The Security Snapshot: Embracing The New Norm
The outbreak of the novel coronavirus in early 2020 has created unprecedented societal and economic changes globally. Organizations in many industries and regions now face an uncertain and rapidly deteriorating economic outlook because of efforts to contain the coronavirus and its life- and health-threatening impacts. The novel coronavirus is also affecting security and risk practices at all organizations. Forrester’s security and risk (S&R) research in the first quarter of 2020 published a range of reports to help S&R pros embrace and navigate this new post-coronavirus norm. Here are some of the highlights of S&R analyst-authored research from the first calendar quarter of 2020:
- Prior to this year, the world had not faced a crippling pandemic since the H1N1 outbreak in 2009. In “Prepare Your Organization For A Pandemic,” Stephanie Balaouras, Alla Valente, and Andrew Hewitt caution orgs to dust off their latent or forgotten pandemic plans to help prepare organizations to respond to chaotic scenarios such as a pandemic. The key takeaway: Build resilient, adaptable plans so your organization is not caught unprepared by the next pandemic.
- In our “Top Recommendations For Your Security Program, 2020” report, multiple S&R analysts, led by Sandy Carielli and Sean Ryan, offer recommendations specifically designed to help organizations adjust to the novel coronavirus norm, including preparations for pandemics and climate change, management of third-party risk, and the importance of building a skills and capabilities inventory. You can also see the S&R team discussing these recommendations in this on-demand webinar.
- The changes imposed by the coronavirus are also changing the governance, risk, and compliance (GRC) function in organizations as they look to these solutions to help them better manage an increasing range of risks. Read Alla Valente’s and Renee Murphy’s “The Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2020” to learn about the leading GRC vendors and the key customer requirements driving GRC platforms.
- The quick and immediate need to make the workforce remote in response to quarantine and stay-at-home orders resulting from the coronavirus has highlighted the need for firms to secure the employee’s endpoint, which includes solutions such as enterprise, detection, and response (EDR). Josh Zelonis evaluated the EDR space in his “The Forrester Wave™: Enterprise Detection And Response, Q1 2020” and highlighted security analytics integration as a key differentiator for EDR vendors, especially as these vendors evolve their offerings into extended detection and response (XDR).
- The move to more remote work due to the coronavirus has brought authentication and remote access back into the spotlight. Given that many organizations still rely on passwords for authentication, this increased remote work is also increasing IT security risks. The good news is that many vendors have begun developing passwordless-based authentication mechanisms to provide stronger authentication than static passwords. Sean Ryan and Andras Cser explore the value of passwordless authentication and how to leverage it in their research, “Using Zero Trust To Kill The Employee Password” and “Optimize User Experience With Passwordless Authentication.”
- In 2019, over 4 billion data records were compromised. The push to more remote work from the novel coronavirus is already leading to coronavirus-specific phishing attacks and malware, meaning that the trend of data breaches will unfortunately continue in 2020. In her report, “The State Of Data Security And Privacy, 2020,” Heidi Shey examines breach trends, data security, and privacy technology adoption trends and provides actionable guidance for S&R pros to adjust their specific plans for data security and privacy.
- Any effective security program must be based on a strong security culture. Unfortunately, the security function is often siloed and may speak a different language than other functional groups, thereby exacerbating existing organizational conflicts and tensions. In Jinan Budge and Claire O’Malley’s report, “Build A Security Champions Network,” they identify how organizations can rebrand security as a business enabler instead of a business nuisance so that employees are more receptive to security policies and can protect their business, themselves, and their families.
(written with Melissa Bongarzone, research associate at Forrester)