A CISO’s Prediction

We find ourselves at the familiar time of year where CISOs are assessing their challenges and priorities for the foreseeable future. Sorting out which cybersecurity initiatives need the most attention can be overwhelming. Mixed economic signals and uncertainty worldwide are also complicating the planning season.

Security Budget Benchmarks

Cybersecurity incidents don’t take a break because of an economic slowdown or geopolitical tensions. Consequently, global spendings on information security and risk management products and services is forecast to grow 11.3% to reach more than $188.3 billion in 2023 according to Gartner. Cloud security is the category forecast to have the strongest growth over the next two years.

The goal will be to prioritise security solutions that protect your relevant workloads and to be prepared when the inevitable attacks and breaches occur. As a guideline, here a few key cybersecurity domains that Forrester recommends increasing or defending investment in:

API Security

The sheer number of rogue APIs (“deploy and forget”) deserves closer attention. A recent survey of 600 senior cybersecurity professionals in the U.S. and UK found that 76% of respondents experienced an API security incident in the last 12 months. Consistent with their zero-trust ambitions, CISOs need to adopt a least-privileged access approach to API – including proper authentication and authorization controls.

Multi Factor authentication

Single-factor legacy implementations have become unacceptable in a Zero Trust approach. MFA is still a must-have, and we should aim higher by adding (behavioural) biometric or tokens to the authentication process.

Zero Trust Network Access

Continued migration to the cloud, the move to mobile and BYOD, the convergence of IT/OT/IoT, and the sharp increase in remote working have changed how we must approach cybersecurity.  As the number of connected devices in the workplace grows, the IT and security tools previously relied on are becoming ineffective. When enterprises adopt the Zero Trust security architecture, they typically focus on users and managed devices, leaving gaps for unmanaged IoT devices (such as printers and industrial systems) and off-network devices (such as wireless keyboards and headsets). The convergence of networking and security capabilities continues to drive ZTNA adoption.

CWS, Container Security and Serverless Security

The increased use of cloud-based servers also allows less room for configuration mistakes. Exposed databases or buckets could have severe consequences for internal data, employees or your customers. Cloud workload security (CWS) helps to work across on-premise and cloud environments in an integrated fashion and adds monitoring capabilities to detect and respond to any potential security issues. Container and serverless security is still early with most security vendors today, so keep an eye on their product roadmaps for 2023.

Analytics and Automation

Legacy SIEM platforms are very effective at search and investigation of logs, but they fall short when it comes to the scale and speed of real-time threats today. A few additions are key to improve visibility, alerts quality and overall time-to-response:

• Security Analytics (SA): using big data and machine learning for near real-time threat analysis.
• Security Orchestration, automation, and response (SOAR). This is also where security playbooks come in.

Purple Team Exercises

Learn how resilient your organisation is to a cyber-attack, and practice responses in a safe environment. Crisis simulation creates an opportunity for teams and individuals to learn and maximise their effectiveness during an incident.

Balancing Investment and Risks with Business Goals

Like other business leaders, CISOs are faced with an unstable business landscape, supply chain issues and soaring inflation. Investing in carefully selected emerging technologies is needed to keep up with cyberattackers. Cutting back on legacy standalone security solutions is a way to free up budget for newer solutions in this area of real-time threats. Now is the time to focus on technologies that deliver demonstrable value and resilience against the quickly changing threat landscape.