What is a Cybersecurity Kill Chain? understanding, detecting, and preventing...Read More
Gartner analysts at the Security & Risk Management Summit in Sydney on March 28-29 have revealed their top eight cybersecurity predictions for 2023-2024.
They suggest that cybersecurity leaders should incorporate the following assumptions into their security strategies for the next two years.
According to the research, more than 90% of employees who admitted to engaging in unsecure activities during work knew the risks but continued to do so anyway. Human-centric security design focuses on the individual rather than the technology, location or threat, to minimize friction and enhance security control implementation.
However, businesses are starting to realize that a robust privacy program can help them use data more effectively, stand out from competitors, and establish trust with stakeholders. To achieve these benefits, they recommend that security leaders implement a comprehensive privacy standard aligned with GDPR to gain a competitive edge in the marketplace and facilitate growth without restrictions.
Currently, the percentage of companies with such programs is less than 1%. The deployment of a comprehensive zero-trust program involves the integration and configuration of numerous complex components, which can be daunting for many organizations. To achieve success, it is crucial to establish a clear understanding of the program’s business value. Starting with small steps and continuously evolving towards a zero-trust mentality can facilitate the implementation process and help organizations better understand the benefits of the program.
This trend poses a considerable challenge to cybersecurity leaders who must adapt to the evolving threat landscape. As a result, the role of the CISO is transforming from control owners to risk decision facilitators. To effectively address this change, organizations must shift their focus from technology and automation to employee engagement. Gartner recommends developing a comprehensive cybersecurity operating model that involves employees at all levels to influence decision making and ensure that they possess the necessary knowledge to make informed choices.
According to the research, many organizations have struggled to translate cyber risk quantification into tangible business results, despite seeing benefits such as improved risk awareness and credibility. To succeed, security leaders must focus on producing quantification analyses that align with decision makers’ needs, rather than self-directed analyses that require persuasion to gain traction.
The COVID-19 pandemic and staffing shortages have exacerbated the already high stress levels among cybersecurity professionals, making their jobs unsustainable. To address this issue, it is recommended to foster a culture of support that enables individuals to manage stressful roles effectively. By shifting the rules of engagement, organizations can create cultural changes that help cybersecurity professionals thrive.
Cybersecurity leaders should focus on demonstrating the business value of their security programs and how they can help the organization take calculated risks. This requires building strong relationships with the board and other stakeholders, and promoting a culture of risk management across the enterprise. CISOs should proactively engage with the board to provide strategic guidance and promote cybersecurity awareness.
With the growing complexity of IT environments and the proliferation of digital assets, organizations require comprehensive visibility into their attack surface and a unified platform to manage security incidents.
TDIR capabilities provide a holistic approach to threat management, leveraging exposure data to prioritize and remediate risks. Security leaders should invest in TDIR solutions that can integrate with other security tools and provide a seamless experience for security operations teams.