2023 security predictions from Zscaler’s EMEA CISO
December 2022 by Marc Lueck, CISO EMEA at Zscaler
2022 has been a turbulent year, with rocketing energy prices, political upheaval, and an economy that takes twists and turns, as well as companies building back up from the impact of the pandemic.
In the technology sector, organisations continue striving to transform their operations to maximise gains from automation and digitisation and stay competitive. So, what will 2023 hold? Marc Lueck, CISO EMEA at Zscaler shares his top predictions:
1. Cybersecurity will be called on to do more with less: Businesses will ask their cyber leaders to slow down purchasing, drive efficiencies, and reduce spend without neglecting their organisations’ security posture. Security talent will remain hard to find, prompting businesses to ensure they make the best use of security professionals’ time. Removing administrative burdens and focusing on preventive security with highly integrated security platforms will be a higher priority whilst organisations continue to improve how they spot intruders and breaches
2. AI and machine learning will boost security reaction times: Automated AI and ML-based solutions will help companies react more quickly to security incidents. According to a common rule, companies have one minute to detect a breach, 10 minutes to understand it, and one hour to contain it. AI will help shorten the time between a company being breached and the adversary being able to move through the infrastructure. Automated processes will mature to not only provide visibility into data streams, but also act. This will take manual tasks such as alert correlation off the security providers and professionals responsible for monitoring alerts
3. Security transformations will no longer be stalled to establish the basics: In the past, security professionals have striven to get the basics right—establishing policies, patch management, endpoint visibility, a clear understanding of their environment, and so on. This permanent quest for perfect understanding is time-consuming and slows down forward-looking initiatives. In a period of financial pressure, companies will realise they can reduce the risk of unsettled basics by changing how security is deployed—for example, through a cloud-based zero trust approach
4. Visibility will become a number one priority: Transparency into all their organisation’s data traffic will become each CISO’s utmost priority. Without knowing what’s happening in the organisation’s infrastructure, the security function cannot act against intruders or data loss. Visibility will be key for CISOs as they recognise how much this can impact career stability. Insight into problems, tooling, and resources to help them achieve visibility will be key objectives as CISOs become unwilling to serve as the ’sacrificial lambs’ of inadequate security