It appears that many organisations will begin the New Year by reviewing their security infrastructure and taking a ‘back to basics’ approach to information security. This is according to the latest in a series of social media polls conducted by Infosecurity Europe 2019.
Asked what their ‘security mantra’ is for 2019, more than half (55%) of respondents say they plan to ‘go back to basics’, while 45% reveal they will invest in more technology. According to Gartner, worldwide spending on information security products and services is forecast to grow by 8.7% to $124 billion in 2019.
When it comes to complexity, two-thirds of respondents believe that securing devices and personal data will become more (rather than less) complicated over the next 12 months. With Forrester predicting that 85% of businesses will implement or plan to implement Internet of Things (IoT) solutions in 2019, this level of complexity is only set to increase with more connected devices and systems coming online.
Maximising existing technologies
However, many organisations will be looking to reduce complexity in their security architecture this year by maximising what they already have in place. According to Infosecurity Europe’s poll, 60% of respondents say that maximising existing technologies is more important than using fewer vendors (40%).
Victoria Windsor, Group content manager at Infosecurity, admitted: “CISOs are managing increasingly complex security architectures and looking to streamline operations and technology in the wake of a growing skills crisis, rising costs and myriad compliance requirements. With many of us starting the New Year with well-intentioned ‘New Year, new you’ resolutions, it seems that many security professionals are doing the same.”
Attracting 8,500 responses, the Infosecurity Europe Twitter poll was conducted during the week of 7 January, the first week back for many workers and a time when many take stock of both their personal and professional goals for the year.
Complexity “a major headache”
Infosecurity Europe also asked its community of CISOs about their focus for 2019 and discovered that complexity is a major headache regardless of industry or size of operations.
Stephen Bonner, cyber risk partner at Deloitte, highlighted new and impactful challenges and advises security leaders to see the ‘big picture’. “It’s often said that complexity is the enemy of security, and this remains as true today as it was 20 years ago. The difference today is that, in addition to technical complexity, companies now have to grapple with overlapping cyber security regulations, legacy technology and intricate supply chains that stretch around the globe. These challenges can no longer be managed with point solutions. Security and IT leaders must consider how their technology fits into – and interacts with – the wider business and beyond. In other words, they must integrate ‘systems thinking’ into ‘business as usual’. Cyber security is now a core operational risk for many organisations, and an ability to see the big picture has rarely been so valuable.”
Nigel Stanley, CTO at TUV Rheinland, pointed to the challenges in the complex world of operational technology (OT), which covers everything from manufacturing plants through to autonomous vehicles and power stations, and where control equipment is often old in terms of IT and often overlooked when it comes to corporate cyber security.
“The good news is that having a New Year stock take and further considering these security systems will help you understand the key areas of business risk and help to formulate a plan to address it. In my experience, the uncomplicated process of changing default passwords, screen-locking the engineering workstation and educating a workforce will be time well spent in 2019. My OT security world is becoming more and more complicated each day as fresh challenges arise. As we run fast it does seem as though the bad guys run even faster still.”
Speed of IoT development
For Paul Watts, CISO at Dominos Pizza UK & Ireland, the speed of IoT development will become increasingly challenging. “Accrediting the security posture of IoT devices is challenging for enterprises, and particularly so in the absence of any regulatory landscape. I welcome the voluntary Code of Practice issued by the Department for Digital, Culture, Media and Sport late last year. However, while the market remains deregulated and global manufacturers are not compelled to comply, it will not go far enough given the speed with which these products are appearing on the market coupled with the insatiable appetite of consumers to adopt them, usually without any due consideration for safety, security and interoperability.”
*Now in its 24th year, Infosecurity Europe takes place at Olympia, Hammersmith in London from 4-6 June. Further details are available online at https://www.infosecurityeurope.com