Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Trends Column / Security Leadership and Management / Columns

Predicting Security’s Next Moves in 2013

As we enter 2013, it’s time for a few predictions. Here are my eight contributions to the New Year’s security forecast:

Prediction 1. An organization will declare bankruptcy after a cyber attack.

While some organizations are shoring up against cybercrime, many are not taking even basic or intermediate steps to remove vulnerabilities. As the level of attempts increase, the odds of a catastrophic event resulting in an organization failing also increases. The U.S. Cyber Consequences Unit (US-CCU) an independent, non-profit (501c3) research institute has found that a cyber attack that could hijack systems at a corporate level could “have the potential to create liabilities and losses large enough to bankrupt most companies.”

Prediction 2. “Enterprise Security” will replace corporate/physical and IT.

Tucking pieces of security into organizational silos leaves vulnerabilities and information gaps against threats. The move to a single, global CSO office will continue, and it will comprise all risk management and resilience-related strategies and operations. A major driver will be the threat of cyber-attacks against the weakest link in the chain. Only an enterprise risk strategy that includes all threats and vulnerabilities will be effective, and organizations are reorganizing accordingly.

Prediction 3. CSOs managing cyber security will jump from 21 percent to more than 50 percent in 2013.

As enterprise security arrives on organizational charts due to cybersecurity concerns, convergence between the physical and logical worlds will be realized. The risks and losses will finally outweigh internal politics forcing change. While IT is not designed to be risk-centric regarding security issues, security is not staffed to manage dynamic technology requirements. The current market of having four out of five organizations not addressing cyber security at the enterprise level will not stand.

Prediction 4. Cyber legislation enacting minimum standards for critical infrastructure will (finally) be passed.

Government agencies from DHS to DoD are already posturing for their share of an anticipated cyber security spending windfall. Defense Secretary Leon Panetta warned about U.S. vulnerability to a cyber-Pearl Harbor. The challenge will be information-sharing among government agencies and private organizations in the critical infrastructure sectors without violating civil liberties.

Prediction 5. At least one Security 500 CSO will be promoted to an executive role outside security.

The level of business acumen and leadership has soared among top leaders currently managing security for their organizations. Their contribution to the overall success of the organization is understood, measured and rewarded at the board level. The time and opportunity to leverage that skill at the COO or an international business unit head position has arrived. Similar to the IT world where John Reed, the visionary CIO at Citibank who championed ATMs, became their CEO in 1984, I expect to see ‘the business leaders who are currently managing security for their organizations’ be moved to broader executive roles.

Prediction 6. Security Information Management will grow dramatically.

Nothing beats knowing. As organizations move toward risk management and away from event response as their strategy, the demand for real-time situational awareness information from their security technology systems will increase. GSOCs and Central Stations will invest in more situational awareness and business optimization software tools. Midsize organizations that are unable to create their own GSOC may leverage this information from their Central Stations as an on demand or shared service.

Frost & Sullivan research analyst Krzysztof Rutkowski notes, “Since understanding the benefits of any security solution is necessary to implement it, the rising awareness on PSIM will transform this million-dollar market into a billion-dollar one by the end of the decade.”

Prediction 7. Consolidation reigns in the surveillance camera market.

It has taken a decade or more, but enterprises have set strategic procurement goals for security technology, meaning fewer brands being purchased. That reduces the number of service and warranty agreements, operator training and TCO. Likewise, the distribution channel’s continued mergers and acquisitions are thinning their product line cards. This helps reduce training and service requirements and streamlines inventory cost. Expect to see bigger winners and some big losers in this space.

Prediction 8. The focus on risk management and resilience will increase.

Sandy has taught businesses, institutions and government that their resilience plans are not nearly resilient enough. As this is written, parts of NY and NJ are entering their third week without power after Hurricane Sandy. Enterprise security will be taking a hard look at what went right or wrong and retool their policies, procedures and training. David Shepherd, CEO of the Readiness Resource Group, an enterprise resilience consultancy, contends that while testing and training are critical, the outcome is not known until the people, policy and technologies are tested in a live event.

As we close 2012, allow me to thank all the people on the Securitymagazine team that have made this another record year for us. I wish everyone a very happy and secure holiday season.

 

Please Mark Your Calendar
The Security 500 Conference, postponed on November 1, 2012 due to Hurricane Sandy, has been rescheduled for February 12th at the Roosevelt Hotel in NYC. Visit www.security500event.com for more information.


This article was previously published in the print magazine as "For Your Consideration: A Few Predictions."

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Mark McCourt

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

2014 November cover of Security Magazine

2014 November

Don't miss our 2014 Security 500 issue, with rankings, data on sectors, and other security benchmarkings, all contained within this November 2014 edition of Security magazine. Also, (re)learn the basics of lobby security and how to make the highest impact retrofit for your budget.
Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.