Every cybersecurity vendor is looking at how they offer value, differentiate themselves, and ultimately grab hold of market share, creating an environment that’s ripe for big changes and consolidation, an executive from Devo tells Digital Journal.
Kayla Williams, CISO, Devo has considered how the cybersecurity market will evolve and how different scenarios will play out. These take the form of three erudite predictions.
Prediction 1: With new regulations proliferating, CISOs will have to take a new approach to the role
Williams sees the battle to maintain adequate security as impacting heavily on the role of the chief information security officer. She notes: “CISOs’ jobs are getting harder. Many are grappling with an onslaught of security threats, and now the legal and regulatory stakes are higher.”
This has become more challenging in the U.S. as the result of legislative changes. Williams observes: “The new SEC cybersecurity disclosure requirements have many CISOs concerned they’ll be left with the liability when an attack occurs. As we’ve seen with the charges against the SolarWinds CISO, these fears have merit— and we need to prepare ourselves for this. CISOs can’t just be technical experts anymore.”
So how will the role alter? Williams thinks: “Their skillset must be more well-rounded in enterprise risk management, requiring a deeper understanding of the laws and regulations in the jurisdictions and industries where their companies operate. They must also tie compliance tightly to corporate objectives.”
This will also alter the dynamics within the firm and a forward-looking company will strengthen the CSIO role. This leads Williams to find: “It’s also going to require CISOs to (more often) form alliances with other executives who will have to play a bigger role as cybersecurity becomes a board-level issue.”
Prediction 2: More sophisticated technologies mean more sophisticated new threats
Williams is concerned that the very technologies that are being used by firms to gain improvements – most notably artificial intelligence – are also being used by bad actors to direct efforts against businesses.
Williams states: “This one may be a no-brainer, but it must be said again and again. Bad actors will use AI/ML and other advanced technologies to create sophisticated attack tactics and techniques. They’ll use these tools to pull off more and faster attacks, putting increased pressure on security teams and defence systems. The pace of progress is equally fast on both sides–defenders and attackers–and that balance will continually be tested in the coming year.”
Prediction 3: Getting back to security basics takes precedence
As well as fearing more sophisticated attacks firms should take the opportunity to focus oin the security essentials. This leads Williams to think: “Ransomware attacks grow more sophisticated. Data leakage concerns are rising. And the ramifications of a breach are stiffening. The ground continues to shift under CISOs’ feet, causing many to lose sight of their security foundations. 2024 is the year to get back on track. A rock-solid inventory of all assets and devices is the core of any good security program. Without this, you’ll forever be catching up and playing whack-a-mole.”
For the best approach, Williams recommends: “CISOs should also ask themselves, “Are we doing everything we can to continuously manage vulnerabilities in both our devices and applications, do we have the right controls in place to properly regulate access management, have we tested our data recovery and backup plans, and do we even have full visibility into our environment?” If the answer to any of these questions is, “our policies and procedures fall short,” it’s important to fix it before tackling any additional projects. It’s easy to get caught up in the hype of a new, shiny solution. But the truth is that without the basics in place, you have a one-way ticket to compromise.”
