The top security priorities in 2023, according to Info-Tech Research Group
by CM staff
Info-Tech's Security Priorities 2023 report will help security leaders secure a hybrid workforce, respond to regulatory changes, and adopt next-gen cybersecurity technologies.
TORONTO — Info-Tech Research Group has published its annual industry resource, the Security Priorities 2023 report.
“Aside from ransomware and the hybrid work model, in 2022, we saw an evolving threat landscape, regulatory changes, and the potential for a recession by the end of 2023,” said Ida Siahaan, Research Director and Lead Analyst for the report. “Furthermore, organizations are still facing the ongoing issues of insufficient cybersecurity resources and organization modernization, all of which impact how we prioritize cybersecurity over the coming year.”
Info-Tech’s annual security priorities are based on primary data obtained from interviews with security and IT leaders, as well as from the firm’s 2023 Tech Trends report and upcoming State of Hybrid Work in IT: A Trend Report, set to be released in March 2023.
The new security priorities report focuses on data that details the likely changes in processes and IT infrastructure due to hybrid work, concerns and perceptions about readiness to meet current and future legislation, and the impact of a potential recession on security budgets.
The firm advises that security and IT leaders keep the following five priorities top of mind as they work toward modernizing their organizations, securing hybrid work environments, and mitigating risks and cyber threats:
- Maintain Secure Hybrid Work. The pandemic changed how people work and where they choose to work, with most still preferring a hybrid work model. The initial investment to set up remote work options was extensive and requires continuous investment to maintain the secure remote work infrastructure that facilitates a hybrid work model. According to Info-Tech’s research, security leaders must build a strong cybersecurity workforce by strategically acquiring, retaining, and upskilling talent to maintain secure systems and increase confidence in the security practice.
- Secure Organization Modernization. Despite all the cybersecurity risks, organizations continue modernization plans due to the overall long-term benefits. These plans can include digital transformation to the cloud, operational technology (OT), and the internet of things (IoT). Security leaders must address the risk of converging environments by combining IT and OT security to protect the entire organization.
- Responding to Regulatory Changes. Government-enacted regulatory changes are occurring at an ever-increasing rate. Rather than treating them as a compliance burden, organizations should use these changes as an opportunity to improve security practices. Security leaders need to identify relevant compliance obligations, implement policies and exception processes, and then track and report to ensure their remediations are effective.
- Adopt Next-Generation Cybersecurity Technologies. The cat-and-mouse game between threat actors and defenders is continuing. The looming question of “can defenders do better?” has been answered with the rapid development of technology. However, next-generation cybersecurity technologies alone are not a silver bullet and require a combination of skilled talent, useful data, and best practices to gain a competitive advantage. Governments and cybercriminals recognize the importance of emerging technologies, such as zero trust architecture and AI-based cybersecurity, and so should security and IT leaders.
- Secure Services and Applications. Software is usually produced as part of a supply chain instead of in silos. As demonstrated by recent incidents such as Log4j and SolarWinds, a vulnerability in any part of the supply chain can become a threat vector. To respond to this challenge, DevSecOps was developed as a culture and philosophy that unifies development, security, and operations. DevSecOps offers many benefits, such as the rapid development of secure software and the assurance that tests are reliably performed and passed before the software is formally released and delivered. Security and technology leaders must adopt this philosophy and the latest software development best practices to ensure that each link of the software supply chain is secured.
Info-Tech’s latest priorities report also includes recommended actions in addition to templates for security and technology leaders that can be used to explain each of the priorities to their stakeholders.
Print this page