Trends and approaches for cybersecurity 2023-2027

In this article we will analyze a Gartner publication that details the main trends for cybersecurity for 2023 and the coming years ( full article ). These trends have been grouped into three approaches which can define lines of action to improve from small processes to the strategic understanding of cybersecurity in the organization.

It is proposed to the reader an attitude far from the "discovery of a novelty" and closer to the observation of the interrelation of the elements that articulate risk mitigation.

Panorama

We can see that security leaders actually improve the security of their digital ecosystems when they implement controls that take a holistic view of their attack surfaces even though these are increasingly fragmented and expose some fragility in identity services. It is also true that adopting a holistic approach to security architectures helps to achieve 'secure design'.

On the other hand, we have a constant need for renewal of these protection models to support new ways of working and improve risk-based decision-making. This helps security leaders not only strive to limit exposure to new and evolving threats, but also to support business outcomes.

Approach to recommendations

Some recommendations to face this scenario are focused on:

• Optimize cybersecurity capabilities with flexible models that foster agility and wherever possible incorporate security by design. “Being able to adapt”


• Adopt the mindset of an attacker, thus prioritizing efforts in threat detection and cyber-risk mitigation. An end-to-end view of the attack surface, including vendor dependencies. “Thinking as a cyberattacker”


• Prioritize the improvement of people's behavior in order to improve and maintain the effectiveness of cybersecurity. “PEOPLE, technologies and processes”

Points to acknowledge

The increasingly distributed nature of work amplifies the adoption of cloud and third-party services. In turn, the need for end-to-end visibility into ever-expanding digital ecosystems and of course resilient supply chains increases. The regulatory environment is constantly evolving, forcing boards to take a more active role in managing cybersecurity risks. While ransomware payments are dropping, these large-scale attacks continue, honing their techniques against identity systems.

REBALANCE approach

The historical imbalance between the three traditional focus areas of cybersecurity controls (people, process and technology) is finally getting attention. Technology has long been the dominant focus for security leaders, however, evidence shows us that a focus solely on technology is limiting the effectiveness of IT risk reduction efforts.

It is increasingly recognized that people have a much greater influence on the outcomes of mitigating risk, and maintaining protection. The focus on people is now a crucial foundation for effective cybersecurity programs.

ECOSYSTEM approach

The expansion of the attack surface and threats against identity systems highlighted already in Gartner's "Top Trends in Cybersecurity 2022" report continues into 2023. There is a need to expand the horizon of threat assessments beyond the organizational environment to include increasingly critical and integrated supply chains.

As a result, it is no longer feasible to address all threats identified in the organization's digital ecosystem. A continuous approach to managing threats and driving risk-based remediation efforts is necessary.
This focus on identity systems that may be considered fragile, combined with elements of self-remediation, enhances detection and response capabilities. This helps improve preparedness and attempts to improve risk-prioritized remediation.

RESTRUCTURING approach

The increasing expansion of hybrid work models becoming the norm and accelerated digital transformation in response to changing market conditions are driving organizations to transform their security functions. Leaders are seeking a strategic approach to consolidating their protection to streamline operations and simplify vendors across key cybersecurity domains, along the way organizations face increasing challenges, both economically and from the threat landscape.

Consolidating the security platform within domains with a more open one with other platforms and point solutions allows for a "composite cybersecurity architecture”. Security leaders can balance the need for operational simplicity with other platforms and point solutions to cover more of their attack surface.

These trends or approaches should be considered holistically and not as a set of separate tasks:

REBALANCE

• Human-centered security design
Human-centered Security design (HCSD) prioritizes the role of people's experience, rather than just technical considerations, in the management of controls. Based on behavioral science, user experience (UX) and other related disciplines, it aims to minimize the main causes of unsafe employee behavior and the friction (real or not) of different controls. Traditional awareness programs must be transformed and focus on a change of mindset.


• Improving people management to sustain a security program.
In view of the talent shortage, cybersecurity leaders are shifting the focus to talent management to organically attract and retain talent. Develop learning paths and add incentives that are tailored to the preferences of each group of people. It is a challenge for HR to understand the difference between IT and cybersecurity talent, in terms of compensation and making changes to their processes.


• Increased board oversight of cybersecurity
In many cases boards are only informed, so they are not really able to drive decision-making in today's environment. Cybersecurity leaders must effectively translate technical reporting into a risk and business context, so they can be recognized as business partners on par with their executive peers. An understanding of the board's risk appetite and a definition of cybersecurity strategies aligned to business objectives are critical tools to ultimately mitigate risk efficiently.

ECOSYSTEM

• Threat exposure management
The increasing use of Cloud technologies, SaaS and its variants creates a fatigue in monitoring and protection. This greatly increases the list of priorities to diagnose and remediate ZeroDay vulnerabilities are rarely the root cause of an incident, we could prevent them before they are exploited. CTEM (Continuous Threat Exposure Management) programs emerge and the need to understand risk as a whole, including "unpatchable" elements such as human error or supply chain dependencies.


• Immunity to the identity structure
The infrastructure that provides identity services and the controls associated with their protection appears to be particularly fragile when it comes to dealing with a targeted cyberattack. A large percentage of organizations have suffered identity-related incidents in recent months. The "Shift to Identity-first" process, not only requires enabling 2FA, but an improvement in the IAM infrastructure, an inclusion of ITDR (Identity Threat Detection and Response). solutions. The initial aim is to solve well-known problems (Excessive Privilege, MFA, Detection, Integration). In short, better management


• Cybersecurity validation
Here we find ourselves in the need to continue taking steps in processes, techniques and tools for the validation of environments. The Red Team and Blue Team processes and solutions converge in a high flexibility to adapt to the real needs of organizations. The resulting elements allow us to make simpler and more effective decisions, not only for protection but also for decision making. From automated audits, evaluations of response mechanisms, to user awareness through simulation exercises. Adopt a comprehensive security validation approach not only from the initial vector but also including lateral movements and impact, not only from technologies but also including people and processes.

RESTRUCTURING

• Cybersecurity Platform Consolidation
The growing landscape shows an increase in complexity, simplifying every aspect is then critical to achieve robust improvement. Vendors are moving to an as-a-service model which benefits internal staff tasks, improving the actual functions with fewer products. Of course, it will be necessary to manage this consolidation to avoid other types of risks. Within this viewpoint, one can then prioritize suppliers that encompass a broad ecosystem of technology partners to be able to integrate and solve needs.


• Transformation of the security operating model
Changes in technologies are moving from being core IT functions to being in the field of business lines or corporate functions. IT risks have been diluted in different areas, new security teams and processes are emerging to reflect this evolution (e.g. DevSecOps, Cloud Security), today cyber-risk is practically seen as a business risk, not as a technological one. All this leaves some clarity of some factors such as the constant expansion and change, the need to refocus on people and the need to recognize that it is not viable to sustain a model based only on IT risks.


• Composite security
⦁ Composite security can be considered a necessity aligned to the modularity of the business itself. A monolithic system such as an ERP that provides all business functions is no longer real, protection must go through the same modularization. Each component by itself can be secure, but the interaction between them presents new risks that must be understood. This is where we find the need to innovate quickly, obtain agility through modularization and define the resilience of the organization.

Our conclusions
Despite the increased complexity in cybersecurity, it is clear that to properly cover all (or the main) cyber risks the recommendation remains as it was years ago, to adapt information security management to a risk-based model (of course) with enough flexibility to be deployed progressively ("step by step"), protection strategies aligned with business objectives and with an eye towards a slightly more cross-cutting understanding always including people, processes and technologies.