ServiceNow Makes Security Predictions for
2018: Automation, Boardrooms and GDPR
2018: Automation, Boardrooms and GDPR
SINGAPORE – December
19, 2017 – The
security threats and breaches of 2017 have set astounding new records for
personal data invasion. From WannaCry to Petya, the list of sophisticated
and far-reaching breaches grows almost daily. In 2017, breaches impacted hundreds
of millions of people globally.
19, 2017 – The
security threats and breaches of 2017 have set astounding new records for
personal data invasion. From WannaCry to Petya, the list of sophisticated
and far-reaching breaches grows almost daily. In 2017, breaches impacted hundreds
of millions of people globally.
The security mission
to protect, detect, and respond, has remained the same for everything from IT
networks and data storage to payment systems and IoT devices. In the past ten years, a tremendous
wave of technology innovation has been developed to help protect and detect.
Yet, the most neglected area of security is the part we can control – our
response. Without question, the velocity and complexity of the attacks
will continue in 2018. The question is, will security operations be able to
fine-tune their responses to meet the ever-increasing volume and sophistication
of these challenges?
to protect, detect, and respond, has remained the same for everything from IT
networks and data storage to payment systems and IoT devices. In the past ten years, a tremendous
wave of technology innovation has been developed to help protect and detect.
Yet, the most neglected area of security is the part we can control – our
response. Without question, the velocity and complexity of the attacks
will continue in 2018. The question is, will security operations be able to
fine-tune their responses to meet the ever-increasing volume and sophistication
of these challenges?
As 2017 draws to a
close, Brendan O’ Connor, Security CTO at ServiceNow looks into his crystal
ball to predict the top security trends to watch in 2018:
close, Brendan O’ Connor, Security CTO at ServiceNow looks into his crystal
ball to predict the top security trends to watch in 2018:
Prediction 1: Security
“Haves” and “Have-nots” emerge.
“Haves” and “Have-nots” emerge.
Security teams
struggle to quickly
determine whether incidents are worth a response. Many organizations use dozens of security
tools that create and funnel massive volumes of signal onto the desk of the
security professional. Analysts use spreadsheets and email to manage reacting
to this signal, and the sheer volume of alerts results in analysts spending too
much time researching incidents.
struggle to quickly
determine whether incidents are worth a response. Many organizations use dozens of security
tools that create and funnel massive volumes of signal onto the desk of the
security professional. Analysts use spreadsheets and email to manage reacting
to this signal, and the sheer volume of alerts results in analysts spending too
much time researching incidents.
In 2018, we will see
security Haves and Have-nots emerge between those that begin to automate this
research portion of security response and those that don’t. Companies with the
tools and culture to embrace automation, and put technology to work for real
business enablement, will perform better than those that don’t.
security Haves and Have-nots emerge between those that begin to automate this
research portion of security response and those that don’t. Companies with the
tools and culture to embrace automation, and put technology to work for real
business enablement, will perform better than those that don’t.
The Haves will be
expected to report on security operations as a key part of their day-to-day
business. They will have scalable processes in place and will be in a position
to measure progress. Automation
will help them better determine which systems to patch and when. They will
respond to phishing attacks in minutes rather than days. For the Haves,
this will be a point of pride.
expected to report on security operations as a key part of their day-to-day
business. They will have scalable processes in place and will be in a position
to measure progress. Automation
will help them better determine which systems to patch and when. They will
respond to phishing attacks in minutes rather than days. For the Haves,
this will be a point of pride.
The beauty for the
Haves is that their security people will be freed from mundane and
time-consuming manual research. They will have more time to focus on strategic
projects that fortify the organization. This new approach extends beyond security. Automation is so
effective it becomes a rising tide that lifts all ships, operating in virtually
all areas of business.
Haves is that their security people will be freed from mundane and
time-consuming manual research. They will have more time to focus on strategic
projects that fortify the organization. This new approach extends beyond security. Automation is so
effective it becomes a rising tide that lifts all ships, operating in virtually
all areas of business.
Prediction 2: Security
gains a seat in the boardroom.
gains a seat in the boardroom.
Security programs are
about tradeoffs and minimizing risk. To achieve greater success, security teams
need to better articulate those tradeoffs by putting the risk and material
consequences into business terms, fundamentally bringing security into their
business strategy. CISOs need to help
executives and board members understand the ROI, cost-benefit analysis, and
security program tradeoffs by articulating the business risk versus business
value.
about tradeoffs and minimizing risk. To achieve greater success, security teams
need to better articulate those tradeoffs by putting the risk and material
consequences into business terms, fundamentally bringing security into their
business strategy. CISOs need to help
executives and board members understand the ROI, cost-benefit analysis, and
security program tradeoffs by articulating the business risk versus business
value.
