Saturday, December 14, 2019
Corporate Compliance Insights
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
    • Home
  • About
    • About CCI
    • Writing for CCI
    • Advertise With Us
  • Articles
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Industry News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

Enterprise Risk 2020: Are We Ready for Security 4.0?

Awareness Does Not Equal Ability to Mitigate…

by Rachelle Loyear
November 15, 2019
in Featured, Risk
robot hand holding metal padlock and key

G4S’ Rachelle Loyear points to several risk data points from ISACA’s recent State of Enterprise Risk Management survey, offers tactics to improve risk mitigation efforts and shares tips for learning from past industry trends.

If you keep tabs on trends in cybersecurity, you’ll have noticed a lot of stories in the last year or two focusing on the Industry 4.0 concept — the trend toward the automation and digitization of processes that have traditionally been done by humans. The big story in security news is, of course, that the rush to adopt automated approaches often misses one critical factor in the plan — cybersecurity — and now enterprises and security teams are scrambling to back-fill security holes that were not considered ahead of implementing the “next cool thing.”

Although the earliest adopters of the digitized Fourth Industrial Revolution were in manufacturing, the drive to digitize and automate is now ubiquitous — in everything from ordering a burger to checking into a hotel to calling your smart car to drive itself from its parking spot and pick you up (valet parking without the tip!). This is the vanguard of a trend that is not slowing down, but is heading directly for the security industry. Anyone who has been to an industry trade show recently can see this trend based on the number of intelligent and automated products available. This movement is bringing the security industry into the world of Security 4.0, whether we are prepared to meet the risks associated with it or not.

Some good news, based on the results of the State of Enterprise Risk Management research from ISACA, CMMI Institute and Infosecurity: The security industry seems to be aware of the approaching security digitization storm.

Let’s look at some of the trends in the survey:

  • 64 percent of respondents said that, in the near term, their companies would be exposed to risks from changes/advances in technology (e.g., increased use of cloud, increased use of mobile, etc.).
  • Adding together cybersecurity and technology risk, 35 percent of respondents see those digitization-related areas as the largest risk exposure to their organizations today. That number is at 41 percent for those two categories being the most critical risks in the short-term.

That’s good, because awareness of the problem was definitely lacking in the Industry 4.0 transition. Unfortunately, awareness of increasing risk does not automatically translate to the ability to mitigate it. We also see that 41 percent of survey respondents rated mitigating cybersecurity risk as difficult or very difficult, with those ratings combining at 34 percent for technology risk.

These risks of exposure through technology systems are bad enough when you are worrying about a potential hack of a menu-kiosk messing up your lunch order, but consider the opportunity for mayhem as we digitize and place cool, new physical security technology on our enterprise networks.

We are moving to a new security program model that deploys connected systems and processes that communicate with each other autonomously. This model uses camera analytics, physical sensors, automated access systems and AI to identify and report security incidents, track them and escalate the information and response procedures to humans based on rule sets and algorithms.

All of these amazing technologies augment the human capacity to monitor and react more quickly, more intelligently and with more preparation to security incidents as they happen. This makes our security programs better, faster and stronger, but also far more vulnerable to the types of attacks that we have never had to consider or anticipate.

Consider the implications of hackers taking over automated gates, security robots, access control systems or even inserting deep-fake videos into our video management systems. These issues could potentially expose our organizations to civil, legal, brand and even criminal liabilities. We see in the survey results that 69 percent of respondents are either very or extremely concerned that cyber issues will impact enterprise reputation, and 53 percent have similar worries of compliance and legal repercussions. It’s critical that we in the security industry take the right steps to prevent these technology exposures from slipping through cracks in our security programs.

As the industry moves into the new realm of automated Security 4.0, we can learn from mistakes the manufacturing industry made on its journey to Industry 4.0. A few tactics to keep in mind are:

  1. Even the most advanced technology systems require a human response at some point in the process. Security staff training remains critically important to ensuring appropriate actions are taken when warranted. Choose staff who have the right background, awareness, security knowledge, people skills and – above all – training to react appropriately in fast-moving incident situations.
  2. Many systems rely on security products that are built with an open architecture. This is critical because open software and hardware follows industry standards but has the ability to connect and communicate. Unfortunately, open environments are potentially more prone to cyberattacks than closed systems, making it important to be ever vigilant with cyber controls and proactive with the ongoing examination of possible threats and remedies.
  3. Take an Enterprise Security Risk Management (ESRM) approach to your entire security program, not only cyber or physical. Develop programs that identify all critical resources, examine risks to those resources and employ holistic resolutions to protect the organization’s networked security programs now and in the future.
  4. When making decisions on physical security technology, choose security systems that are “Cyber by Design.” In other words, choose reputable technical solutions that embed cyber controls during the manufacturing and installation process. Then make sure you continue to update those systems as part of your overall patch management process.

Tags: automationenterprise risk management (ERM)
Previous Post

Smarsh Electronic Communications Compliance Report

Next Post

Simplifying Compliance with an Inside-Out Security Mode

Rachelle Loyear

Rachelle Loyear is the VP of Integrated Security Solutions for G4S Americas.  In this role, she leads the G4S Security Risk Management and Integrated Practices management office, helping G4S customers take advantage the powerful risk management business approach as part of their holistic security programs.

Rachelle has spent over a decade managing programs in corporate security organizations. Focusing strongly on security risk management, she has been responsible for ensuring enterprise resilience in the face of many different types of risks, both physical and cyber.

Rachelle is PMP, CISM, and MBCP certified, is active in multiple security industry groups and volunteers as the program manager of the Enterprise Security Risk Management program management office at ASIS, International. Additionally, she is the author/co-author of three books in the security risk management subject area: Enterprise Security Risk Management: Concepts and Applications; The Manager’s Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security; and The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity.

Related Posts

change is coming text on city background at sunset

Future-Proofing the Compliance Professional

December 13, 2019
futuristic technology projecting 2020 in white text

The Future of Data Privacy Regulation

December 12, 2019
illustration of businessmen shaking hands through smartphone screens

FINRA Reveals Top Areas of Interest: Supervision and Digital Communications Compliance Programs

December 12, 2019
new york city skyline at sunset

The Early Days: The Birth of the Independent Monitoring Concept

December 11, 2019
Next Post
light bulb with tangled cord next to illuminated light bulb with straight cord

Simplifying Compliance with an Inside-Out Security Mode

Free Downloads

OFAC whitepaper cover
Compliance Job Interview Q&A
Reputation Risk Management Research

RSS SEC Litigation News

  • John Special, Defendant, and Michael Murphy, Relief Defendant, John Kenneth Davidson December 12, 2019
    SEC Obtains $3 Million Settlement in Insider Trading Action
  • Palm Beach Atlantic Financial Group, LLC and William A. Smith December 11, 2019
    SEC Charges Florida Resident and His Corporate Entity for Fraudulent Securities Offerings
  • Nanotech Engineering, Inc., Michael James Sweaney (also known as Michael Hatton), David Sweaney, and Jeffery Gange December 11, 2019
    SEC Obtains Asset Freeze to Halt Alleged Offering Fraud

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks Big Data blockchain board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management corporate culture corporate governance culture of ethics cyber risk data analytics data breach data governance decision-making Dodd-Frank DOJ due diligence fcpa enforcement actions GDPR GRC HIPAA information security internal audit internet of things (IoT) KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • Audit
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • HR Compliance
  • Leadership and Career
  • News
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights