The threat landscape continues to evolve and 2023 is predicted to bring forth both old and new threat tactics. CIO and CISO teams are being asked to overcome significant challenges as they work to manage business-critical initiatives such as securing work-from-anywhere, enabling digital acceleration, staying ahead of increased cyber risk, and supporting sustainability goals. They must do this while managing around a global skills shortage. To gain insight into tips and strategies to keep in mind for the new year, Fortinet’s Field CISOs Jaime Chanagá and Daniel Kwong share their thoughts about the current cybersecurity environment and provide best practices for CISOs to strengthen their security posture for 2023 and beyond.
Jaime Chanagá (JC): In 2022 I had the privilege of traveling to over ten countries in Latin America, including the Caribbean and Canada, to speak with senior executives and organizations in a variety of industry sectors. Most C-Level executives, including CEOs, CFOs, and board members, have the same concerns that CISOs, CSOs, and CIOs share. The top three concerns for their businesses are 1) business resilience, 2) cybersecurity capability & maturity, and 3) human resources challenges for acquiring, training, and retaining cybersecurity talent.
Daniel Kwong (DK): The current cybersecurity environment is top of mind for many customers. They are concerned about the increasing number of cyberattacks and the evolving nature of threats due to digital transformation. In addition, during the pandemic, customers rapidly transformed their organizations in order to survive the business environment. Some organizations are learning about additional challenges they now face resulting from this change.
JC: Overall, cybersecurity risks are increasing. Let's compare, for example, the adoption of new technologies such as artificial intelligence (AI). While some organizations have not yet adopted AI-based technology, cyber adversaries have and are using it to challenge today's cybersecurity defenses. That said, it’s important for organizations to consider adopting AI to defend against increasingly sophisticated cyberattacks. Cyber risks posed by innovations like AI, cloud computing, and the increasing sophistication of the threat landscape are creating the perfect storm to exponentially escalate cyber risks against businesses and governments.
DK: I agree that cyber risk is escalating, and we can see that this is due to the continued digital transformation of businesses, which creates more opportunities for cybercriminals in the expanded threat landscape. Bad actors now have more ways to penetrate an organization’s environment due to the increasingly extensive use of remote access with work and learning from anywhere. For example, some applications are designed to be 100% cloud-native and store data in multiple uncontrolled environments. Also sometimes IoT sensors are placed in critical infrastructure without proper segmentation. Most importantly, cyber risk is increasing due to the lack of security awareness training for remote employees, which can then leave employees vulnerable to phishing attacks. Organizations should consider implementing training and awareness programs for their employees to ensure the safety of people, data, and devices.
JC: Most senior executives are not as concerned about the specific technical details as they are about the results. Organizations that have invested in human intelligence and AI-powered services and solutions are finding the best value for their organizations. For example, FortiGuard AI-powered solutions start with a world-class global team of cybersecurity researchers, innovate with advanced technologies such as AI and machine learning, and expand our knowledge with hundreds of international partnerships for cyber risk and threat intelligence research.
DK: Recently when I talk to the customers and partners, they are especially interested in Digital Risk Protection Services (DRPS). A lot of CISOs are under pressure from businesses to take risks when it comes to digital transformation, but they do not know whether their existing security platform can protect with all these new technologies. Instead, they are looking for solutions from the external view that not only provide a continuous External Attack Service Management (EASM) but also provide adversary-centric intelligence that looks for potential breaches that already exist in the hacker community in order to protect their company brand.
JC: The investment in sophisticated detection solutions is an area that is lacking in the security roadmap for 2023. In 2022, many organizations faced increased cyber risks resulting from the convergence of IT and operational technology (OT) networks. That said, investment in solutions like FortiNDR can allow organizations to quickly identify anomalies, analyze emerging threats in real time, and automate responses to mitigate cyberattacks. Businesses and organizations that accelerate their cyber agility can defend their IT environments and company from existing and emerging threats.
DK: One of the cybersecurity portfolio solutions I urge customers to take into consideration is the Security Access and Service Edge (SASE) approach to revamp their existing remote access technology. Currently, most companies rely only on Verified Private Networks (VPN) to provide remote access, and some of the more advanced companies may incorporate simple proxies such as Security Service Edge (SSE). However, the mixed-use of point solutions creates management complexity and network performance issues and is frequently inadequate for rapid response and remediation when an attack occurs. A true single-vendor SASE should ensure not only security but also network access performance. This can be achieved by utilizing a consolidated platform that provides SSE, Zero Trust Network Access (ZTNA), and Cloud Access Security Broker (CASB) to secure at the endpoint control level. On the network access level, it should incorporate intelligent application steering for both secure private and internet access. This approach will ensure end-to-end visibility to provide rapid response in the case of a security incident.
JC: Given that most organizations are still struggling with talent shortages for skilled cyber workers, organizations should strongly consider services like FortiGuard AI-Powered Response (Outbreak Detection, XDR, Playbooks). For organizations that do not have their own in-house security operations center or team, I would recommend SOC-as-a-Service (SOCaaS). Today, organizations must be more agile when responding to cyber risks. If you don't have a talented and skilled workforce with experts in incident response, your organization is in grave danger when faced with a cyberattack.
DK: In my opinion, customers should consider deception technology. Crime-as-a-Service is becoming more popular, and threat campaigns can gather a lot of information about a target organization's vulnerability. Deception technology provides a proactive countermeasure by deceiving, exposing, and eliminating bother external and internal targeted attacks at the early stage of the cyber kill chain before any significant damage occurs.