There’s an old saying, “you can’t fix something until you admit it’s broken.” I’m often drawn back to that when I look at how businesses are addressing security and the guard rails that are put in place to guide their approach. For years, security leaders have struggled to adopt a smart, risk-based approach to security, tempered in the reality of their business’ risk appetite. But then regulations and tactical issues get in the way. The findings of this year’s IDG Security Priorities Study continue to show a steady evolution of security’s role in the enterprise, driven by the steady drumbeat of digital transformation. Unfortunately, while we see a continuing evolution, what we really need is a revolution.
In this multi-part security blog series, I’ll examine business’ top security priorities, take a look at where security is falling down in its attempt to effectively manage risk, and then look at how tactical issues are pulling security leadership away from the focus on strategic issues and what that means.
Some background on the study – the 2019 IDG Security Priorities Study is in its third year. Through this research we examine the driving forces behind information security in the enterprise, and the trends and technologies that frame the marketplace. Conducted in the spring of 2019 the study saw more than 500 respondents with an average company size greater than 11,500 employees across a variety of industries. The vast majority of respondents were IT or security executives.
Security Priorities for the Next 12 Months
While there was a long list of security priorities uncovered by the study, I’m going to focus on the top three, as they are most telling about where enterprise security is heading, and where the potholes to success lie.
#1 – Improve the protection of confidential and sensitive data
By this point it should go without saying that protecting your organization’s most critical data assets – namely PII, PHI, intellectual property, etc. – is top of mind for most every business. We expect this issue to continue to be top-of-mind for the foreseeable future.
#2 – Increase security awareness programs and staff trainings
A theme throughout this year’s survey, from beginning to end, was the importance of improving security awareness and training among end-users. It’s where businesses most often fall down and while no organization will ever have a perfect, security-aware workforce, even small improvements can produce big results.
#3 – Upgrade IT and data security to boost corporate resiliency
Resiliency is a wonderful term for security leaders to embrace because it speaks to the ability of a business to take a hit and keep on functioning. It’s also a term that is easily understood by non-IT executives. Resiliency is a theme we have embraced for the last several years and we are hearing it from the marketplace on a regular basis now. A resilient enterprise worries less about ransomware. A resilient enterprise worries less about outages.
Beyond these top three priorities, the study also found businesses focusing significant resources against better understanding the external threats they face, realizing greater value from the data and analytics they collect, addressing the complexity of their security environments, gaining greater visibility into insider threats, and shortening their incident response time. I’ll leave it that they have lots of priorities.
Listen to the 2019 Security Priorities Webcast to gain even deeper insights and check out the additional blogs in this series below!
Part Two: Where Security Falls Down
Part Three: Keeping a Strategic Focus is Difficult