Challenges for CISOs are spilling over from 2022 into 2023

Challenges for CISOs are spilling over from 2022 into 2023

Ross Brewer, Chief Revenue Officer, at SimSpace points out that 2022 was plagued with technological and macro-economic upheavals, many of which will carry forward.

Across 2022, several events and trends stand out that will have a material effect on security practices in 2023. The year will also be a challenging and dynamic one for everyone in the cybersecurity space. Every organisation will need to create a culture of continuous security improvements.

The list below is a subset of what trends and challenges CISOs, CxOs, GRC teams are likely to face in 2023 that stem as a carry forward from 2022.

Ross Brewer, Chief Revenue Officer at SimSpace

East European offensive

This event has renewed our focus on the fragility of peace and the need to protect democracy, freedom of communications, and critical infrastructure. There are a host of other impacts on global economy, energy politics, and even the hacker community. Many cyber groups responded to the actions of the two sides with their own cyber tactics. Moreover, we traditionally think of wars as having four main fronts: land, sea, air, and economic. Cyber is now the fifth, and space will soon become the sixth.

Industry mentoring

Threat actors of all types, funded and supported by nation-states, groups and single activists, and criminal organisations, have stepped up their game. CISOs need increasingly sophisticated assistance from the security industry to combat these attacks. Vendors must work together, share capabilities, and provide solutions that address their security and business needs.

Remote working and skills

Remote work is now an integral part of the workforce. Talent and elite skills are always in demand, and making remote work secure will be critical to staying competitive. According to the latest ISC2 Work Force Study, the cybersecurity world is understaffed by 3.4 million professionals. The best investment for an enterprise is through tools and time spent to scale up skills. Therefore, all industries, sectors, and organisations must invest in cybersecurity training.

Stack complexity

Security stacks are too complex. They need to be simplified and consolidated to optimise protection, making them easier to administrate and contain costs. 75% of enterprises are already trying to do this, with a higher sense of urgency in the coming year.

Platform consolidation

In 2023, we will see an acceleration in the growth of the integrated cybersecurity platform. As part of the need to drive simplicity, Gartner indicates 57% of CISOs want to get to 10 or fewer significant vendors, which will create a competitive market scenario for larger security platform vendors.

Edge of the Enterprise

According to ESG, applications on the edge of the enterprise will grow by 54% in 2023. They are also more attractive targets for threat actors than the fortified enterprise datacentre. These applications are harder to protect because non-employees use them and real-time, transactional data is processed at the edge. Mitigating this risk will require new thinking, training, and processes.

Incident disclosures and persistent patching

Transparency in disclosures of threat incidents, intrusions, ransomware, will be a focus in 2023. New SEC rules will come into play and enterprises will need to get their acts together. Additionally, over 50% of breaches can be prevented with active patch management. This simple yet time-consuming task is the most useful thing security teams can do to prevent breaches.

Critical infrastructure

North America and Europe have been exposed to how vulnerable they are to energy, IoT-OT, and supply-chain risks in the past few years. According to CISA, threat actors are aggressively pursuing critical infrastructure. These systems are vulnerable due to long-life legacy systems and limited security sophistication for IoT-OT devices.

Insider threats

Organisations are facing a rise in insider threats, which is expected to continue in 2023. Organisations must be able to audit user controls, and conduct real-time risk assessments to mitigate unwarranted access to their systems.

Privacy

The approach of industry-driven data privacy regulations has meant many businesses have been exempted from this mandatory regulation. More and more countries will now become universally tough on data privacy and controls. According to Gartner, by end 2023 modern data privacy laws will cover personal information of 75% of the world’s population.

The cybersecurity industry and security decision makers will need to proactively understand the impact of the above trends on their products, platforms and business model to remain relevant in 2023 and ahead.

Browse our latest issue

Intelligent Tech Channels

View Magazine Archive