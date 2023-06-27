A man uses a laptop at a coffee shop in downtown Hanoi. - AFP

During the course of the year, there has been a stronger government push toward ‘security by default’. This is concerned with taking a holistic approach to solving security problems at root cause rather than treating the symptoms and acting at scale to reduce the overall harm to a particular system or type of component.

The approach covers the long-term technical effort to ensure that the right so-called ‘security primitives’ are built into software and hardware (these are low-level cryptographic algorithms that is used as a basic building block for higher-level cryptographic operations or schemes). This approach further covers the need to ensure that those primitives are available and usable in such a way that the market can readily adopt them.

Aleksandr Yampolskiy, CEO and Founder of SecurityScorecard has looked at this trend and explained the current tendencies to Digital Journal: “According to Gartner, digital immune systems that deliver resilience and mitigate security and operational risks will be a key strategic technology trend.”

Yampolskiy adds: “We’ve already seen considerable mentions of security by default practices in the past several months within CISA’s Strategic Plan for 2023 – 2025 and the White House’s Guidance on enhancing software supply chain security.”

In terms of signals from government, Yampolskiy expects that “we’re going to see increased guidance and legislation surrounding secure development practices that include specific metrics and timelines for federal agencies. As technology companies seek government contracts in the coming year, it will be increasingly crucial that they collaborate with the public sector and look at these government regulations as a baseline to build foundationally secure software.”

There is a further impact on businesses. Yampolskiy notes that in terms of the evolution of cybersecurity, CISOs are now being required to connect ‘cyber risk’ to the broader business to keep their jobs.

Here Yampolskiy finds: “It’s no secret the economic downturn has meant significant budget cuts for many companies. As cyber threats escalate, cybersecurity investments are either staying put or increasing in 2023—that is, only if security teams can rightly prove the value of their cybersecurity programs to senior leadership and the board. However, the majority of CISOs are struggling to effectively express the business impact of cyber risks to their board. In 2023, this ability will go from a nice-to-have to a must-have, and we will see an influx of CISOs losing their jobs if they can’t adapt.”

Yampolskiy adds further: “With the economy remaining uncertain next year, CISOs will feel increased stress from their board and senior management to justify the spend on their cyber tech stack. To ensure their security program is well-financed, CISOs will need to set specific management-level cyber metrics that can help them properly articulate whether the cybersecurity products and tools they have purchased provide a sound return on investment.”