TRENDING
Other drivers are more direct , such as a proposal on the table to make company directors personally liable for cybersecurity incidents .
Ultimately , as Gartner notes , long-term work-fromhome ‘ requires a total reboot of policies and security tools suitable for the modern remote workspace .’
Tecala is already undertaking these kinds of reviews . We use them as the basis for crafting security strategic roadmaps that tailor a security journey to an organization ’ s specific needs over forward years . The roadmap takes organizations from where they are now to where they want to be ; is aligned to key threat mitigation frameworks such as the Essential Eight or the CIS Controls ; and is designed to help organizations address the substantial challenges and security headwinds they are now facing .
While every review and roadmap is different , just as every organization ’ s needs are different , we have identified some common trends among the organizations we work with from a security perspective .
In the interest of openness and intelligence sharing , we ’ ve decided to list the top five here as they may be useful in reflecting on your own journeys to date and identifying gaps that may require external assistance or additional resourcing to close in the year ahead .
Security standards will actually become standard
Organizations presently have a range of standard frameworks to choose from and benchmark cybersecurity readiness . These include domestic frameworks like the Essential Eight , as well as overseas ones such as the Center for Internet Controls ( CIS ) 18 and the National Institute of Standards and Technology – NIST – framework .
There ’ s considerable repetition and overlap between the different frameworks , such that meeting the requirements of one would likely place an organization well on the path to complying with the others as well . Whatever framework an organization chooses , it is likely to serve them well .
However , within the small-to-medium enterprise market , the Essential Eight and CIS Top are currently favored because they are generally considered more business-friendly .
Only a year ago , awareness of these frameworks was practically non-existent outside of an organization ’ s security function . Today , however , it is more common to hear even C-level executives discussing the security standards they are endeavouring to meet .
We expect to see these standards become more tightly integrated into ways of doing business . For example , where company A wants to utilize company B ’ s services , they may ask company B to undertake a third-party risk assessment that includes portions of these frameworks . The message is effectively : meet security best practice or we won ’ t connect with you or integrate with your services .
Multi-layered approaches will become the pinnacle of best practice
When organizations undertake reviews and test their alignment to the security standards and frameworks , it quickly becomes apparent that more work is needed to increase levels of protection .
In my mind , the adoption of multi-layered approaches to security go hand-in-hand with the increased use of these frameworks .
Multi-layering isn ’ t about the number of tools an organization has . Instead , it ’ s about understanding the spectrum of threats and risk levels and creating security processes to effectively mitigate against them . It ’ s an approach to securing the organization , and one that more often than not , leads an organization down the path of Modern Management .
Modern management will come into its own
I spent much of 2021 talking about Modern Management , and there ’ s a good reason for that : 80 % of the projects that we undertook this year were
24 INTELLIGENTCIO APAC www . intelligentcio . com