Gartner’s Top 10 Emerging Business Risks Q2 2018 And Mitigation Strategies
by Joe Panettieri • Aug 16, 2018
What business threats keep risk, audit and compliance executives up at night? Here’s the Top 10 Emerging Risks of Q2 2018, based on a Gartner survey of professionals. We’ve added ChannelE2E’s perspectives and related links to help channel partners and MSPs mitigate and navigate the risks — for their customers and their own business health.
1. Cloud Computing
- Gartner Says: Either there is unauthorized access to sensitive or restricted information, or the cloud provider is unable to provide access to information as a result of disruption to their own operations
ChannelE2E’s Perspective: Partners should emulate the Top 50 MSPs that support Amazon Web Services (AWS), and check out Microsoft’s initial Azure Expert MSPs for thoughts on where those partners are heading. Also, check out thoughts from CA Technologies‘ Ken Vanderweel — who describes whitespace opportunities for MSPs in the cloud and digital economy. Plus, help your customers to avoid AWS user and configuration errors that lead to cloud data leaks.
2. Cybersecurity Disclosure
- Gartner Definition: The guidelines for disclosing cyberbreaches become more clearly enforced, compelling organizations to release information more quickly than in the past, possibly leading to an increased reputational and financial impact.
- Channel’s Perspective: Check out our national and international breach disclosure and cyber insurance news, analysis and research on MSSP Alert. Also, figure out how to work with a Top 100 MSSP or key managed security partner to help minimize the risk of a breach in the first place.
3. GDPR (General Data Protection Regulation)
- Gartner Definition: A specific breach of compliance with GDPR takes place from May 2018 onward, leading to a significant fine to the organization.
- Channel’s Perspective: Although we don’t believe any one “tool” or “GDPR in a box” solution can solve customer headaches, RapidFire has a GDPR offering to assist MSPs and IT service providers with customer GDPR journeys. And for those who are still trying to wrap their arms around the issues, here’s an overview and four steps to prepare for GDPR compliance, according to Capgemini.
4. Artificial Intelligence/Robotics Skills Gap
- Gartner Definition: Due to the highly technical and specific skill set required to manipulate artificial intelligence (AI) and robotics, organizations do not have the right capabilities at the right time to effectively capitalize on the opportunities associated with these technological advances
- Channel’s Perspective: When it comes to artificial intelligence and robotics, most partners are even further behind the curve than their customers. Instead of trying to automate factory floors and change the world, perhaps you should start small — and focus inward within your own company. For starters, figure out a bot and AI strategy to drive down the number of help desk tickets and security alerts your team needs to manually manage. Here’s a sampling of ChannelE2E’s ChatBot coverage.
5. Global Economy
- Gartner Definition: A slowdown in global economic growth tied to negative or near-zero percent interest rates will negatively impact organizations’ growth
- Channel’s Perspective: Our own team tends to live conservatively. That means building up a cash war chest now — so that you can remain on the offensive when an economic slowdown (or worse) sends your rivals into survival mode. Strengthen your business’s financial foundation right now: Join a peer group, and develop a plan to push your profit margins above the 20 percent mark. Focus on profitable customer engagement, business automation and customer satisfaction — before getting distracted by revenue growth.
- Gartner Definition: The current governance structure/mechanism doesn’t adequately provide assurance across the risk universe.
- Channel’s Perspective: You can’t eliminate risk. But you can prioritize and minimize risk. Start by identifying your most critical business, people and data assets. Decide which systems — if any — absolutely can’t fail. Then budget accordingly. Also, focus on the three basics of good business hygiene — essentially (1) backup and disaster recovery, (2) endpoint security and (3) patch management.
7. Artificial Intelligence Accountability
- Gartner Definition: An increase in the use of AI in organizations, whether as part of decision making or key business processes, leads to a lack of clear accountability.
- Channel’s Perspective: This isn’t exactly a topic that keeps most SMB and MSP business owners up at night. But on the other hand, you should at least have a CTO or point person who continually aligns your business needs/service catalog with emerging technologies. And that person should be responsible for how that technology is consumed … or isn’t consumed.
8. Business Ethics
- Gartner Definition: An organization is seen to be putting profits before morals and, while not operating illegally, is punished by shareholders and consumers for not doing enough to behave ethically.
- Channel’s Perspective: It all starts at the top — with your CEO and/or business owner, who should outline, communicate, enforce and abide by a code of ethics for the business.
9. Risk Aversion
- Gartner Definition: Too many controls, too much assurance, etc., create a risk-averse environment, which precludes big growth bets being taken, slows corporate speed and hinders business performance
- Channel’s Perspective: This is widespread across the channel — for partners and their customers. Thousands were late to cloud computing. Few have truly mastered modern security across cloud, network and endpoint systems. Partners should always have at leasts one R&D project cooking in the back room — leveraging a minimum viable product mentality, and a fail-fast approach to the effort.
10. Social Engineering
- Gartner Definition: Sophisticated criminals use deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes
- Channel’s Perspective: Vendors like Datto are warning their MSPs about five social engineering scams that customers must avoid. Cyber training and education to mitigate that social engineering is all the rage. Many software and cloud companies now offer training software that tests whether employees will click on phishing-type emails. The ideal: Show employees the error of their ways with a pseudo phishing message — potentially making them less prone to fall for actual phishing attacks…
For more on the topic, check out MSSP Alert’s complete Risk Management coverage.