Even if the beginning of the year went largely without spectacular cyber attacks, Sergej Epp from Palo Alto Networks expects anything but a decrease in risks and threats in terms of cyber security. Essentially, he sees eight growing challenges, but also gives advice on possible solutions to most of the upcoming tasks.
With the rise and risk of supply chain attacks, factors such as cyber resilience, vulnerability assessments and the level of cyber insurance will become part of the selection criteria for doing business. Recommendation for action: Companies should classify their suppliers based on their risk situation and assess whether they are cyber-insurable or not. An important part of supplier selection should focus on their reliance on open source code - expect the review process to become more sophisticated.
Coordinated kinetic attacks
Cyberspace has always been a battleground for many nation states. In 2023, we will see an increase in coordinated activities targeting critical infrastructure, both in cyberspace and in the physical environment. In the private sector, the security of physical users from coordinated attacks that abuse IoT or OT systems will be a key concern. Action: Autonomous security fusion centers that combine cyber and physical elements can act as an early warning system to detect and respond to these attacks. Likewise, the combination of cyber and physical security teams can help coordinate responses.
Social and ecological responsibility
With digital activities expected to account for seven percent of greenhouse gas emissions by 2025, companies are turning to digital transformation as a lever to reduce their emissions. Recommendation for action: Like the CIOs, the CISOs will also specify sustainability goals in their roadmaps and must generally participate in their company's social (CSR) and ecological responsibility strategy. Cybersecurity is a game changer that not only keeps critical infrastructure secure, but also gives businesses the confidence to adopt new technologies that help achieve sustainability goals.
The EU regulatory framework
With a revised NIS (v2) and the forthcoming Cyber Resilience Act (CRA), both critical infrastructure and digital supply chains need to plan for an evolving regulatory framework in the European Union. Action: As more companies integrate digital elements into their supply chain, CISOs must work to turn evolving regulation into a future competitive advantage by considering establishing dedicated safety committees.
Ransomware & Stealth Stealers
Attackers are increasingly using stealth software and techniques to steal data without victims noticing. Unlike the ransomware business model, which demands payment, the stolen data or crypto wallets are directly sold or used while the threat actor remains hidden. Action: Attack surface management and attack detection capabilities against the organization's critical digital assets will increase significantly.
The year of consolidation
With tightening budgets and economic uncertainty, one of the key CISO metrics for the coming year will be to consolidate security resources and stop sourcing from multiple vendors to reduce risk and save costs. Policy Advice The shift in focus to converged platforms for SASE, XDR, cloud and within the SOC will be critical. Taking this a step further, security teams should align these efforts with overall business value metrics, ensuring a level of protection that commensurates with the risk appetite of the board.
Security in the cloud
The need for low-latency use cases (IoT, robots), optimal usability and regulatory concerns, such as B. data localization, will require that the data processing functions are located close to the user accessing the service. Cloud-based security services must be able to scale across an infrastructure that is increasingly dispersed and localized. Best Practice: Secure Access Service Edge (SASE) will provide the best user experience and operational performance to enable future digital growth, paving the way for viable edge computing.
Employee data gets CxOs in trouble
Driven by the transition to hybrid work practices, employee monitoring has ramped up to maintain and increase employee productivity. But where should companies draw the line? Collecting data like recording keystrokes, desktop snapshots, or even tracking employee movements can violate privacy laws like GDPR. Best Practice: When it comes to collecting data, CISOs need to put themselves in the employee's mind and ask two questions: "How much is too much?" and "What if the employee wants their data back?"
More at PaloAltoNetworks.de
About Palo Alto Networks Palo Alto Networks, the global leader in cybersecurity solutions, is shaping the cloud-based future with technologies that transform the way people and businesses work. Our mission is to be the preferred cybersecurity partner and protect our digital way of life. We help you address the world's biggest security challenges with continuous innovation leveraging the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are the leaders in protecting tens of thousands of businesses across clouds, networks and mobile devices. Our vision is a world where every day is safer than the one before.
Matching articles on the topic