Nick Westall, CTO, CSI Ltd www.csiltd.co.uk
With strong economic headwinds predicted for 2023, businesses will be bracing themselves for an uncertain year and an expectation that they will need to be doing more with less. Cloud technologies have improved operational resilience in recent years and the reliance on these services is only growing, but cloud optimisation and cost control will be paramount.
In terms of cyber security, the picture is grim. The number of attacks are predicted to increase during a recession alongside a worsening cyber skills gap.
So how can CTOs and CISOs add value and avoid risk in 2023? And how can they do so without taking focus away from their ESG and CSR role or keeping their customers at the heart of what they do? In this article, I share some of the tools and controls that I believe will become critical for maintaining resilience for the year ahead.
Challenges are ‘beyond human scale’
With progressively large sets of data and an ever-increasing growth in creative cyberattacks, IT teams are now dealing with operations and threats that go ‘beyond human scale’. Even moderate sized teams can no longer have the ‘eyes’, or visibility, they need to oversee all IT activity to keep their business secure.
With dynamic, personalised attacks and working beyond human scale, hackers will have significantly more power to cause damage. Then there are the unknown threats. Given the pace of technological development, it's likely we will be hit within the next few years by forms of cyber-attacks that are hardly conceivable today.
For these more complex IT worlds, the application of AI and automation for cloud and security processes will become key to threat detection and prevention.
AIOps and SecOps
AIOps and SecDevOps will become critical in 2023 to improve IT Automation and application modernisation and protect against attack, thus enabling businesses to operate beyond human scale.
Artificial intelligence for IT Operations (AIOps) is the use of artificial intelligence (AI), and other related technologies, like machine learning (ML) and natural language processing (NLP) to traditional IT operations and tasks to handle these activities at scale. According to Omdia’s Software-Market-Forecasts: Infrastructure, 2019–24, the AIOps market is rapidly growing with a CAGR over 25%.
Through algorithmic analysis of IT data and observability telemetry, AIOps helps IT Operations, Developers, and site engineering teams work smarter and faster, so they can detect digital-service issues earlier and resolve them quickly before business operations and customers are impacted.
SecOps (Security Operations) provides the security by default at each layer and stage of the operational environments, taking a Zero Trust approach, assuming that there has already been a breach, and how the fastest route to recovery can be achieved.
SecDevOps is the process of integrating security, development, and IT Operations into a continuous and cohesive lifecycle management architecture. It can be viewed as a culture change or a series of tools, but putting the Sec in front of DevOps essentially means a new approach to development designed to put security first, rather than as an afterthought. Security is integrated into every stage and supported by the tools rather than being ‘held’ by them. It means developers and operations teams can perform their own security analysis, identify security issues, and improve the way they code and operate software.
Put simply, IT teams can use AIOps and SecDevOps to handle the immense complexity, quantity of data, and scale of operations generated by modern IT environments, and so prevent outages, maintain uptime, and attain continuous service assurance in the face of aggressive cyber threats.
Cyber insurance must be fit for purpose
Despite best efforts, many businesses unfortunately will still be attacked, so having the right business continuity practices in place and cyber insurance will be critical to survival. Information Security Management Systems and Cyber Essentials Plus is no longer fit for purpose on their own. And with insurance companies stipulating that companies must have in place more rigorous technical controls, cyber security policies and toolsets before they will insure them, being able to meet these increasing demands and demonstrate a strong security posture in 2023 will be key.
A single click or minor misconfiguration can lead to a major breach. And if your organisation fails to meet the security requirements defined by the insurance provider, your policy could be in jeopardy.
Which controls will help you build cyber resilience on 2023?
To protect your organisation, satisfy cyber security insurance requirements and ensure rapid recovery if you are breached, security always needs to be a continuous process.
Aside from a nearly ubiquitous demand for multifactor authentication (MFA), cyber insurance eligibility often includes the following requirements:
- Immutable backup and disaster recovery. Organisations should regularly perform backups, but what if your backup carries the same malicious payload that infected your environment in the first place? Immutable backup is a backup file that can't be altered in any way. It should be able to deploy to production servers immediately in case of ransomware attacks or other data loss.
- Endpoint detection and response (EDR). Install antivirus solutions to protect endpoints against malware, viruses, and other attacks.
- Managed detection and response (MDR). Using a cybersecurity service that combines technology and human expertise will perform more effective threat hunting, monitoring, and response. The main benefit of MDR is that it helps rapidly identify and limit the impact of threats without the need for additional staffing.
- Security Orchestration, Automation, and Response (SOAR) Streamline security operations in three key areas: threat and vulnerability management, incident response, and security operations automation.
- Patch management. Consistently implement patches and updates.
Importance of employee education
The cyber security industry is vast, and protection is always trying to keep a step ahead of the threats. But attackers will continue to deploy more and more sophisticated phishing attempts and malware on browsers and endpoint devices. One report suggests that cybercrime costs totalled $6 trillion in 2021. To put this into perspective, if cybercrime were measured as a country, it would be the world’s third largest economy behind the US and China.
Despite the best technology defences, it’s still human error that leaves companies most vulnerable. Fostering a zero-trust culture is one of the most effective protection methods as it assumes that every user and device accessing a network is a potential threat. Phishing is essentially a numbers game, but with the right employee cyber security training, and a healthy dose of scepticism within the organisation, more security breach attempts can be prevented.
Verizon’s 2022 Data Breach Investigations Report revealed that 82% of businesses are at least considering adopting a zero trust approach to security, with genuine adoption expected to ramp up in 2023.
Collaboration within C-suite essential
While CISOs have much to do to add value and avoid risk, collaboration and support within a leadership team will be needed to thwart potential threats. CEOs may feel that they want to delegate responsibility for cyber security to CISOs, but this is ineffective if they are to foster a security-first culture. Involvement across the C-suite is needed to ensure that cyber security investments are worthwhile and effective.