Rapidly changing geopolitical dynamics, economic recession, digital transformation activity, and cybersecurity trends are driving uncertainty into the new year. Now more than ever, CISOs must stay on top of developments and keep operations flexible to adapt in rapidly changing security environments.
Based on real client cases and experiences from more than 40 of our global cybersecurity experts, the CISO Radar: 2023 examines the key security challenges and trends to expect in the months to come.
Here are 4 key trends we’ve identified that every CISO should know going into the new year.
Security tech is evolving to keep up with cyber attackers
Bad actors are expanding on the popularity of ransomware with “double extortion” attacks, which both encrypt and exfiltrate sensitive data to maximize leverage when extracting payments.
However, cybersecurity investments in integrated incident response teams and protective tools are disrupting a growing volume of attacks against large organizations. Specific trends include:
•
The 3 anti-ransomware pillars. Workstations and devices remain a primary entry point for attackers. Deploying multi-factor authentication (MFA), Endpoint Detection and Response (EDR), and Active Directory (AD) monitoring are essential to protect directories and preserve security perimeters
•
Shifting security teams left. CI/CD platforms are prime targets for cyber attack. Companies are placing DevSecOps approaches at the heart of developmental teams as early as possible to ensure cohesive safeguards throughout the Software Development Life Cycle (SDLC)
•
Establishing Vulnerability Operation Centers (VOC). VOCs pre-emptively identify vulnerable points, securing them with continuous review and remediation processes
•
Third-party risk management. Comprehensive reviews of incident management, vendor integration into access systems, and vendor cyber resilience are crucial to reinforce effective security reporting and prevent intrusions via third parties
•
Zero Trust development. “Never trust, always verify” principles are being translated into concrete measures based on stricter IAM protocols, remote access, and micro-segmentation
Government-led cyber regulation is being strengthened
Governments worldwide are stepping up cyber regulation initiatives to keep pace with evolutions in technology, particularly for the financial sector. Efforts are focused on introducing mandatory operational resilience and standardizing security regulations for products, platforms, and best practices.
United States
•
Organizations like the New York State Department of Financial Services (NYSDFS) are providing needed support to companies facing recruitment and financial issues
Europe
•
The Cyber Resilience Act establishes common protection rules for connected products
•
The updated Network and Information Security (NIS2) directive enforces critical cybersecurity infrastructure requirements for businesses, and holds management responsible for regulatory infringements
•
The 2022 Digital Operational Resilience Act (DORA) requires businesses to take action on operational resilience capabilities
•
The European Cybersecurity Certification Scheme for Cloud Services (EUCS) and European Union Cybersecurity Agency (ENISA) are introducing security classification standards for cloud solutions
Asia
•
Regulatory efforts are focused on privacy protection, with different approaches and objectives dependent on the country
While the regulatory drive acts as an effective lever to release funds and deploy security programs, they are also a cause for concern. Adhering to standardized regulations mobilizes substantial cyber resources, and takes teams away from other high value-added work.
Further, general regulations do not apply to every business, and can create a disconnect between compliance and business priorities. Required modifications to information systems can introduce unnecessary complexity and inflict process inefficiencies on operational enterprises. Businesses must engage with regulators and represent their needs as functional and legal frameworks are optimized.
CISOs are evolving into CSOs
CISOs are increasingly expected to fulfill functions beyond their traditional technical and legal competencies. Several factors driving the expansion of CISO responsibilities include:
•
Recession cost cutting. As businesses continue to streamline their enterprises, executives are expected to do more with less – expanding both daily tasks and strategic mandates
•
Recruitment and retention difficulties. A tight IT labor market has made team management, training, and progression must-haves for businesses to attract and retain talent. CISOs are assuming a managerial posture to ensure the talent pipeline continues to flow
•
Integrated security architectures. Information security’s position at the heart of disparate security services has made it a business-critical function. Consolidating the various services would enhance efficiency and cohesion – and CISOs are best positioned to fill the role
The result is the Chief Security Officer (CSO) – a natural evolution of the CISO. CSOs leverage digital expertise to integrate and optimize every aspect of enterprise security – from physical and financial to operational resilience and anti-fraud.
Given the scope and power of the CSO role, providing the training, technical expertise, and administrative support they need to succeed is a top priority.
“Cyber protectionism” will complicate global security and data architectures
Geopolitical instability and the proliferation of state-sponsored cyber-espionage are fragmenting the Internet. “Cyber protectionism” is rising as regions tighten their regulations for local technologies, forcing companies to adapt their information storage and systems.
The fragmentation effect will have major consequences for international groups. Global security will increasingly rely on disparate systems based in regions with diverse regulations and compliance requirements, making a cohesive approach to security architecture more complicated. International data exchanges will also become areas of legal risk, as transfers must avoid violating local regulations while in transit.
Measures to isolate and contain regional operations under cyber attack have already been developed. But fragmentation will not affect companies in the same way, and custom solutions tailored to specific enterprises are critical to enable rapid responses and effective impact mitigation.
As geopolitical contexts, investments, and technologies mature and evolve at breakneck pace, it can be difficult to separate speculation from analysis. Read the full CISO Radar for trend projections and breakdowns based on real client business experiences.
Get up to speed on the latest security developments and prepare for a turbulent year ahead.
Wavestone
Our team is a blend of high-quality talent from all levels who can tackle your most complex issues with a fresh approach. With a globally connected network of 4,000 employees, Wavestone is designed to help you get results. All our consultants thrive on complex challenges, enjoy blazing new trails, and are committed to your organization’s success.
Endpoint Explosion: Cybersecurity in the Hybrid Workplace Era
Mar 16, 2023
The rush to adopt hybrid work arrangements has led to a surge in endpoints as personal devices across platforms access critical systems. We’ve compiled best practices to secure endpoints across 3 areas of security architecture.
Moving in Synch: Aligning Cloud Strategy and FinOps Practices
Mar 09, 2023
Synergy between your cloud strategy and FinOps practices is essential to achieving effective cloud cost optimization. Here are 4 operational areas where cloud strategy-FinOps cohesion is vital and how to foster synergy between them.
Have a Question? Just Ask
Whether you're looking for practical advice or just plain curious, our experienced principals are here to help. Check back weekly as we publish the most interesting questions and answers right here.