Predicting the future can be difficult, but even more so in the ever-evolving and chaotic world of cybersecurity. The threat landscape can seem boundless, with offensive and defensive technologies in a constant flux to rise to the occasion and combat attackers that improve in terms of scope and sophistication daily. To close out the year, we asked CyberGRX executives to tell us the biggest trends they anticipate plaguing the industry in the next 12 months, within third-party cyber risk management and beyond. Here’s what they had to say:
Fred Kneip, Chief Executive Officer:
A Wakeup Call for Increased Collaboration and a Dynamic Approach to TPCRM
Companies, especially those under increased regulatory scrutiny, will be forced to examine the processes in their security departments and begin updating procedures that do not prioritize efficacy and efficiency. The manner in which third-party cyber risk assessments are carried out should be one of these overhauled procedures. We have some customers that were assessed nearly 5,000 times in 2018 and many others who were previously struggling to effectively assess their evolving population of third parties. Employing a dynamic approach to third-party risk assessments would not only significantly reduce the human-hours required to complete them but enable organizations to share and exchange standardized data – ultimately increasing each organizations’ security posture through better visibility and increased collaboration.
Jonathan Simkins, Chief Financial Officer:
Greater Focus on Executive and Boardroom Reporting Tools
Whether they are trying to secure adequate budget, or recommending a shift in a business strategy, CISO’s, CRO’s and other senior IT staff need dashboards and other tools that will help them communicate the security risks they are trying to protect their organizations from in a common language. Moving forward, it will be important for organizations to prioritize boardroom and executive reporting tools that enable security teams, executives and board members to easily discuss critical risk areas and possible solutions, without needing a crash course in information security in order to participate.
Scott Schneider, Chief Revenue Officer:
An Overall Move Away from Siloed to Integrated Risk Management Approaches
Some organizations today use bespoke spreadsheet based security assessments, some use outside/in scanning tools and some rely on visiting third parties on-site to identify risks. While each provide their own value (and cost), using a singular approach is often more misleading than helpful. It’s like purchasing a house based on curb appeal without a home inspector’s critical eye. To truly identify business exposure and risk, organizations will integrate a variety of data sources to create a more holistic approach. This approach will rule out false positives that could waste precious resources and distract them from focusing on the third parties that pose the most cyber risk to their company. In the next year, more organizations will realize the need to take a comprehensive and integrated approach to third party cyber risk management as the market gives more recognition to the magnitude of this threat.
Marc Haverland, Vice President of Engineering:
Continuous Cyber Innovation Creates Opportunities for More Breaches
Breach activity will continue to increase as people become more dedicated to “cyber advancements”. The next breakthrough in Cloud or AI technology will provide organizations with many business advantages, but this evolution will also expand those organizations’ attack surface area for opportunistic hackers, therefore expanding risk: more “as-a-Service” technology solutions, and proprietary data in more distributed services. One of the greatest areas of neglect when it comes to innovation, is third-party cyber risk management. In order to stay ahead of malicious adversaries, organizations are going to need to adopt more innovative approaches that enable them to scale their programs to meet their business needs and evolving ecosystems.
Ellis Rosenzweig, General Counsel:
Rising Costs of Data Breaches
Data breaches caused by third parties are going to get more expensive. Regulations like GDPR, NYDFS, and the pending California Data Privacy law are adding fines to the already high cost associated with data breaches – loss of business and customers, loss of brand reputation, and consumer lawsuits are all consequences of lackluster and fragmented security practices; a united approach to third-party cyber risk management is essential to protecting against these risks.
Aaron Hesse, Head of Operations:
Competing Priorities and Workforce Shortage will Drive Need for Automation
With the prevalence of advanced persistent threats, phishing attacks and ongoing challenges with security in the cloud, security teams have their work cut out for them. And their challenges are only compounded by workforce shortages. As a result, organizations will need to rely on products that maximize the efficiency of the security workforce – including automation technology and/or outsourcing tasks that place undue burned on their security teams. Over the past year we’ve seen companies like Demisto and Phantom get acquired, showing that the market leaders anticipate this increased need and drive to outsource, or automate tasks that are repetitive or place an administrative burden on security teams.
These are just six of the many important trends to consider in the cybersecurity space as we head into 2019. There is no doubt that others will rise and gain popularity, but one thing is for certain: cyber threats will continue to persist in all different shapes and sizes, and organizations must be prepared to face these threats and challenges head-on.