CEO and board member at Optiv, a cyber advisory and solutions leader.
Legend has it that in 390 BC, the Romans were forewarned of the Gaul’s impending attack by a simple, highly sophisticated protection system—honking geese.
Today, amid the dizzying speed of digitization, our world has grown infinitely more complex. With every innovation and digital transformation effort, there are equally skilled and well-capitalized adversaries looking to exploit those advancements to make an easy buck. With a ransomware attack every 11 seconds and cybercrime damages expected to cost the world $10.5 trillion by 2025, up from $3 trillion in 2015, the need for cybersecurity has never been more imperative.
Now is the time to shore up defenses. And while we may not have an easy button like honking geese, here are five cybersecurity trends to prepare for in 2023.
There will be a great debate over integration or reduction of cybersecurity tools.
The average midsized client has between ~45 to 76 technologies. Architecting a strong tech stack that’s both integrated and efficient while still driving business outcomes is often two sides of the same coin. On one hand, some argue that tech consolidation and rationalization is the answer, while others say that the number of tools isn’t the challenge, but integrating them.
With inflation at a 40-year high and a potential recession looming, we’ll see laser-focused rationalization of all security assets in 2023. Spending on cybersecurity solutions will remain strong, so ultimately, we’ll see integration emerge as the clear winner. Integration that ensures security tools work in concert, not isolation, so security teams have a complete picture of their security profile and can put appropriate strategies in place to reduce risk.
Enterprises will lead the long-run market in security delivered as a service.
The largest enterprises allocate significant budgets to on-premises security tools. With the average cost of a breach coming in at $9.4 million, there’s too much at stake to do anything less.
This leaves smaller to mid-sized companies without Fortune 50 budgets with a “can’t afford to build it, but can’t afford not to have it” dilemma that will increase demand for outsourced cyber teams and technology. This an opportunity I expect industry enterprises will eagerly accommodate by broadening their software-as-a-service (SaaS) solutions to benefit businesses of all sizes.
Cybersecurity expertise will earn a seat on the board.
Boards will continually be held more accountable for their company’s cybersecurity posture. For instance, in the Spring, the U.S. Securities and Exchange Commission (SEC) expects to ratify a proposed new set of cybersecurity disclosure rules. If passed, these rules would, in part, require public companies to disclose whether any members of their board of directors have cybersecurity expertise.
Add to that the fact that fully 78% of U.S. board members believe their companies are at risk of a “material” cyberattack in the next year. You can bet we’ll see an increasing push to add board members with cybersecurity expertise.
A national cyber corps for security training will be critical.
We’ve been battling the cybersecurity talent shortage for more than a decade, and as the need for more cyber professionals continues to climb, this delta is only projected to get worse. Indeed, there are 3.5 million cybersecurity job openings worldwide.
We will see the federal, private and public sectors put more emphasis on filling these roles. One way to help solve the talent shortage crisis is to build a National Cyber Corps that would fund and assist in the recruitment and training of people to fill critical cybersecurity jobs. Beyond apprenticeships, a National Cyber Corps could allow workers to flex through different client organizations and solution providers to put in “tours of duty” that fills needed job gaps and gets people back to work with needed skills. Making this a reality will require a massive public/private partnership with support from the White House, solution providers, education officials and other parties.
Operational technology reference architectures will be in high demand.
OT attacks are already a big risk, but it can be easy to overlook them in the face of ransomware, supply chain, phishing and other attacks that have dominated headlines of late. Gartner predicts that by 2025, attackers will have weaponized operational technology environments to successfully harm or kill humans. Cyber-physical security threats are no insignificant matter and will only escalate in 2023.
With bad actors preparing to launch devastating OT cyberattacks against companies and critical infrastructures, it falls upon us to stay one step ahead. This means in 2023 and beyond, if you don’t have a strategy for both playing and winning in this space, you will be left behind.
Despite the global state of current uncertainty, businesses—optimistic by nature—will continue to seek acceleration and potential with each new day. It’s what they do. As security professionals, our role will be to help unlock their collective potential with cybersecurity counsel and solutions that anticipate and defend against the unforeseen. Creating forward-leaning confidence that helps businesses accelerate their futures.
I trust you’ll agree. If not, there are always those geese.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?