Cyber security must become more user-friendly in 2022

The report identifies a growing demand for a frictionless experience, unencumbered by ever-changing passwords and multiple layers of digital identification. Business value and user experience will be the focus for cyber security: enabling users rather than restricting them. CISOs need to become 'influencers' rather than 'enforcers' as security becomes a shared responsibility model, owned by everyone. 

"The threat landscape is expanding. Cybercriminals are as entrepreneurial as ever and using increasingly sophisticated tools and technologies. In this fluid environment, we believe Chief Information Security Officers (CISOs) and their teams should adopt a mindset of enablement — cyber security is no longer just about prevention," said Gordon Archibald, National Lead – Cyber Security, KPMG Australia.

AI and automation are also set to play an increasingly significant role as organisations adopt a 'zero trust' mindset. This places identity at the core, with organisations able to evaluate whether a user is properly authenticated, isolate the resource they are attempting to access, determine if the request is from a trusted, stolen or third-party device, and confidently decide whether access should or should not be granted.

The report makes several recommendations for embedding zero trust mindset, including:

committing to creating a frictionless experience to enhance user and customer experience by streamlining authentication and identity management

automating security functionality to enable highly skilled professionals to focus on more strategic activities\Accept that adopting a zero-trust approach is a journey – it takes time to implement.

Matt O’Keefe, ASPAC Cyber Leader, KPMG commented: "The emergence of zero trust represents a mindset shift in which the cyber team assumes compromise in connection with system access, and makes security decisions on the basis of identity, device, data, and context. With users demanding ever-faster access, and cloud-centric structures expanding the attack surface, existing security solutions and resources may not be formidable enough to adequately protect data as it moves through the network." 

Eight key cyber security considerations for 2022

Expanding the strategic security conversation. Change the conversation from cost and speed to effective security to help deliver enhanced business value and user experience.

Achieving the x-factor: Critical talent and skillsets. Transform the posture of CISOs and their teams from cyber security enforcers to influencers.

Adapting security for the cloud. Enhance cloud security through automation — from deployment and monitoring to remediation.

Placing identity at the heart of zero trust. Put IAM and zero trust to work in today’s hyperconnected workplace.

Exploiting security automation. Use smart deployment of security automation to help realise business value.

Protecting the privacy frontier. Move to a multidisciplinary approach to privacy risk management that embeds privacy and security by design.

Securing beyond the boundaries. Transform supply chain security approaches — from manual and time consuming to automated and collaborative.

Reframing the cyber resilience conversation. Broaden the ability to sustain operations, recover rapidly and mitigate the consequences when a cyberattack occurs.