In ancient times, ambidexterity was considered a curse and could get someone on the wrong end of a witch hunt. Today, however, it is praised and viewed as a competitive advantage in everything from racket sports to organizational governance and innovation. Being ambidextrous is undoubtedly the best armor for chief information security officers (CISOs) in 2023, helping them improve their security hygiene and prepare for future challenges.
CISOs are faced with a myriad of pressing cybersecurity concerns, from adequately protecting their organizations from the most prominent cyberthreats to continuously improving their security posture — all while adapting their security controls to the ever-changing digital environments in their organizations. In parallel, they must also prepare for upcoming digital changes and emerging transformational technology trends that will drastically change how they consume cybersecurity solutions.
Ambidextrous CISOs can balance these two fundamental challenges by improving their existing cybersecurity efficiency while preparing for the unknown. They will be able to optimally balance investment in incremental cybersecurity improvement and prepare for disruptive technology innovations.
Perhaps the most pressing question is: Which cybersecurity investments should you prioritize in 2023? What emerging technology trends will affect your cybersecurity strategies?
First, I would like to emphasize that cybersecurity technology investment should never be solely based on trendspotting, but should rather be decided after a thorough risk analysis that considers your organization’s core business as well as the cyberthreats that it faces.
With that in mind, Atos’s cybersecurity tech radar has identified the top technology trends in cybersecurity for 2023 to help you tackle the ambidextrous challenge of cybersecurity and assess the maturity of your security controls across the five building blocks of the NIST Cybersecurity Framework.
We assessed more than 150 cyber tech trends and integrated our analysis of the digital emerging trends, the changing threat landscape, the regulatory framework and the agility conundrum.
2023’s most promising incremental cybersecurity technologies
Protect the new network
APIs are prevalent in every organization’s digital environment, doing all the heavy lifting in the background of modern applications. However, since they can be a single point of failure, CISOs must implement a proper API security program that adopts secure API development, builds a continuous API discovery process, enforces API policies and monitors API threats.
Security by design
DevOps is clearly revolutionizing IT, but without embedded security it can introduce security gaps and risks. Adopting a set of DevSecOps tools, practices and policies will help organizations integrate security throughout the application development lifecycle, protecting applications from abuse. The upcoming European Cyber Resilience Act will accelerate the adoption of DevSecOps for organizations that want to sell their technologies in the European market.
Verify and challenge
It only takes one misconfigured or compromised access account to steal sensitive data. The latest statistics show that 80% of cyberattacks leverage compromised privilege accounts, whereas 60% cyberattacks leverage lateral movement techniques. Organizations must implement proper access rights management solutions that span heterogenous networks and cover the building blocks of the new identify fabric. Continuous compliance checks will be essential to ensure that access policies are properly enforced over time.
Managed detection and response (MDR)
Threat anticipation with external visibility
MDR platforms provide multi-vector threat visibility by analyzing security data from multiple sources. Advanced MDR platforms integrate external attack surface management technologies to enhance threat anticipation with detailed external visibility. An effective MDR service, can truly enhance mean time to detect (MTTD) and mean time to respond (MTTR), while combining red team services to better assess the impact of external threats.
2023’s top emerging trends in cybersecurity to prepare for the future
How? By understanding their impact and implementing the first measures in the road of tech adoption
Cybersecurity mesh architecture (CSMA)
Distributed yet integrated
A more integrated and interoperable technical environment is needed to make cybersecurity mesh architecture a reality. Organizations will need to adopt architectural changes today to be ready for CSMA. They also need to choose cybersecurity partners and service providers who have embraced CSMA architecture, especially for security analytics and intelligence, automation, policy posture management and identity fabric.
Discover and Assess
In 2022, we took a giant leap towards quantum-resistant cryptography when NIST selected the first quantum-resistant cryptography algorithms and the NSA set a 2035 deadline for the adoption of post-quantum encryption across national security systems. CISOs can take the first steps in 2023 by identifying and discovering crypto libraries within their organizations to gain visibility and initiate a thorough impact assessment.
Privacy enhancing computation (PEC) tools
Protect data in use
PEC tools protect the privacy and confidentiality of sensitive data throughout its lifecycle, especially when it is in use. They include multiple innovative techniques that secure the data at the software, data or physical layer. Organizations with high security maturity have already started testing PEC tools to secure their highly sensitive data. Going forward, they must assess PEC solutions for their latest business use cases and initiate testing with security service providers that include both startups and hyperscalers.
Adopting Ambidexterity in cybersecurity will undoubtedly require new mindset in defining cybersecurity budgets and will push the boundaries of TCOS and ROI, forcing organizations to embrace faster lifecycles of cybersecurity innovation. Only then, can we bring agility, efficiency, and innovation to organizations’ cybersecurity strategy programs.
About the author
Vice President Global CTO – Digital security, Atos
Member of the the Atos Scientific Community
Zeina has twenty years of experience in the Cybersecurity field covering the end-to-end spectrum of cybersecurity from security advisory, to security integration, Managed security services/Managed Detection and Response, to securing digital innovations (Cloud, IoT, Edge, AI etc…) as well as risk management, compliance and privacy.
She holds a Bachelor of Engineering in C.C.E from Notre Dame University Lebanon, a M. Sc. From Telecom SudParis and an Executive MBA focused on Innovation & Entrepreneurship from HEC School of Management.
Zeina is a member of the Atos Scientific community and a Fellow in cybersecurity. She is also a Certified Information Systems Security Professional (CISSP) and a certified ISO 27005 Risk Manager. She was the recipient of Atos Innovation trophy in 2013, was named in 2019 among the “100 fascinating Females Fighting cybercrime”, was listed in the CTO/CIO/CDO French top 10 influencers and was recognized as 2020 Cyber security leader by the Cyber Security Observatory.