The fast pace of the growing complexity of cyberattacks is challenging project management approaches. Understanding information security trends and threats help project managers see the importance of integrating cybersecurity from the beginning of the project management.
Why do trends in cybersecurity matter?
Project managers should take advantage of trends to define a way to integrate cybersecurity at the project to ensure visibility of cyber risks and alternatives for resource optimization to keep the project on time, and on budget.
On Projectified® with PMI: episode about Strategy - Trends in Cybersecurity, they bring us a vision of how the future of project management is changing very quickly, considering:
● Increasing Cybersecurity risk, due to digital transformation, moving to the cloud, integrating the internet of things.
● The biggest risk factor to be managed now is people. Team members don't even know they pose a threat. That's why the cybersecurity team should be involved early on the project aiming to determine the level of vulnerability of the team project and also helps them to develop their own ability to spot cyber risks.
● Working with the PMO to get cybersecurity experts involved earlier in the planning process. Applying a checklist before the project starts, to let the project manager know that it can extend the project schedule and can also add some extra costs, cycles for cybersecurity reviews, and approval.
● A shift in an organization's culture is a challenge and takes time to start thinking about cybersecurity across the entire company or across all of its processes. For example, in project management meetings for new projects and technology, being on the agenda "Have cybersecurity approved this?" "Do they need to review this?".
● Being able to approach the cybersecurity team and have a risk assessment done on the project early on would be much less painful than having to have it done later.
● The highest skills for project managers would be building relationships with the corporate cybersecurity teams. They can really help develop strategies that will not only meet the cybersecurity requirements but help you build working solutions.
What are some current trends in cybersecurity?
The government, public sector deal with ongoing and persistent cyber threats and risks. The project manager should be familiar with that. So, following global cybersecurity experts as Mikko Hypponen and Bruce Schneier, also PMI and Gartner will help you to be aware. Let's take at a glancing look at some trends:
1. The velocity and creativity of attacks continue to grow. It takes us to a reality in which the attackers continue to exploit widely tools, tactics and techniques to achieve a growing range of goals, and are innovative using Artificial Intelligence to improve their techniques in several areas, including phishing. And releasing Ransomware version 2, which consists of the additional threat of posting the victim's captured data on a public website.
2. Security process automation is emerging. Automated processes include continuous risk assessments and autonomous incident response, helping to improve operational efficiency. For this, machine learning comes to solve the security skills gap, also using artificial intelligence defending against attacks based on artificial intelligence.
3. Regulatory data protection and privacy challenges will continue to grow in response to digital business's appetite for personal data. Data is the new oil, as a result, privacy has become a co-driver of corporate strategy, reinforced by considerable financial penalties for non-compliance with recent regulations such as the GDPR. In addition, long-term impacts on customer trust and prevention of damage to the brand.
The project managers are increasingly having to deal face to face with cyber threats and risks, and should be prepared to integrate cybersecurity from the beginning of the project management process, perform a proper risk assessment, including key resources on budget estimation, team management, time management and risk evaluation.
Whereas project managers and each team member shares responsibility for data security. Constant communication with team members, and clear objectives at each stage are required, mainly be aware about information security practices to spot phishing or social engineering attacks.
Having in mind that security plays a vital role at each phase of the project, so involving cybersecurity experts is a valuable approach to support in the planning and implementation of the project. Also knowing the impact of data protection and privacy in the project and be able to adopt strategies for incident response.
Don't be intimidated by technical terms, understand the concepts, and include cybersecurity trends in your decision-making and project management process.