Intelligent CISO Issue 57 | Page 21

cyber trends have the resources to create bespoke tools and exploits that can maximise the stealth and reach of their campaigns . These types of attacks are why I so often write about ‘ locking shields ’ in the cybersecurity ecosystem – because if suppliers or vendors aren ’ t protected from this type of attack , then neither are you .
In 2022 , 24x7 monitoring and mitigation capabilities – specifically through managed extended detection and response ( XDR ) – could be the missing link for security leaders seeking to more effectively monitor and manage their software supply chain . Additionally , security leaders should select software suppliers that are equally innovative , partnering with those that use advanced technologies such as AI and Machine Learning to remove blind spots faster .
Prioritise investment in Zero Trust to minimise human risk
The ongoing popularity of flexible working models requires security leaders to continue to look for new solutions to help them manage and protect dispersed workforces . In fact , Gartner estimates the total market size for information security and riskmanagement spending will exceed US $ 188 billion in 2023 .
Research has consistently shown that humans are still the most notable risk to cybersecurity and this largely results from a lack of awareness , negligence , or inappropriate access controls . Training alone will not solve these problems , nor will attempts to turn everyone into a cybersecurity expert . CISOs therefore need to focus on this truism and transition to a preventionfirst security strategy by leveraging intelligent solutions that focus on impairing and impeding cyberattacks so that employees can focus on their jobs , not cybersecurity , wherever they choose to work .
As the attack surface expands , security leaders should prioritise investment in Zero Trust security measures . This approach assumes there is no longer a traditional network edge and takes a more stringent , continuous and dynamic approach to user authentication , but also does this seamlessly to avoid impacting the user experience . User access to resources will also be dynamically controlled based on real-time risk assessments of their current behaviour , while user-focused security controls are deployed at every enterprise network and cloud application ingress point to prevent remote employees from accidentally or intentionally violating security policies .
Invest in better CEM capabilities to be prepared for a cyberattack
As we saw in 2022 with Uber , if a hacker takes down an internal comms system , how are you able to communicate with employees ? This will inundate your help desk with tickets indicating employees can ’ t access their email accounts because their email was shut down due to a cyberattack . As we look ahead to the next 12 months , companies therefore need to consider the consequences of any disruptions to their internal systems or operations , such as loss of productivity , negative impact on morale , displacement of staff , revenue loss and the increased cost of working .
Organisations should consider implementing a crisis communications plan as part of their overall incident response strategy to make them aware of any threats to operations that could impact employee safety or their ability to do their jobs . Communications systems facilitate off network notifications and alerts to address threats and incidents as they unfold , providing a reliable and secure way to keep people connected in crises – sharing the right information at the right time to keep them safe . u www . intelligentciso . com