The continued rise of the cloud, artificial intelligence and other emerging technologies, as well as economic uncertainty and a volatile threat landscape, all could pose significant challenges to digital trust professionals in 2023.
A new series of ISACA Now blog posts looking ahead to the 2023 landscape provides several actionable tips for professionals in fields such as IT audit, cybersecurity, risk management and data privacy.
On the audit and assurance front, Varun Prasad, Senior Manager (Cloud), Third Party Attestation, BDO USA, thinks auditors need to recognize and prioritize shifting industry dynamics such as cloud native DevOps, cloud security posture management and privacy engineering.
“As we look to 2023, traditional audit approaches that were used to evaluate legacy IT environments will not make sense for the decoupled cloud native architecture of today’s world,” Prasad writes in his ISACA Now blog post.
Similarly, Dr. Lisa McKee, Ph.D, Director of Governance, Risk, Compliance and Privacy, Hudl, thinks that 2023 will not be business as usual for privacy professionals, but rather create heightened urgency for privacy leaders to configure programs that properly prioritize emerging dynamics such as the weaponization of personal data, regulatory convergence and the rise of privacy engineers.
“One guarantee in 2023 is privacy will become more important than ever for many organizations as the regulatory landscape continues to evolve,” McKee writes. “This increased privacy risk will drive the need for everyone to be involved to solve the problem, including regulators simplifying the burden with overarching privacy laws that are not industry-specific.”
From a risk management perspective, amid such a volatile business landscape, it is becoming increasingly important for risk professionals to work closely with executive leadership to gain clarity and momentum behind how the risk function can advance the organization’s overarching goals.
“Work with senior leadership to incorporate an omni-communication cadence, alongside strategic initiatives, that speaks to risk management’s role with the organization and showcases the importance of risk management exercises within the broader context of the strategic plan,” writes Kerris Lee, MBA, PSM, Global Director of Enterprise Risk Management, ISACA.
While business and technology trends continue to evolve, the people piece remains paramount across the digital trust disciplines. Samantha Hart, a global chief information security officer, writes that amid the fast-moving technology shifts, it will be essential for practitioners to lean into the human qualities and judgment that make them indispensable.
“Working in cyber and GRC, we are keen to see risks mitigated and controls applied, but the biggest risk to a business is that it doesn’t survive, and we need to be clear that our job is to help the business grow by protecting what it cares about and being trusted advisors, not the people who say NO,” writes Hart. “Speak to your department heads, go for a coffee and find out how you can support them.”
To read the series of blog posts looking ahead to 2023 in audit, security, risk and privacy, visit 4crt.rf518.com/blog.