5 Cyber Security Trends – Expert Insight for Tech Leaders
What are the Cyber Security Trends CIOs, CISOs, and tech leaders need to be aware of in the coming months? The cyber security landscape is changing, and new legislation is placing a greater burden on tech leaders to understand risk across their entire supply chain. So, how can organisations strengthen their cyber security, with the right cyber security solutions when the cyber landscape is becoming increasingly complex? Our Head of Cyber Security, Peter Moorhead shares his thoughts on the cyber security trends driving the changes, and his expert advice on how to navigate them.
Cyber Security Trend 1: Managed Detect and Response
Tackling Advanced Threats from a Clear Vantage Point
Cyber professionals have come to accept cyber-attacks are no longer a question of “if” but “when.” UK Official Government statistics report that 31% of businesses and 26% of charities estimate they were attacked at least once a week during the last year. (1) To successfully stop an attack or reduce its impact, it is critical to have 360-degree visibility across the entire IT environment. With clearer visibility it becomes possible to identify any unusual activity across the ecosystem of users, applications, and infrastructure.
As a result of artificial intelligence and machine learning algorithms, threat detection and response tools analyse real-time and historical data and identify unusual patterns. These tools include endpoint detection and response (EDR), extended detection and response (XDR), and managed detection and response (MDR).
With Advanced Threat Detection intelligence and analysis, it is possible to detect and block advanced threats designed to evade traditional defences. As Gartner predicts, we should expect to see demand for cloud-based detection and response solutions like EDR and MDR significantly increase this year.
Cyber Security Trend 2: Building Cyber Resilience
Proactively Tackling Cyber Risk
As cyber-attacks become increasingly sophisticated, companies will need to assess and manage cyber risk across their entire IT landscape. More than cyber-insured or cyber-secured, they will need to become cyber-resilient. Building true cyber resilience will require a proactive strategy that combines behaviour, financials, and technology to prepare and recover from any attack and anticipate risk. A robust cyber programme needs to consider the following: are you prepared, can you respond, and can you recover? A cyber resilience strategy is vital to ensure your business can continue to function if it is hit with a cyber-attack.
To achieve cyber resilience, strategies should include cyber tools to reduce and minimise cyber risk as well as identify the areas where cyber risk can be transferred to insurers.
Cyber Security Trend 3: Cyber Outsourcing
Bridging the Cyber Skills Gap
As cyber security becomes increasingly complex, many in-house security teams are finding they simply lack the cyber security skills, expertise, budgets, or resources to manage a full-fledged security operations centre (SOC). Recent data findings by the UK government found that approximately 697,000 businesses (51%) have a basic cyber security skills gap. (2)
The lack of skilled expertise is compounded by the high salaries security professionals command. In-house IT budgets, struggle to compete with specialised cyber providers to attract and retain the best talent. All these factors are leading to a growing trend to outsource cyber operations.
In the future, decision-makers will be forced to think more creatively about how they manage day-to-day security operations. This could include outsourcing managed-to-detect and response (MDR) services to an experienced outsourcing security provider or, perhaps taking advantage of the leadership services of a virtual CISO.
Cyber Security Trend 4 – 3rd party risk and cyber assessments
De-Risking Supply Chains
Attackers are now seeking out easier targets beyond the immediate cyber defences of the Enterprise. One of these easy targets is the supply chain. Smaller players who may be part of the supply chain typically do not have an equal level of protection or resources to monitor and manage cyber risk. This is why around 62% of the attacks on customers took advantage of their trust in their supplier. (3) Attacking third-party software is another easy target, exploiting weaknesses in third-party apps and software to gain access to valuable systems and data. This is a growing issue, with Gartner predicting that by 2025, 45% of customers will experience attacks on their software supply chains, which will be three times as many as in 2021.
The introduction of legislation such as the NIS 2 Directive, will put greater pressure on Boards and CEOs to fully understand and tackle supply-chain and third-party risk. This latest directive includes the introduction of accountability for top management for non-compliance with cybersecurity obligations.
To comply with this new legislation, leaders will need to conduct enterprise risk assessments that assess the maturity level of their cybersecurity programme and proactively address any underwriting concerns. As cyber insurance premiums continue to increase and it becomes more difficult for companies to afford or obtain cover, assessments, including those that examine exposure to third-party risk will become more critical. Risk assessments can also be useful in shaping cyber resilience strategies, by determining decisions around any insurance gaps, limits, and coverage. Furthermore, risk assessments can provide guidance when buying cyber insurance, helping to define priorities as well as identifying risks deemed acceptable and those that need to be transferred to insurers.
Cyber Security Trend 5 – Understanding Zero Trust
Securing the Hybrid Workforce
In an era of hybrid working, legacy virtual private networks (VPNs) are no longer deemed fit for purpose. VPNs implemented to date are unable to meet the scalability demands needed for hybrid working, and the technology itself can be prone to cyberattacks and vulnerabilities. To counter this expect to see an even greater shift towards Zero Trust. There has been cyber-buzz around this concept for a while now, but there is still a lack of understanding as to what it is, and more importantly, the steps needed to achieve Zero Trust. Implementation of a Zero-trust strategy is based on the concept of “never trust, always verify,” which means that just because users can be identified and authenticated, they must not be granted blanket access to all resources.
In a zero-trust environment, users are continuously validated, assessed, and authorised using multiple authentication methods. To embark on a Zero Trust approach, it is vital to understand it is multi-tiered and aims to provide a scalable but highly secure environment.
One key action for decision-makers this year is to start planning for the new cyber risk legislation now. It is important to identify the actions needed to mitigate risk before it comes into effect in 2024. Cyber security trends will continue to evolve as new security threats and attacks emerge, but with the right foundations in place companies will be able to adapt faster to protect their most valuable assets.
Make Cyber Security Freedom a Reality
Our suite of fully managed cyber security products and services allows you the freedom to innovate.