management Practice of EMC’s 2000 person consulting division. She was part of EMC’s Strategic Initiative on GRC, responsible for developing the company’s strategic positioning and go to market strategy for GRC, as well as leading the effort to select a GRC Technology Platform company to drive EMC’s presence in the market. She was closely involved with the Archer team post-acquisition, in developing offers, helping win GRC deals and delivering GRC Program Strategies in key accounts. Prior to EMC, through her own company, Delmar Consulting, Yo held interim executive positions at GRC and Security Risk Management companies and provided advisory services to F1000 on the implementation of GRC programs. Yo was Chief Marketing Officer at Brabeion, a GRC company eventually acquired by Archer. She was VP of Marketing and Business Development at Skybox Security, responsible to establish market presence and a robust partner network. During this time, she co-authored Risk Management landscape reports as a Consulting Analyst at Enterprise Management. Prior to Delmar Consulting, Yo was President of SPL WorldGroup Americas, a mid-sized systems integration firm and the Senior Vice-President of Technology at SHL Systemhouse, managing 300 people through global operations of over 40 offices. Yo holds a B.Sc. (Honors) in Mathematics and Computer Science and an M.B.A. from Dalhousie University in Canada. She is also a Certified Management Consultant (CMC), Certified in Governance of Enterprise IT (CGEIT), and a Certified Information Security Manager (CISM).