SBN

Moving the Cybersecurity Goal Posts

Moving the Cybersecurity Goal Posts

Photo Credit — Interexy.com — Top Cybersecurity Trends To Monitor In 2022–2023

Are you Staying Ahead or Falling Behind the Cybersecurity Curve?

Adaptive control, no trust, zero-trust, auto-remediation artificial intelligence, and content filter with multi-factor authentication aligning with your CASB deployment add in open-source technology, unpatched critical infrastructure, is your organization’s cybersecurity risks and compliance mandates protected?

Staying ahead of the threats or failing to respond to the growing attack velocity continues to be the 800 lb gorilla in every virtual room and zoom meeting.

“Are we more secure because we installed “X” and we compliant because we hired “Y” as our MSSP to support our XDR strategy?”

Most likely, the answer could be a flat no.

Watching clients for 28 years deploy the latest, most significant, automated, with a managed services component to solve several problems, I have yet to see the results they expect, along with seeing ongoing SecOps costs rise beyond the predetermined budget number.

Hackers, phishers, cybercriminals, inside threat actors, and supply chain impersonators continue to be more successful with their email phishing attacks. BEC, stealing data from within and compromising critical systems while departing quietly over the last three months, continue to rise globally.

Time for a new perspective? Absolutely.

Moving the Virtual Goal Posts

CISOs, CIOs, and CFO should take the rest of Q4 2022 need to consider how the organization can reshape its security strategy for 2023 and adjust its “goal posts.”

While predicting the subsequent cybersecurity breach, zero-day attack, or catching employees leaving with valuable intellectual property, how can organization re-align their expectations for SecOps, DevOps, DevSecOps, AIOps, and CloudOps going into the new year?

Take a Risk-Based Approach First.

Cybersecurity attacks in 2022 and 2023 will continue to affect organizations’ brands, bottom lines, and employees. SecOps teams and their partners in DevOps and CloudOps are fighting a lost game of attrition, especially with product security challenges.

Cybersecurity breaches will continue to become a problem in 2023. Employee burnout will lead to human and system-wide errors, creating vulnerabilities and exploits. Reducing human capital risk and delivering better working conditions for SecOps teams will help secure the organization.

Insure Risk is the Decision factor for Digital Transformation Decisions.

Most digital transformation strategies fail because of a cybersecurity attack or having an unmanageable post-deployment operations model with the new disruptive technologies.

The organization must have the resources to maintain all security operations controls, processes, and incident response cases. Organizations need more resources to sustain their SecOps events. Having risk as a core decision component for an organization to consider a transformation strategy could be an effective risk reduction strategy.

More than scaling beyond adequate data security capabilities are required for an organization to reduce its risk.

Banking on Next-Gen Everything

Often organizations develop their transformation strategies around improved or even groundbreaking technology capabilities, including world-changing technology like zero-password access to anchor their system. Yes, many technology advancements, including Communications platform-as-a-service (Cpaas) and zero-trust, have great promise in transforming a business’s technology capability with greater integrated security.

However, all technologies will have vulnerabilities resulting in increased attacks and cyber threats regardless of what vendor developed the solution. Ultimately, if the anchor technology fails or becomes compromised, is the impact on the organization less than the cost of the transformation strategy or greater? A simple risk assessment, including red/blue team engagement, and deploying a regulatory risk management platform are warranted to determine the potential impact on the organization.

Conclusion

Cybersecurity’s velocity of attacks will continue to grow. Potential vulnerabilities will always exist.

MSSPs, adaptive AI, and XDR are capabilities, not solutions. People are the solution. Employees have the abilities and expertise how to use these capabilities correctly. Trust them.

Employee experience protects the user experience.

People are worth the investment to lower organizational risk.

All the best in 2023,

John

*** This is a Security Bloggers Network syndicated blog from Stories by John P. Gormally, SR on Medium authored by John P. Gormally, SR. Read the original post at: https://jpgormally.medium.com/moving-the-cybersecurity-goal-posts-66d1dd1de575?source=rss-160023698d42------2