In the coming year, we
will see CISOs do more to present their security concepts and programs in
business terms. Talking about securing data is one thing, but demonstrating the
value that security offers the business is something else. This will eventually
apply to every aspect of the business, but most immediately applies to
regulatory compliance, potential lost revenue, customer relationships, legal
liability, competition, intellectual property, stockholder loyalty and brand
protection.
will see CISOs do more to present their security concepts and programs in
business terms. Talking about securing data is one thing, but demonstrating the
value that security offers the business is something else. This will eventually
apply to every aspect of the business, but most immediately applies to
regulatory compliance, potential lost revenue, customer relationships, legal
liability, competition, intellectual property, stockholder loyalty and brand
protection.
The boardroom needs to
take a step toward security, and security operations needs to take two steps
toward the boardroom. Bridging the knowledge gap between security leadership
and the board provides the framework to ensure effective security by helping
all parties assess the risks and decide how to mitigate them.
take a step toward security, and security operations needs to take two steps
toward the boardroom. Bridging the knowledge gap between security leadership
and the board provides the framework to ensure effective security by helping
all parties assess the risks and decide how to mitigate them.
Prediction 3: A breach
enters our physical lives.
enters our physical lives.
There is a difference between information and
physical security. The breaches that plague organizations today
are primarily information security violations. While painful, having credit
card information, a social security number, or personal digital information
stolen does not result in physical harm to the victim. In 2018, we will see a
breach impact our physical, personal lives. It might be a medical device or
wearable that is hacked and remotely controlled. Perhaps it will be an
industrial IoT device or self-driving car that gets compromised. Or
something closer to home – literally. Devices from the garage door to the
refrigerator are becoming smarter and more connected. The impact of such an
attack will force government, business and individuals to take a closer look at
the security of our infrastructure.
physical security. The breaches that plague organizations today
are primarily information security violations. While painful, having credit
card information, a social security number, or personal digital information
stolen does not result in physical harm to the victim. In 2018, we will see a
breach impact our physical, personal lives. It might be a medical device or
wearable that is hacked and remotely controlled. Perhaps it will be an
industrial IoT device or self-driving car that gets compromised. Or
something closer to home – literally. Devices from the garage door to the
refrigerator are becoming smarter and more connected. The impact of such an
attack will force government, business and individuals to take a closer look at
the security of our infrastructure.
Prediction 4: The EU
penalizes a company for a GDPR violation.
penalizes a company for a GDPR violation.
On May 25, 2018,
the General Data Protection Regulation (GDPR) will be put into effect. GDPR will provide a legal framework to strengthen
and unify data protection and distribution for individuals within the European
Union (EU). While the regulation will protect EU citizens, it will impact
organizations worldwide – every company that serves a customer or employee in
the EU – and businesses can be held responsible for the way they process, store, and protect personal data.
The maximum penalty is a fine of 20 million Euros, or 4% of global annual
revenue, whichever is greater. The EU may choose to make an example out of one
of the first companies it penalizes, sending a message that GDPR is to be taken
seriously.
the General Data Protection Regulation (GDPR) will be put into effect. GDPR will provide a legal framework to strengthen
and unify data protection and distribution for individuals within the European
Union (EU). While the regulation will protect EU citizens, it will impact
organizations worldwide – every company that serves a customer or employee in
the EU – and businesses can be held responsible for the way they process, store, and protect personal data.
The maximum penalty is a fine of 20 million Euros, or 4% of global annual
revenue, whichever is greater. The EU may choose to make an example out of one
of the first companies it penalizes, sending a message that GDPR is to be taken
seriously.
The first company most
likely won’t be a household name, but it will be known to be out of compliance
in areas other than GDPR. As these penalties receive global publicity, other
companies will be compelled to move forward with GDPR compliance plans.
likely won’t be a household name, but it will be known to be out of compliance
in areas other than GDPR. As these penalties receive global publicity, other
companies will be compelled to move forward with GDPR compliance plans.
About ServiceNow
ServiceNow makes work
better across the enterprise. Getting simple stuff done at work can be
easy, and getting complex multi-step tasks completed can be painless. Our
applications automate, predict, digitize and optimize business processes and
tasks, from IT to Customer Service to Security Operations and to Human
Resources, creating a better experience for your employees, users and customers
while transforming your enterprise. ServiceNow (NYSE:NOW) is how work
gets done. For more information, visit: www.servicenow.com.
better across the enterprise. Getting simple stuff done at work can be
easy, and getting complex multi-step tasks completed can be painless. Our
applications automate, predict, digitize and optimize business processes and
tasks, from IT to Customer Service to Security Operations and to Human
Resources, creating a better experience for your employees, users and customers
while transforming your enterprise. ServiceNow (NYSE:NOW) is how work
gets done. For more information, visit: www.servicenow.com.
###
ServiceNow and the
ServiceNow logo are registered trademarks of ServiceNow. All other brand and
product names are trademarks or registered trademarks of their respective
holders.
ServiceNow logo are registered trademarks of ServiceNow. All other brand and
product names are trademarks or registered trademarks of their respective
holders.
For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
