In 2014, Sony suffered the most devastating hack of all time, Home Depot faces dozens of lawsuits resulting from its data breach, the JP Morgan Chase attack affected 76 million households and 7 million small businesses, and a year later, Target is still recovering from its breach in 2013. So, with a new year upon us, it’s important that we take a step back and review the lessons we’ve learned in the security space, as well as take a look ahead at what 2015 holds.
In this slideshow, Yo Delmar, vice president of GRC solutions at MetricStream, a global provider of governance, risk and compliance solutions (GRC), has shared her thoughts on 2014 trends and what she foresees occurring in 2015.
GRC Trends and Predictions
Click through for 2014 GRC trends and what organizations can expect in 2015, as identified by Yo Delmar, vice president of GRC solutions at MetricStream.
2014: Evolving Cyber Threats
Increasingly sophisticated cyber threats require increasingly sophisticated mitigation and response strategies. In 2014, the Heartbleed bug, along with other large-scale attacks on our nation’s businesses, dominated the media headlines, captured our attention, and instilled a sense of fear and uncertainty amongst our organizations’ IT and risk business leaders. The mounting capabilities and success rates of increasingly sophisticated and motivated actors and nation-states mean that cybersecurity has risen to the top of every strategic planning meeting and corporate agenda.
2014: Digital Wallets
Digital wallets have arrived; rapid consumer adoption and sophisticated cyber attacks are sure to follow right behind. Google Wallet and Apple Pay are game changers for consumers and businesses alike. Apple Pay has and will continue to disrupt more traditional credit card processes, controlling both the software and the device, as well as integrating with other Apple devices, such as Apple Watch. As more and more consumers adopt these advanced mobile payments options, cyber attackers will focus more energy and resources on infiltrating these systems.
2014: The GRC Journey
Organizations around the world are realizing success through a GRC journey. There has been a fundamental shift as organizations now commit to sustainable best-practice programs around governance, risk management and compliance. More organizations are expanding into new areas beyond traditional GRC into audit and IT processes, supplier governance, ethics and compliance, privacy, quality management, environmental health and safety and more. Designing and executing a successful GRC journey is more than a technology deployment – leaders now concur that it is about helping to accelerate organizational readiness, and improving business performance by managing GRC as a program, involving people, processes and technologies.
2015: Retail Security
The retail industry needs to think outside of the box when it comes to security. Unlike other industries, retailers in particular tend to have more physical and virtual environments, and more open endpoints spanning physical brick and mortar stores, points of sale, mobile apps, online websites, and APIs to/from others. Retailers, keen to better know and understand their customers, are using advanced analytics such as shopping behavior analysis and customer demographic information, and sharing this information across different groups in the organization, thereby increasing the likelihood for exposure.
2015: Corporate Insurance
Use of corporate insurance will be used to protect sensitive organizational assets from disruption and theft. In 2015, amidst the increasing prevalence of cyber threats and successful attacks, more organizations will use corporate insurance as a safeguard for their business. In turn, insurance companies have and will continue to develop sophisticated products that can keep pace with evolving technology and cyber-related risks.
2015: Security Is Everyone’s Job
Information security is everyone’s job. In 2015, we will see organizations rethink their information security processes, which must become truly embedded across the business operations. We will also see stronger private and public partnerships, marked by increased collaboration and financial investment, in order to develop stronger security models that understand and address emerging threats, motives and targets.