26th Mar 2019

Analyst firm Gartner has identified what it thinks will be the top emerging security and risk management trends for this year, that are set to have an impact on security, privacy and risk areas. These include effectively presenting these matters, password-less authentication and Cloud security. Gartner defines “top” trends as ongoing strategic shifts in the security ecosystem that are not yet widely recognised, but are expected to have broad industry impact and significant potential for disruption. “External factors and security-specific threats are converging to influence the overall risk landscape, so leaders in the space must properly prepare to improve resilience and support business objectives,” says Peter Firstbrook, research vice president at Gartner. Emerging trends are listed below:

Risk Appetite Statements Are Becoming Linked to Business Outcomes
“To avoid exclusively focusing on issues related to IT-decision making, create simple, practical and pragmatic risk appetite statements that are linked to business goals and relevant to board-level decisions,” said Mr. Firstbrook. “This leaves no room for business leaders to be confused as to why security leaders were even present at strategic meetings.”

Security Operations Centers Are Being Implemented With a Focus on Threat Detection and Response
According to Gartner, by 2022, 50 percent of all SOCs will transform into modern SOCs with integrated incident response, threat intelligence and threat-hunting capabilities, up from less than 10 percent in 2015.

Data Security Governance Frameworks Will Prioritize Data Security Investments
Mr. Firstbrook says “The key in addressing data security is to start from the business risk it addresses, rather than from acquiring technology first, as too many companies do.” Rather than acquiring data protection products and trying to adapt them to suit the business need, leading organizations are starting to address data security through a data security governance framework (DSGF).

Passwordless Authentication (eg touch ID on smartphones) Is Achieving Market Traction
“In an effort to combat hackers who target passwords to access cloud-based applications, passwordless methods that associate users to their devices offer increased security and usability, which is a rare win/win for security,” said Mr. Firstbrook.

Investments Being Made in Cloud Security Competencies as a Mainstream Computing Platform
“Public cloud is a secure and viable option for many organizations, but keeping it secure is a shared responsibility,” said Mr. Firstbrook. “Organisations must invest in security skills and governance tools that build the necessary knowledge base to keep up with the rapid pace of cloud development and innovation.”

So what can we do?
The number of unfilled cybersecurity roles is expected to grow from 1 million in 2018 to 1.5 million by the end of 2020, according to Gartner. While advancements in artificial intelligence and automation certainly reduce the need for humans to analyse standard security alerts, sensitive and complex alerts require the human eye. While some security product vendors are increasingly offering premium skills and training services aimed at improving administrators’ skill levels many people with an interest in the area would benefit from the various professional level certifications that can be gained from ISACA, including the CSX Cyber Fundamentals Certificate.

CCT College Dublin offers this professional certification course twice a year in partnership with ISACA, in September and also February. It’s not only suitable for individuals looking to get certified it’s also a brilliant course for other functional managers in areas like marketing and finance as well as directors and business owners to understand the threats of cyber and digital security. Delivered just one evening per week over eight weeks find out more about the CSX Cybersecurity Fundamentals certification at CCT College Dublin on the course page here.