Although ransomware campaigns declined quarter over quarter in 2022, primarily due to the collapse of more experienced cybercriminal groups, IT leaders still consider them to be the most worrying cyber threats. To help security leaders explore important 2023 security trends and customize the associated priorities for their organizations, global IT research and advisory firm Info-Tech Research Group has published its annual industry resource, the Security Priorities 2023 report.
Info-Tech’s Security Priorities 2023 report will help security leaders identify their organizational needs and analyze their capabilities in order to plan their priorities for the coming months.
“Aside from ransomware and the hybrid work model, in 2022, we saw an evolving threat landscape, regulatory changes, and the potential for a recession by the end of 2023,” said Ida Siahaan, research director and lead analyst for the report. “Furthermore, organizations are still facing the ongoing issues of insufficient cybersecurity resources and organization modernization, all of which impact how we prioritize cybersecurity over the coming year.”
Info-Tech’s annual security priorities are based on primary data obtained from interviews with security and IT leaders, as well as from the firm’s 2023 Tech Trends report and upcoming State of Hybrid Work in IT: A Trend Report, set to be released in March 2023. The security priorities report focuses on data that details the likely changes in processes and IT infrastructure due to hybrid work, concerns and perceptions about readiness to meet current and future legislation, and the impact of a potential recession on security budgets.
The firm advises that security and IT leaders keep these five priorities top of mind as they work toward modernizing their organizations, securing hybrid work environments and mitigating risks and cyber threats:
- Maintain Secure Hybrid Work – The pandemic changed how people work and where they choose to work, with most still preferring a hybrid work model. The initial investment to set up remote work options was extensive and requires continuous investment to maintain the secure remote work infrastructure that facilitates a hybrid work model. According to Info-Tech’s research, security leaders must build a strong cybersecurity workforce by strategically acquiring, retaining and upskilling talent to maintain secure systems and increase confidence in the security practice.
- Secure Organization Modernization – Despite all the cybersecurity risks, organizations continue modernization plans due to the overall long-term benefits. These plans can include digital transformation to the cloud, operational technology (OT), and the internet of things (IoT). Security leaders must address the risk of converging environments by combining IT and OT security to protect the entire organization.
- Responding to Regulatory Changes – Government-enacted regulatory changes are occurring at an increasing rate. Rather than treating them as a compliance burden, organizations should use these changes as an opportunity to improve security practices. Security leaders need to identify relevant compliance obligations, implement policies and exception processes, and then track and report to ensure their remediations are effective.
- Adopt Next-Generation Cybersecurity Technologies – The cat-and-mouse game between threat actors and defenders continues. The looming question of “can defenders do better?” has been answered with the rapid development of technology. However, next-generation cybersecurity technologies are not a silver bullet and require a combination of skilled talent, useful data and best practices to gain a competitive advantage. Governments and cybercriminals recognize the importance of emerging technologies, such as zero trust architecture and AI-based cybersecurity, and so should security and IT leaders.
- Secure Services and Applications – Software usually is produced as part of a supply chain instead of in silos. As demonstrated by recent incidents such as Log4j and SolarWinds, a vulnerability in any part of the supply chain can become a threat vector. To respond to this challenge, DevSecOps was developed as a culture and philosophy that unifies development, security and operations. DevSecOps offers benefits such as the rapid development of secure software and the assurance that tests are performed reliably and passed before the software formally is released and delivered. Security and technology leaders may want to adopt this philosophy and the latest software development best practices to ensure each link of the software supply chain is secured.
Info-Tech’s latest priorities report also includes recommended actions in addition to templates for security and technology leaders that can be used to explain each of the priorities to their stakeholders.
Download and read the full Security Priorities 2023. To learn more about Info-Tech Research Group, visit infotech.com
