Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security, and compliance solutions, today released seven predictions for 2023 that every CISO should digest.
“When it comes to the cyber threat actor, 2022 was a year much like any other. They continued to evolve — to automate more and use more sophisticated methods. Unfortunately, when it comes to cybersecurity, the last three years stand out. Yes, the region’s security professionals played the usual parallel game of catch-up to the threat actors’ rapid evolution, but changes to their own IT environments have tied SOCs’ hands more than usual. They no longer protect simple, on-premises environments. The cloud, third-party services, shadow IT, and more, plague cybersecurity professionals to an alarming degree,” commented Paul Baird, CTSO at Qualys.
Against this backdrop, below are the seven predictions that Qualys believes will shape the threat landscape in 2023.
More accountability for CISOs
CISOs’ repeated calls for more investment in the security will finally be heard and the role will be granted more autonomy, but at a price. Organizations will expect their security leaders to justify expenditures, actions, strategy, policies, KPIs, and more.
Machine learning will combat alert fatigue and SOC burnout
Threat actors automate and have become more effective because of it, but the security professionals tasked with stopping them are complaining that they do not have the tools to do so. Basic endpoint detection and response (EDR) is insufficient to dial down the noise and allow SecOps teams to zero in on genuine threats and boost morale. Advanced machine-learning-powered analytics is the answer, and in 2023 it will play a bigger role as highly regulated industries try to address their cybersecurity talent shortages.
More support for neurodiversity
The region has made some important steps in diversity and inclusion, with most having concentrated on gender and people of determination. In 2023, a significant leap can be made in closing talent gaps if organizations look to neurodiversity. Studies strongly suggest neurodivergent individuals gravitate towards more technical, insular roles, avoiding managerial positions or those that involve public speaking or customer contact. As soft skills become increasingly important, and skills shortages persist, it will be necessary to address neurodiversity by training managers to recognize it and support each team member properly. If not, recruiters will have to hire CISOs for their soft skills, but they may lack technical experience, and will also be unfamiliar with the digital environment they inherit.
More focus on supply-chain risks
This year, CISOs must look to the SBOM (software bill of materials) to understand all the elements of the technology stack and their dependencies. Some of these will be deployed and maintained by third parties and can be weak points even for organizations with robust security postures. The supply chain must now be seen as integral to cybersecurity strategy, and if necessary, enterprises must support their suppliers in reaching higher levels of maturity. The SBOM will be an indispensable tool in understanding the chain, the gaps that must be plugged in, and who must plug them.