The increasing sophistication and volume of cyber security threats and attacks, rapid technology changes, the continued move to automated and cloud-based services and changing data privacy regulations are just a few factors that have propelled organisations to increase their focus on cyber security and information protection.
The race to protect information and assets, however is everlasting. In 2019, it is important that organisations remain informed about emerging threats and ways to mitigate them.
At the same time, “it is critical for organisations to transition their approach to cyber security from strictly risk management to more of a focus on business innovation and growth,” said Tony Buffomante, U.S. Leader for Cyber Security Services at KPMG LLP. “Organisations should seize opportunities to transform their security, privacy and continuity controls in order to grow their businesses.”
In this new report, “What's next: Key cyber security considerations for 2019”, KPMG has identified six key areas to top organisations’ cyber security agendas amid the evolving threat landscape:
Addressing the cyber security skills shortage: The lack of seasoned cyber security professionals, combined with tightening budgets, highlights the importance of automation. Organisations should consider automating some of the repetitive aspects of collecting and analysing data about intruder activity. This will help to re-prioritise where cyber professionals are focusing efforts. Organisations should also focus on recruiting new talent out of college and developing bespoke training programs to build the next generation of cyber professionals.
Fight artificial intelligence with artificial intelligence: Cyber attackers are increasingly likely to employ artificial intelligence (AI), using deep learning and machine learning to make malware and targeted attacks more effective and harder to detect. Organisations should also use these tools to help identify security incidents and assess vulnerabilities across the system.
Sustainable data privacy compliance: Organisations should move beyond compliance to ensure data privacy processes are a component of business models. A framework of best practices should be woven into the organisation’s culture and procedures allowing for flexibility to adapt to new regulations such as the EU General Data Protection Regulation (GDPR) and evolving regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Fraud and cyber risk intersect: Organisations, financial institutions in particular, should focus on the reduction of fraudulent activity, as they look to make the customer experience more secure and personalised. In 2019 and beyond, fraud and cyber should command equal attention from a security perspective and new and enhanced strategies for collecting and using client data should be developed.
Identity and access management – from security tool to business driver: Identity and access management is evolving from a security tool to a business enabler as organisations seek to use technologies, such as advanced authentication and identity proofing, to provide a secure customer-centric digital experience that can be personalised across multiple channels and devices.
Phishing – a return to old school attack methods: Phishing, the practice of posing as a legitimate institution via email to lure individuals into providing sensitive data, is among the older attack methods, but remains difficult to defend. Attackers are returning to more archaic method of infiltration as some organisations shift their defense focus towards newer methods of attack such as malware. To pivot against constantly changing methods of attack, organisations should move towards a broader, managed cyber response posture.
George Tziortzis, Board Member and Head of Management Consulting at KPMG in Cyprus, said: “The evolving cyber security threat landscape renders the establishment of a continuous and sustainable management framework, a need to ensure survival. At the same time, investment in cyber security and risk management should be leveraged in an innovative way to create new sources of revenue or enhance customer experience and customer service. The point of view and approach must change. In the future, securing data, systems and processes must not act as a business inhibitor but must also create new opportunities. At KPMG we do not just aim to help organisations secure and defend their assets but to also ensure at the same time that business processes and services are enhanced.”
© 2021 Copyright owned by one or more of the KPMG International entities. KPMG International entities provide no services to clients. All rights reserved.
KPMG refers to the global organization or to one or more of the member firms of KPMG International Limited (“KPMG International”), each of which is a separate legal entity. KPMG International Limited is a private English company limited by guarantee and does not provide services to clients. For more detail about our structure please visit https://home.kpmg/governance.
Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.