The Cyber Threat Landscape for 2023 - Threat Analysis
Posted By: Iain Fraser - Cybersecurity Journalist Gibraltar
14th March 2023
A recent paper issued by Gartner has gone some way to predict Cybersecurity Focus for 2023. I think this is a brave call to effectively "predict" future Threat trends in the ever fluid Cybersecurity industry, so I have thoroughly examined the article and have gone some to analyse their Threat profile. My findings are that Gartner are more in touch with the current and developing Threat landscape than may of their peers who have not gone far enough to explain the omni-present threat facing businesses as we sweep into 2023.
The Gartner paper - Predicts 2023: Cybersecurity Industry Focuses on the Human Deal. Constructed brilliantly by lead Deepti Gopal with Leigh McMullen opens with the fact that Organisations in the past have developed their cybersecurity program to address the ebbs and flows of regulatory changes, business decisions, and customer demands and threats. Modern cybersecurity leaders will use a human-centric design to strengthen their program and optimize human potential.
Predicts 2023 outlines the Key Findings of the report and then goes on to outline the Recommendations from the Findings.
Key Findings
- Burnout has made its way into the cybersecurity industry, but little is being done to address the attrition that it causes.
- Insider threat management is not a focus area for most organizations unless they are highly regulated.
- Digital risk protection services (DRPS) are becoming more relevant today as the human element continues to be an effective vector for malicious actors.
- The cybersecurity industry has taken limited action to reduce cybersecurity process friction and improve user experience.
- Poor strategic implementation of topics like Zero Trust stops organizations from developing a positive security culture.
Recommendations
To design a human-centric cybersecurity program:
- Use human error as a key indicator of cybersecurity-process-related fatigue within the organisation, as stress and burnout have a direct impact on the quality of decision making.
- Develop an insider risk management program with the support of senior leadership, but also include the human resources and legal teams.
- Augment human-centric decision making using an artificial intelligence (AI) recommendation engine that can detect deepfakes and misinformation.
- Evaluate the human factors impacting cybersecurity control effectiveness in addition to the technology when designing and implementing controls.
- Exercise caution when discussing zero trust outside of the security team. Misinterpretations of the meaning can damage employee trust in and acceptance of the security program. Learn More /...
With thanks to Deepti Gopal, Leigh McMullen, Andrew Walls, Richard Addiscott, Paul Furtado, Craig Porter, Oscar Isaka, Charlie Winckless