The increasing trend of ‘bring your own devices' to work will become the norm for businesses imminently, completely changing the face of information security.
Stephen Bonner, partner at KPMG, (pictured) says “this is an exciting time to be in the security profession. Professionals must evolve in tune with the changing technology landscape by developing both the depth and breadth of their security skills”.
Bonner adds: “There is an interesting split in the skills of information security professionals between compliance and breach management. However, enterprises are finding that even though they are stringently complying with industry regulations, they are still susceptible to breaches. There is therefore a growing demand for people with interchangeable skills. This will become more pronounced given that the way IT is delivered will further change massively within the next five years.”
While most professionals understand that it is impossible to completely prevent breaches, Bonner believes that by developing the right combination of skills, information security teams can limit violations to isolated incidents. He also suggests that this requires an open approach to security management. “In the past, the organisations that have managed security breaches openly and comprehensively have fared well, suffering little or no reputational loss – as opposed to those who have tried to cover up the situation. Denying risk is futile.”
KPMG runs workshops for companies to simulate new threats in a compressed timeline with realistic information and updates injected into the scenario. Such exercises stretch the ability of security teams. While they contribute to building a team spirit, they also highlight dynamics among members, delivering insight into the strengths and weaknesses of the team.
“The fundamentals such as technical skills and certifications are a given. Facilitating knowledge-sharing forums such as informal mentoring and buddy networks help leverage the breadth of experience within the organisation,” Bonner explains.
Enterprises that use technology to embrace new ways of working can reduce costs, increase efficiency, positively impact the environment and, ultimately, outperform those that don't. Information security professionals will play an increasingly important role in facilitating the achievement of these goals. “They must, however, concertedly enhance their skills across all aspects of security.” Bonner concludes.