As cybercriminals pose new challenges to legitimate businesses, countries across the world will see increased regulation on a variety of topics from a variety of regulators in 2020 and beyond, a new report has stressed.
According to the KPMG report, in Asia, specifically, we’ve seen new regulations around cyber security where they’ve actually used the word “cyber.”
Previously, the regulations in that region used the word “technology,” which had an IT connotation.
“The increased precision is a welcome development. With so many countries having issued rules to comply with certain elements of the General Data Protection Regulation (GDPR), or their own privacy laws, we’re seeing — especially with larger multinational companies — the creation of new, proactive data management departments,” noted the report titled “All hands on deck: Key cyber security considerations for 2020”.
Businesses are looking to master data analytics as a discipline and understand not only where the data is located across the organization, but also who owns it, what’s being done with it, and, perhaps most critically, what rights and permissions users have in relation to that data.
“Successful ongoing cyber resilience will require the strategic alignment of cyber strategies with incident response, business continuity and disaster recovery planning. We’ve got to involve the entire enterprise — from front office to back,’ stressed Akhilesh Tuteja, Global Cyber Security Co-Leader, KPMG International.
Companies need to think differently about how to protect their competitive advantage and develop new models with a goal of becoming and remaining cyber secure.
Cyber security professionals need to demonstrate they can protect the heart of the transformed business with an agility of thought and action that recognises the pace and speed at which cybercriminals operate.
The report picked six key cyber considerations that will shape the way people approach security in 2020: Aligning business goals with security needs; digital trust and consumer authentication; the evolving security team; the next wave of regulation; cloud transformation and resilience; and automating the security function.
Companies are recognizing the need for additional investment, not just in tooling and process development, but in terms of a lack of cyber talent, from cyber governance and risk strategy to configuration and maintenance.
“There’s still a large gap in this space, and, unfortunately, many companies hire IT professionals who lack cyber security perspective in relation to the regulatory environment. The result is advice that is often ineffective or well intentioned, but misunderstood or inadequately implemented by management and the board,” the findings showed.
Companies are encouraged to shift their focus from systems and technology to information.
“Pinpoint what it is that makes you competitive in the market. It could be intellectual property, or your supply chain, or your pricing power. Whatever it is, that’s what you need to protect from a cybersecurity perspective,’ the report elaborated.
Ascertain what Artificial Intelligence (AI) is able to handle and what truly requires the nuance of human thought.
Challenge yourself to automate the basic controls in your security environment. Shoot for at least 50 percent.
“Finally, advocate for cyber security to be a prominent feature in the organization’s environmental, social and governance (ESG) agenda to demonstrate your comprehensive view of cyber security governance and ability to handle a broad array of incidents,” the report mentioned.