POWERED BY
Tackling tomorrow’s
digital business
security risks
With most organisations struggling to attract and retain cybersecurity talent,
Earl Perkins, Vice President, Analyst at Gartner, explains how they must
change their talent development and recruiting practices and then outsource
security functions to MSSPs or delegate responsibilities to internal staff.
A
s cybersecurity risks increase in
digital business, organisations
continue to struggle in attracting,
retaining and, most critically, developing
security talent.
Organisations continue to struggle with
attracting, retaining and developing
security talent.
Organisations must change their talent
development and recruiting practices to
be able to address missing skills. Start
by building and developing a list of new
competencies and skills required to support
digital business initiatives.
Security and risk management leaders
responsible for information security must
evolve their practices and organisational
cultures to keep pace with the digital
business era.
“Risk management, governance, business
continuity and people – the most important
asset – are critical elements of a successful
risk and security programme,” says Earl
Perkins, Vice President, Analyst at Gartner.
“When allocating resources and selecting
products and services this year, security
and risk management leaders should
consider three important strategic
planning assumptions.”
By 2022, 40% of Business Continuity
Management (BCM) programmes will be
integrated into the digital business risk
management structure rather than exist as
separate practices.
The momentum of Digital Transformation
projects within digital business will outpace
the ability of organisations to accommodate
changes related to security. Concurrently, the
growing need to provide 24/7 technology
services to support digital business and
customer-facing services is changing the
way that organisations interact internally
and externally. These changes, as well as
www.intelligentcio.com
Earl Perkins, Vice President, Analyst
at Gartner
the constant threat of cyberattacks, will lead
organisations to formalise the relationship
between BCM and digital information
security functions.
“Stakeholders should be urged to accept
BCM as part of the organisational structure,”
said Perkins. “Managers within the digital
business who oversee the delivery of critical
activities will need to gain the necessary
skills to engage with resilience planning as a
business-as-usual function.”
Through 2022, 30% of large enterprises
will build a security skills management
programme including experimental
recruiting and talent development practices.
Cybersecurity risks are increasing despite
the efforts of trained security professionals.
Then adapt short-term skills management
practices by outsourcing security functions to
managed security service providers (MSSPs)
and/or delegating responsibilities to other
internal staff.
By 2022, 75% of organisations that
outsource email and collaboration tools
won’t meet their critical recovery objectives
during a supplier outage.
Email and collaboration applications are
considered mission-critical resources for most
organisations. Conducting business without
them can impede production, result in lost
transactions and hamper crisis management
activities. When an organisation outsources
these applications, many suppliers do not
provide recovery with short timeframes.
“It’s imperative for the organisation to
maintain internal control and governance
over all applications used in the delivery
of products and services,” said Perkins. “It
is also crucial to understand your vendor’s
recovery commitments and communication
protocols for outages to ensure they meet
recovery requirements.” n
INTELLIGENTCIO
63