Key cyber security considerations for 2020
By Michele Brancati
Today’s hyperconnected, digital world is creating an entirely new risk matrix – one with a greater need than ever to defend and protect against cyber threats, which grow more intelligent by the day.
“In this new era of omnipresent cyber threats, no corporate entity or government has the ability to defend all of its critical data and infrastructure at all times,” said Tony Buffomante, global co-leader of the Cyber Security practice at KPMG. “To stay ahead of advancing threats and drive efficiency, companies should automate essential tasks wherever possible across analytics-based solutions from access and fraud alerts to data privacy and risk mitigation.”
KPMG sees 2020 as a pivotal year for how corporate entities and government agencies protect against and respond to cyber threats. In a new report, "All hands on deck: Key cyber security considerations for 2020,” KPMG has identified the six top considerations for cyber security agendas amid intensifying cyber threats.
Six key considerations
- Automating essential security tasks. As companies look to reduce spend and improve the effectiveness of their security teams, they should explore automating security operations center playbooks, fraud decisions and cyber responses through partnerships with leading cloud and security information and event management providers.
- Building trust into consumer authentication. While consumers demand a friction-free experience, it is the product or service provider’s responsibility to ensure it is secure. Companies should connect the data, authentication and fraud teams systematically and programmatically. From there, focus on enhancing the customer experience during authentication; make it easier for customers to identify themselves, but perhaps more challenging to conduct atypical transactions.
- Preparing for new cloud-based threats. The NSA recently issued guidance on mitigating cloud vulnerabilities amid the growing concern that these services could be a weak spot – which they are. This is particularly true because cyber security professionals with extensive experience in the cloud are scarce. Chief Information Security Officers (CISOs) will have to fill this skill gap by reskilling, upskilling and when necessary, bringing in new talent.
- Increasing the business acumen of security teams. KPMG expects cyber security teams to become a more strategic, forward-looking resource for the organization; but to do so, they must clearly understand the business and related cyber risks. Security teams should regularly communicate with business leaders about what the organization needs to worry about in today’s evolving ecosystem.
- Aligning business goals with security needs. The viewpoints of the business and the cyber security team must be aligned, but that is not the case at enough organizations today. Many incidents would be more easily preventable and more rapidly detectable if security was a priority, with policies and controls embedded in the business.
- Bracing for more regulation. In 2020 and beyond, expect to see increased regulation across the board. Companies should institute ongoing testing of regulatory compliance programs – in terms of design, implementation and effectiveness – to identify where improvements are needed. Ensure the CISO is tightly integrated with someone in the company who has a broad mindset regarding the company’s operating model to oversee these programs: a Chief Risk Officer, Chief Financial Officer, or Deputy CEO are ideal candidates given their perspective on the company’s overall risk agenda.
While there is no silver bullet approach to designing and implementing cyber security programs, the key is to assemble collaborative talent – across the enterprise – that can meet these issues head-on and take a proactive stance.
For more information or to speak with Tony Buffomante, please contact Michele Brancati.