Trends that impact on organizations’ 2023 security priorities

Although ransomware campaigns declined quarter over quarter in 2022, primarily due to the collapse of more experienced cybercriminal groups, IT leaders still consider them to be the most worrying cyber threats.

“Aside from ransomware and the hybrid work model, in 2022, we saw an evolving threat landscape, regulatory changes, and the potential for a recession by the end of 2023,” explains Ida Siahaan, research director, Info-Tech Research Group.

“Furthermore, organizations are still facing the ongoing issues of insufficient cybersecurity resources and organization modernization, all of which impact how we prioritize cybersecurity over the coming year.”

The Info-Tech’s report focuses on data that details the likely changes in processes and IT infrastructure due to hybrid work, concerns and perceptions about readiness to meet current and future legislation, and the impact of a potential recession on security budgets.

Info-Tech Research Group advises security and IT leaders to keep the following five security priorities top of mind in 2023 as they work toward modernizing their organizations, securing hybrid work environments, and mitigating risks and cyber threats:

Maintain secure hybrid work

The pandemic changed how people work and where they choose to work, with most still preferring a hybrid work model. The initial investment to set up remote work options was extensive and requires continuous investment to maintain the secure remote work infrastructure that facilitates a hybrid work model.

According to Info-Tech’s research, security leaders must build a strong cybersecurity workforce by strategically acquiring, retaining, and upskilling talent to maintain secure systems and increase confidence in the security practice.

Secure organization modernization

Despite all the cybersecurity risks, organizations continue modernization plans due to the overall long-term benefits. These plans can include digital transformation to the cloud, operational technology (OT), and the internet of things (IoT).

Security leaders must address the risk of converging environments by combining IT and OT security to protect the entire organization.

Responding to regulatory changes

Government-enacted regulatory changes are occurring at an ever-increasing rate. Rather than treating them as a compliance burden, organizations should use these changes as an opportunity to improve security practices.

Security leaders need to identify relevant compliance obligations, implement policies and exception processes, and then track and report to ensure their remediations are effective.

Adopt next-generation cybersecurity technologies

The cat-and-mouse game between threat actors and defenders is constant. The looming question of “can defenders do better?” has been answered with the rapid development of technology.

However, next-generation cybersecurity technologies alone are not a silver bullet and require a combination of skilled talent, useful data, and best practices to gain a competitive advantage.

Governments and cybercriminals recognize the importance of emerging technologies, such as zero trust architecture and AI-based cybersecurity, and so should security and IT leaders.

Secure services and applications

Software is usually produced as part of a supply chain instead of in silos. As demonstrated by recent incidents such as Log4j and SolarWinds, a vulnerability in any part of the supply chain can become a threat vector.

To respond to this challenge, DevSecOps was developed as a culture and philosophy that unifies development, security, and operations. DevSecOps offers many benefits, such as the rapid development of secure software and the assurance that tests are reliably performed and passed before the software is formally released and delivered.

Security and technology leaders must adopt this philosophy and the latest software development best practices to ensure that each link of the software supply chain is secured.