Industry executives and experts share their predictions for 2020. Read them in this 12th annual VMblog.com series exclusive.
By Rinki Sethi, CSO at Rubrik
This will be a banner year for the CSO
The role of the Chief Security
Officer (CSO) is quickly becoming one of the most critical and influential
positions in enterprise organizations. One of the challenges in the role is
staying ahead of the constantly evolving cyber threat landscape as cyberattacks
become more sophisticated and targeted.
While enterprises have made a lot
of progress in 2019, 2020 will continue to be a banner year for the Chief
Security Officer as cyberattacks continue to dominate headlines and remain an
enterprise threat.
Security, Compliance, and Privacy
Join Forces
Most businesses compartmentalize
security and privacy responsibilities into specific, separate organizations in
the hopes of streamlining operations. For example, when a company develops a
GDPR-related security initiative, the work will run through the privacy or
compliance organization that generally report into a legal team. This
organizational structure may have worked well in the past, but now with all the
overlap between security, privacy, and compliance, it is important that these
functions are brought closer together both in organizational structure and in
how they collaborate - instead of reinforcing traditional silos that businesses
are hard to break down.
In 2020, we'll see businesses start
to rethink how they are organized around security, privacy and customer trust,
enabling teams to work through industry challenges with a more holistic
approach, giving rise to one larger organization such as a Data Trust
Office.
Automation for Security Talent
Automation gets tossed around as
something that will transform business processes, but beyond that, it will
become a core investment to retain top security talent in 2020. Much has been
made of automation taking jobs, but in reality the opposite will happen -
automation will be the key to retaining top talent.
One of the major reasons people
leave their jobs is because of a lack of meaningful work, and businesses are
increasingly turning to automation and other tactics to eliminate monotonous
work that high potential employees would not find challenging. Rather than
hiring talent in an already extremely competitive space to handle tedious tasks
- a strategy in which employees are encouraged to automate repetitive tasks
- businesses will not just retain existing talent but will also attract
new talent. Also, as automation replaces mundane work, employees will have the
time to learn new skills and find opportunities to focus time on what gives
them a sense of purpose.
As businesses seek to drive
employee satisfaction, they'll also find that hiring talent from
non-traditional security backgrounds will bring much needed thought diversity
in the security industry to solve the toughest challenges ahead of us.
Automation will have a big impact on security talent in 2020.
Creating a Security Culture
Driving security trainings with a
two-hour, check-the-box training is ineffective and a complete waste of
resources. Additionally, it can also create a false sense of security for
trainees if it doesn't provide tools that employees can use to strengthen
security practices.
In 2020, companies will be more
strategic in how they use their employees' time when building security culture
and awareness. More specifically, we will see a refocus on programs that build
up better security behavior with interactive training that teaches employees
how to identify bugs, hack their own work, avoid phishing scams, and more. The
stakes for security will always be sky high, and these types of trainings are
key to solving a problem that has yet to be truly solved: ensuring every
employee is armed with security best practices that they can and do leverage in
day-to-day work.
As cyberattacks continue to
be a threat to enterprise organizations in 2020, there will be changes to how
companies think about their security efforts. In 2020, data and security
professionals will work more closely giving rise to a Data Trust Office.
Automation will play a critical role in recruiting top cybersecurity talent.
Lastly, CSOs will need to create a culture of security, so employees are more
aware of the types of threats facing them at work.
##
About the Author
Rinki Sethi is CSO at Rubrik, the
Multi-Cloud Data Control Company, where she is responsible for leading efforts
to protect Rubrik's information and technology assets. Throughout her career
she has built and matured technical security teams across security operations,
product security, application security, security architecture, and security
strategy within the Fortune 500 and other large enterprises such as IBM,
Intuit, Palo Alto Networks, Walmart.com, eBay, in addition to having led an
initiative to develop the first set of national cybersecurity badges and
curriculum for the Girl Scouts of USA.
Additionally, Rinki has served on
the development team for the ISACA book, "Creating a Culture of Security" by
Stephen Ross and was the recipient of the "One to Watch" Award with CSO Magazine
& Executive Women's Forum in 2014 and more recently the Senior Information
Security Practitioner Award with ISC2 in 2018.