This report has been out for a while, thought would be good to share some of the points. The threats and attack surface are never going to be the same. The report can be dowloaded here.
Risk and security teams will have to address threats such as board members making the wrong hand gesture at their screen and accidentally tweeting quarterly results.
They will have to address a two-speed employee population split between those who grew up in this world, and older employees who are adjusting.
Teams will need new skills to address new types of challenges, such as how to:
- Identify company vs. PII (Personal Identifiable Information)
- Secure multiple data sources and cross-domain communications
- Secure lightweight IP (Internet Protocol) enabled devices and sensors (like wearables)
- Address new types of incidents (like fluctuation in company reputation going public)
- Secure entirely new business models that are emerging from the digital industrial revolution
"There is no such thing as perfect security. Risk posture is a choice. You can either choose to invest more resources and experience less risk, or to spend less resources and experience more risk. Every choice made in IT risk and security influences where the organization is on this continuum"
Risk and Investment Continuum
Source: Gartner