You are here

How to navigate risk in today's fast-changing security world

public://pictures/david_samuelson_.jpeg
David Samuelson, CEO, ISACA

Enterprises face a challenging and fast-changing risk environment, and that's only going to increase for the foreseeable future. Technologies such as artificial intelligence and connected devices are becoming increasingly commonplace, as are the growing privacy and security considerations related to voice-first technology that lets devices listen to almost everything people say.

This unprecedented degree of complexity on the risk horizon and the pace of change in the risk landscape are important factors to understand and prepare for.

New research, "The State of Enterprise Risk Management"—from ISACA, the CMMI Institute, and Infosecurity—highlights many of the key challenges enterprises face in establishing their risk tolerances and optimizing risk management processes. For the C-suite, one of the main opportunities for improvement is to prioritize faster turnarounds for acting on newly identified risks.

Here are top takeaways from the report for your security team.

[ Understand what's driving the next-generation SOC with TechBeacon's guide. Plus: Download ESG's report on the state of cloud-based security analytics and operations ]

Security response time is lagging

The research shows that only 31% of respondents indicate their company is able to put countermeasures in place to mitigate a new technology threat or vulnerability in less than a month. Further, a combined 40% of respondents report it takes three months or longer to implement countermeasures.

Given the pace of today's business change, coupled with a growing threat landscape, enterprises that take too long to respond will inevitably find themselves unprepared to deal with critical business challenges. Streamlining the process—from identifying the risk to facilitating executive decision making—can help businesses become quicker and more agile in their execution.

As the research underscores, cyber risk is top of mind for companies of all sizes and across all sectors. Not only is cybersecurity the most acute pain point, it's also one of the most challenging risks to define and address.

Many organizations struggle to pinpoint the right methods of assessing and measuring their cybersecurity and may lack the needed talent or tools. This is especially true for small and medium-size businesses.

Risk tolerance and maturity: Grow up, already

The need to clearly define risk tolerances in order to advance along the maturity spectrum is another highlighted area in the report. It is important that the right stakeholders have ongoing discussions around risk tolerance and clearly convey that stance to others throughout the organization whose daily decisions influence the level of risk to which an organization is exposed.

While nearly two-thirds of respondents have defined processes for risk identification, only 38% report that those processes are at either the managed or optimized level of the maturity spectrum.

In many cases, a lack of organizational alignment around risk management can serve as a stumbling block to optimizing those processes.

[ Explore TechBeacon's guide to SecOps challenges and opportunities. Plus: Download the 2019 State of Security Operations report. ]

Security takes a village

Risk management is certainly not a new function for organizations, but many of the challenges on the enterprise risk landscape today are both new and more complex than ever. The good news is that there are additional steps you can take to bolster your security posture.

David will further address the "State of Enterprise Risk Management" research findings at the Infosecurity-ISACA North America Expo and Conference, taking place November 20-21, 2019, in New York.

[ Effective SecOps requires staying one step ahead. Get up to speed with this Webinar covering UEBA and MITRE ATT&CK ]