Interviews

A ‘back to basics’ approach to infosec in 2019

by Mark Rowe

Many organisations are taking a ‘back to basics’ approach to information security in 2019, according to the latest in a series of social media polls by the European information security event series, Infosecurity Europe 2019. Asked what their ‘security mantra’ is for 2019, more than half (55 per cent) of respondents say they plan to ‘go back to basics’ while 45 per cent reveal they will invest in more technology. According to Gartner, worldwide spending on information security products and services is forecast to grow 8.7 per cent to $124 billion in 2019[1].

When it comes to complexity, two-thirds believe that securing devices and personal data will become more (rather than less) complicated over the next 12 months. With Forrester predicting that 85 per cent of businesses will implement or plan to bring in IoT in 2019, this level of complexity is only set to increase with more connected devices and systems coming online.

However, many will be looking to reduce complexity in their security architecture this year by maximising what they already have in place. According to the event’s poll, 60 per cent of respondents say that maximising existing technologies is more important than using fewer vendors (40 per cent).

Victoria Windsor, Group Content Manager at Infosecurity Group, says: “CISOs are managing increasingly complex security architectures and looking to streamline operations and technology in the wake of a growing skills crisis, rising costs and a myriad of compliance requirements. With many of us starting the New Year with well-intended ‘new year, new you’ resolutions, it seems that many security professionals are doing the same.”

Attracting 8,500 responses, the Infosecurity Europe Twitter poll ran during the week of January 7, the first week back for many workers, and a time when many take stock of both their personal and professional goals for the year. Also CISOs were asked about their focus for 2019; complexity is major headache regardless of industry or size of operations.

Stephen Bonner, cyber risk partner, Deloitte highlights new and impactful challenges and advises security leaders to see the ‘big picture’. “It’s often said that complexity is the enemy of security, and this remains as true today as it was twenty years ago. The difference today is that, in addition to technical complexity, companies now have to grapple with overlapping cyber security regulations, legacy technology, and intricate supply chains that stretch around the globe.

“These challenges can no longer be managed with point solutions. Security and IT leaders must consider how their technology fits into – and interacts with – the wider business and beyond. In other words, they must integrate ‘systems thinking’ into business as usual. Cyber security is now a core operational risk for many organisations, and an ability to see the big picture has rarely been so valuable.”

Nigel Stanley, Chief Technology Officer – Global OT and Industrial Cyber Security CoE at TÜV Rheinland Group, points to the challenges in the complex world of operational technology (OT), which covers everything from manufacturing plants through autonomous vehicles and power stations, and where control equipment is often old in terms of IT and often overlooked when it comes to corporate cybersecurity. “The good news is that having a New Year stock take and further considering these security systems will help you understand the key areas of business risk and help to formulate a plan to address it. In my experience the uncomplicated process of changing default passwords, screen locking the engineering workstation and educating a workforce will be time well spent in 2019. My OT security world is getting more complicated each day as fresh challenges arise. As we run fast it seems the bad guys run even faster. I plan to get some new running shoes for 2019!”

For Paul Watts, CISO at Dominos Pizza UK and Ireland, the speed of IoT development will become increasingly challenging: “Accrediting the security posture of IoT devices is challenging for enterprises, particularly in the absence of any regulatory landscape. I welcome the voluntary code of practice issued by the Department of Culture, Media and Sport late last year. However whilst the market remains deregulated and global manufacturers not compelled to comply, it will not go far enough given the speed these products are coming onto the market coupled with the insatiable appetite of consumers to adopt them at break neck speed – usually without any due consideration for the safety, security and interoperability in so doing.”

Infosecurity Europe, now in its 24th year, runs at Olympia, west London, pictured, from Tuesday to Thursday, June 4 to 6, 2019. Visit https://www.infosecurityeurope.com.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing