Introducing our new monthly blog series, “The Security Snapshot,” which will curate and highlight key pieces of research from the security and risk (S&R) team.

Last week at RSA Conference, vendors and security professionals discussed the newest cybersecurity innovations, the future of the industry, and some much-needed improvements. To start off the conference, Microsoft and Google/Alphabet fulfilled our prediction by both launching new cloud-based security analytics tools. Traditionalist S&R pros should set aside their doubts and realize the potential advantages of these types of tools, not only to their own organizations but also to the entire industry. Additionally, we saw both fresh interest and improvements to established topics such as: cryptocurrency trends, ethics, reputation, diversity, government, privacy regulations, etc.

In the same vein, our team has been writing about new trends in the security and privacy industries, including new regulations and how to protect your business from threats of emerging technology. Business-savvy security and risk professionals will anticipate the needs of their business and prepare to act as trusted advisors. By staying informed of potential new business risks, S&R pros gain the opportunity to help leaders make early and informed decisions. We provide a starting point in keeping up to date with emerging threats:

  • Use the forthcoming California Consumer Privacy Act (CCPA) as a springboard to continue to build a global privacy program at your firm. In Enza Iannopollo’s newest report, “Tackle The California Consumer Privacy Act Now,” she describes the commonalities between the new CCPA regulation and the European GDPR. Read the full report to find guidance on how to repurpose your GDPR program to address the CCPA.
  • Although cryptocurrency has been around in some form for a decade, as it gains popularity and a wider variety of businesses are beginning to accept cryptocurrency as payment, security and risk professionals need to address the risks posed by this nontraditional payment method. Our security and risk analysts discuss the traction of cryptocurrency in business and potential security threats in the new report, “The Security Of Cryptocurrencies.”
  • Nearly every industry has undertaken its own digital transformation — including the business of insider threat. Rather than having to meet up in the physical world, the internet connects buyers and sellers of sensitive data via the dark web. In his new report, “How Insiders Use The Dark Web To Sell Your Data,” Joseph Blankenship explores the online marketplace for a variety of confidential information and how security and risk leaders can protect their companies.

In 2019, the more established security and risk technologies and processes continue to change the way they look and feel. Good security and risk professionals will adapt to the changes, and we’re outlining some best practices for the advancement of the cornerstone S&R practices:

  • Business continuity (BC) and disaster recovery has been around for decades, but the scope and threats are dynamic. In my latest report with researcher Sal Schiano, “The State Of Business Continuity, 2018,” we discuss the results of our annual survey on BC and disaster recovery and uncover the ways business continuity affected firms’ top and bottom lines in 2018. Most notably, firms are unprepared for impending environmental risks from climate change. Read the full report for more insights.
  • Application security is not new for security and risk professionals; however, new developments have changed the way we should be thinking about application security in 2019. In her new report, “The State Of Application Security, 2019,” Amy DeMartine discusses the new measures being taken by application developers and security professionals to curb the prevalence of application breaches. One of these methods is prerelease testing to identify problems before the application is released into the wild.
  • With the increasing prevalence of internet of things (IoT) technologies, traditional critical infrastructure is a growing target for cyberattacks. In Merritt Maxim’s recent report, “New Tech: Industrial Control Systems (ICS) Security Solutions, Q1 2019,” he discusses the market for ICS security solutions and how it can protect critical infrastructure.


(Written with Elsa Pikulik, senior research associate at Forrester)