Insights

Are you making security tasks and requirements fast and simple enough?

Modern workplaces are full of distractions. Bombarded with emails and colleagues asking questions, employees are juggling multiple deadlines and dividing their attention between different devices and tasks.

This creates problems for implementing and managing security processes, policies and prevention measures. Mistakes and shortcuts are more likely to be made, and some tasks may even be completely forgotten.

Simplifying and streamlining security management and implementation means the right choice is the easy choice. How are you addressing this in your organization?

Simplification and attention.png

Compliance is increasingly resource-intensive, how is your security team increasing compliance efficiency?

There are a growing number of regulations, guidelines, frameworks and expectations that organizations must comply with. The costs of non-compliance, both financial and reputational, are also getting higher.

Given the significant time security teams are already spending on managing compliance, increasing compliance efficiency is becoming ever more urgent. Many teams are turning to technological solutions to help them get clearer oversight of their programs and processes, particularly as they seek to leverage compliance as a continuous improvement tool, rather than merely as a requirement.

How is your team increasing its compliance efficiency?

Compliance complexity.jpg

Want more like this delivered to your inbox? Sign up for our Newsletter

How does your team enable cross-functional security conversations?

What strategies are you using to get your organization talking more about security?

Businesses are paying closer attention to security issues, and there is increased media coverage of security-related events and losses. However, some security teams still operate in isolation and struggle to work effectively with other functions to manage, mitigate and respond to risks.

There are several tactics that teams can employ to work and communicate better cross-functionally.

Cross Functional Security Conversations.jpg

Data is a Security game-changer

Harnessing data is often seen as the cure for a lot of industry ails, however most companies are not at the stage of being able to implement data analytics processes and platforms. In fact, in my experience I often get the impression that even being able to collect data is a big challenge to many larger organizations. Their information comes from a variety of systems that each have their own characteristics and data structure. Getting to the point of collecting useful and integrated data requires significant investment, but will certainly help Security departments deliver on their remits.

Once the data is collected, being able to analyse it requires knowing what to look for. This involves identifying key performance indicators and pinpointing where the Security department can contribute and add value to the organization. The issue of changing perceptions of the Security department as just a cost driver has been discussed at length, and strategic data usage can definitely support this (see Kim Rahfaldt’s latest piece in Security Magazine). 

Ultimately, having useful data and the ability to analyze it quickly will likely be the game-changer that enables Security to come into its own as a value-adding department. In particular, I believe that the use of predictive analytics to spot trends in the risk landscape and suggest relevant measures will be a critical value driver that really shifts the perception of what Security departments can offer.

We are on this journey with our platform. Our initial analysis underlines that the data is out there, with basic statistical analysis providing a solid basis for identifying changes in risks and suggesting relevant ways to address them.

Data is a Security Game-Changer

How are you moving to a more holistic security risk management approach in your organization?

In increasingly complex operating environments security managers are recognizing the need to move beyond handling just “guns, guards and gates”, and start to work more holistically with their organizations.

This involves delivering security knowledge and expertise right from the outset of strategic decisions and projects, and working with teams to avoid risks that lower the chance of delivery.

It also means communicating in the language of business performance to ensure stakeholders are aligned on the value of security, not just the costs, and information sharing that helps the organization work more productively.

Holistic security risk management

Does security risk management in your organization suffer from a silo problem?

The Enterprise Security Risk Management approach is built on the foundation of taking a holistic view of organizations and the varied risks they face. This requires cross-functional communication and collaboration to adequately assess, mitigate and manage security risks. 

 

Unfortunately, many people still see their organization as lacking sufficient knowledge sharing and collaboration between different departments. This has significant consequences to business operations, with silos leading to communication and productivity problems and failures. 

 

The problem is particularly pronounced for security risks, with the increasing complexity of threats organizations are facing, and the impact of those threats growing exponentially due to our interconnected world.

 

How is your organization reducing functional silos and increasing collaboration?

Security Risk Management Silo Problem

How do you begin to understand your security risk culture?

As the old adage goes, “culture eats strategy for breakfast”. A great security risk management strategy will go nowhere if your organization doesn’t have the right culture to implement it.

So how do you go about understanding what your culture is, and what the gaps are between this and where you want to be? Chances are, you’ve already got the data you need to back up what you’ve seen from your experiences and conversations. You can use this data to highlight behaviors, outcomes, trends and hotspots in your organization’s security risk management.

 How have you addressed understanding and changing security culture in your organization?

culture data.png

As terror threats grow in complexity organizations need to continuously revise their security analysis and measures

Findings from Europol’s recently-released 2019 EU Terrorism Situation and Trend Report underline the continuing need for organizations to keep their responsibility as employers at the forefront.

 

Typically, duty of care is mostly discussed in the context of employee travel, but we believe it needs to be a larger part of all security conversations as organizations improve and revise their current mitigation measures. The threat from terrorist attacks in the EU remains high, as perpetrators have shifted focus away from conflict zones. The most disturbing finding of the report is that terrorist capabilities seem to have grown to include the use of CBRN weapons.

 

While the total number of attacks (foiled, failed and completed) has dropped from 2017 to 2018, the increased complexity of the threat, the growth in right-wing terrorism and the shifting power balance between Islamic State and Al-Qaeda demands attention. To combat these future threats organizations need to conduct continuous intelligence analyses and revise current mitigation measures to ensure the safety of all employees and assets.

You can read the full report here

Are you using data operationally, or are you using data to improve business performance?

New research from Marsh and RIMS shows the majority of Risk Managers are using risk management data for operational tasks such as insurance renewal decisions, providing data to external parties and for ad-hoc enquiries and situations. Only a minority are using data to support strategic planning, improving long-term operational performance and making adjustments to risk management strategy.

How do you use risk management data in your organization, and does it align with your security risk management goals?

Risk management data use.png

Cloud-based solutions are delivering growth and improved security

This week we’ve been reading McAfee’s latest research report on the benefits businesses have derived from using cloud-based solutions.

We were excited to see the results showing that cloud infrastructure is leagues ahead of on-premise performance!

The survey covered 1000+ enterprises in 11 countries from March to May this year and found that the vast majority of companies (87%) experienced a form of business acceleration from growth, productivity gains and time to market improvements. In fact 41% experienced a direct link between business growth and their use of cloud services.

What stuck out most to us were the security improvements that many businesses experienced. Microsoft and other cloud hosting providers are investing heavily in security, often significantly more than the businesses they serve. We see a clear benefit for companies to leverage these services and take advantage of this enhanced security, especially to address growing cybersecurity threats. Indeed, 52% of the businesses surveyed experienced improved security, 44% had improved collaboration and 57% reduced IT spending by using cloud-based services!

 

You can read the full report here 

Image Courtesy of McAfee

Image Courtesy of McAfee