BOSTON — Logpoint released its predictions for 2023, foreseeing that CISOs will face daunting challenges amidst global economic uncertainty and comprehensive new cybersecurity legislation focusing more on businesses’ cybersecurity practices. According to Logpoint CTO Christian Have, cybersecurity now has the attention of the C-suite, but CISOs need to up their game.
2023 is the year CISOs will be empowered — and forced — to address cybersecurity from a business perspective.
“Adversaries don’t care about risk assessments, nor does the stock market," Have said. “CISOs must ensure that the organization can protect against real threats and prove it to the C-suite, demanding more cybersecurity than ever due to the NIS2 directive and grim economic outlooks.”
Have predicts five major developments in cybersecurity in the coming year.
1. The CISO will be caught between a rock and a hard place.
The new EU NIS2 directive demands that many organizations strengthen security significantly, while a looming recession will make the C-suite eager to save costs where possible.
“The CISOs capable of measuring cyber risk, and how effective the cybersecurity setup is, in a meaningful way for the C-suite and the technical staff will win,” said Have.
2. End-to-end technology leads the CISO out of the dark.
Cybersecurity teams manage a growing portfolio of security technologies, but it’s difficult to measure the efficacy and provide confidence in coverage.
“Converging breach and attack simulation with detection, endpoint protection, and attack surface management can lead the CISO out of the dark in 2023, uncovering broken processes and shadow IT,” Have said.
3. Security teams embrace automation.
In 2023, Logpoint expects that security teams will start taking advantage of automation - especially in the mid-market and the ability to assess automation components by meta-analysis.
“The meta-analysis will help drive the CISOs agenda with the C-suite to make the right decisions,” said Have. “It'll make it easier for CISOs to report to the C-suite about general cybersecurity performance."
4. Cybersecurity technology will protect business-critical systems.
Logpoint sees CISOs empowered to address the security limitations of business-critical systems such as SAP, Oracle, and Salesforce in 2023.
"Applying cybersecurity technologies to business-critical systems will enable the CISO to ensure that invaluable information, such as intellectual property and data about customers, suppliers, and employees, will stay protected and that the organization complies with regulations," Have said.
5. The XDR bubble will burst.
In 2022, extended detection and response (XDR) reached the "peak of inflated expectations" on Gartner's Hype Cycle for Security Operations. In 2023, Logpoint expects CISOs to become increasingly skeptical of XDR, moving XDR toward the "trough of disillusionment”.
“CISOs will learn that XDR doesn't solve all their cybersecurity problems and cannot stand alone," said Have. "Even though mid-tier enterprises might still consider XDR to cover specific use cases, they'll soon recognize the need for a broader foundation.”