The security snapshot: 10-year challenge
At the start of the new year, a meme called the 10-year challenge went viral. The premise is simple: Post a photo of yourself in 2009 and a photo of yourself in 2019 to highlight certain changes that may have taken place in that time. Besides the security concerns of social media sites potentially mining this data for facial recognition purposes, the opportunity to reflect on the progress made in the past 10 years is beneficial in many arenas, not just for social media.
There is no question that developments in consumer technology have remarkably transformed our lives in the past decade. In 2009, Apple released the third-generation iPhone, and now loyal Apple fans are anticipating the 11th-gen iPhone, scheduled to be released in September. At the end of 2009, there were 350 million Facebook users, but by the end of last year (December 2018), that number had grown to 1.52 billion users worldwide. Some of the most common social media apps, such as Snapchat and Instagram, did not even exist in 2009.
The overwhelming increase in the pervasiveness of technology in our personal lives caused me to wonder: What have been the biggest changes in the security industry in the past decade? More specifically, how have the way we write about security and the recommendations we make to our clients changed since 2009?
Reflecting on the concerns of the CISO 10 years ago in our annual report, Top Data Security Predictions For 2009, our predictions centered on protecting the organization from particular business risks due to the Great Recession. We predicted the increased use of data loss protection (DLP) tools. We also wrote about the adoption of full disk encryption and the elevation of entitlement management. While these were emerging issues 10 years ago, they're now mostly standard and widely adopted in the security organization of 2019.
So what should be the biggest concerns for today's CISOs? In the past month, the security and risk team has published a variety of reports, both addressing priorities for 2019 CISOs and anticipating where the industry may go in the coming decade:
- In our annual report, Top Recommendations For Your Security Program, 2019, we outline our most important security strategy recommendations for the next 12 months. Our updated recommendations include paying attention to geopolitical risk, being conscious of your brand reputation, recruiting and retaining diverse talent, maturing your cloud technologies, and deploying self-sovereign identity.
- Security functions worldwide increasingly recognize the critical role employee behavior plays in protecting their organization from cybersecurity threats. Jinan Budge and Claire O'Malley's recent report,Harden Your Human Firewall, discusses best practices for going beyond security training and awareness to build a culture of security in your organization.
- Security leaders in Europe have been dealing with a range of geopolitical issues. From the uncertainty of the Brexit negotiations to the European Union's General Data Protection Regulation (GDPR) still being less than a year old, among other more universal security team strife such as retaining talent and complex environments, European security leaders must figure out how to assign resources more efficiently. Paul McKay helps them prioritize in his new report,Security Budgets Europe, 2019: Budgets Rise And Security Services Overtake Products.
- In 2019, progressive security organizations not only accept that their firm will suffer a breach but are actively planning for it. In Josh Zelonis' update of the incident response Forrester Wave, he highlights the top firms in that market that will provide both the leading breach preparation as well as response.
- In the past, security was viewed as a way for firms to avoid costs, but Andras Cser and Jeff Pollard argue that innovative firms can use their existing programs to generate revenue. In their newest report, Security For Profit, the analysts contend that better security improves every part of the organization's business, including how companies sell their products and retain their customers.
(Written with Elsa Pikulik, senior research associate at Forrester)
Download Forrester's complimentary guide to learn how and why Zero Trust is the best way to defend your business.
This posted previously appeared here.