The challenges facing IT and information security workers at global organisations are growing in scale and complexity.
Some key – and interrelated – issues workers and managers in these areas need to address are:
- Continued deficiencies in managing cyber-risk. Less than half of respondents to the PWC 2018 Global State of Information Security Report had adopted many key processes for uncovering cyber-risk within their organisations. These processes included active monitoring and analysis of information security intelligence; vulnerability assessments and penetration tests.
- A growing shortage of cyber-security skills. According to a report released late last year by (ISC)², a non-profit association for information security professionals, the global shortage of cyber-security professionals had climbed to about 2.93 million. About 2.14 million of these positions were located in the Asia-Pacific. In releasing the study, (ISC)² said: “the massive worldwide shortage not only places organisations affected by the shortage at higher risk of a cyber attack but affects the job satisfaction of current cyber-security staff.”
- The time and effort required to deploy and run ‘point’ solutions to address the rapidly-evolving security threat landscape. Organisations can implement and manage IT and cyber-security themselves, or engage a service provider to provide a security architecture comprising best-of-breed solutions. However, before signing up with a service provider for a solution incorporating products from multiple vendors, IT and information security leaders need to satisfy themselves that service provider can provide a consistent, up-to-date experience.
- An increasingly fluid, volatile global political and economic environment. IT and information security teams need to remain aware of the potential for state-sponsored – as well as criminal – attacks on organisations’ systems, infrastructure and data. These risks may be higher for organisations involved in critical infrastructure in finance, transport, utilities and similarly important sectors. They may increase further for organisations that operate in several countries or regions. IT and information security teams may also need to understand the potential impacts of state actions against businesses such as telecommunications providers on their organisations.
- Security issues arising from the Internet of Things (IoT). For example, the PwC 2018 Global State of Information Security report reveals organisations are increasingly concerned about the vulnerability of operational technology networks to attacks that target IoT deployments.
Managing these risks and issues is key to the ongoing success of global organisations. IT and information security teams – as well as risk and compliance leaders and business executives – need to participate in a combined security response. Otherwise, an organisation may find its systems, data and capabilities compromised and face severe reputational and regulatory penalties.