Tattleware will degrade employee experience by 5% and increase insider threats. With Anywhere Work here to stay, employers have added platforms that add insights into employee activity and productivity. But employee backlash against what they perceive as surveillance tools and employer overreach will also impact insider threat programs. Employees might confuse security tools for productivity platforms and react poorly, eroding the security team’s ability to detect insider threats. Security leaders will need better messaging, policies, and clarity around insider threat programs to avoid being lumped into surveillance platforms masquerading as productivity tools.
By Jeff Pollard, VP and Principal Analyst, Forrester
Nearly 60% of security incidents will result from issues with third parties. Hyper-efficiency leads to fragility, as seen over the last two years with just-in-time supply chains. More and more companies will reduce their concentration risk by adding more suppliers in a shift to just-in-case (JIC) supply chains. More suppliers bring more connectivity, and more connectivity brings more opportunities for intrusions, which equals more risk that one of those suppliers will serve as the bridge into your environment. Improving the maturity of your third-party risk program and adopting zero-trust approaches will help reduce the likelihood and impact when it happens.
At least one security vendor collapses in an Enron-Theranos-esque scandal. In recent years, record levels of investment and merger & acquisition activity give us hope that cybersecurity problems will start getting solved. And more capital flows in every day. Plenty of unsolved problems still exist, but easy access to capital also incentivizes fraudsters and charlatans to exploit investors, shareholders, and customers. At least one vendor will get brought down by “accounting irregularities” in the next twelve months. Security leaders should diversify their vendor portfolio, think twice about publicly endorsing early-stage vendors as public customer references, pay special attention to vendor-provided financials and compare these with what’s provided to regulators or investors to identify potential areas of concern.
Views expressed in this article are personal. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.