Top 3 Non-Technical Cybersecurity Trends for 2023

Cybersecurity isn’t just about technology. Non-technical aspects, such as the management of people, process, and technology, are critical to reducing cyber risk.

Managing security shelfware will be critical

You know that one kitchen drawer with all the fancy gadgets you swore you needed? The same applies in IT, except instead of an apple corer it’s shelfware.

According to Vendr, the average company wastes around $135,000 annually on SaaS tools they don’t really need or use. And a 2020 Gartner survey found that 80% of respondents are not utilizing between 1-49% of their SaaS subscriptions.

Shelfware happens for a myriad of reasons including integration issues, failed communication between departments, poor vendor support, or the CISO role changing hands.

Whatever the cause, CISOs need to pay close attention to shelfware management in 2023 as economic factors will prompt C-suites to ask tough questions and look for places to make cuts. By freeing up budget from unutilized SaaS subscriptions, CISOs can keep staff off the chopping block.

Consider the following three steps to avoid security shelfware:

1. Quality over quantity: Instead of tossing point products at problems as they crop up, stop and think about the bigger picture. Is it just an email problem, or do you lack visibility across the attack surface? Once you’ve identified the scope and scale of your security challenge, perform a thorough technology evaluation to ensure the solution fits your needs for today and tomorrow.
2. Include key stakeholders in the purchase process: From security professionals to developers, make sure you gather business and user requirements before purchasing to get the most bang for your buck. This will ensure business needs are being met, leading to higher and quicker adoption.
3. Make an adoption plan: Some money-hungry vendors will disappear after you sign the dotted line, leaving you to figure out how to deploy and use their product. Ask the vendor what kind of training, onboarding, and continuous support is included before purchasing anything. The skills shortage is an ongoing problem; ease-of-adoption and use are important for teams with limited resources.

The cybersecurity skills shortage will continue to cause strain

While the cybersecurity skills shortage is beginning to level off, businesses are still struggling with high turnover rates. An ISACA survey reported that 60% of enterprises experienced difficulties in retaining qualified cybersecurity professionals. And more than half felt they were either somewhat or significantly understaffed.

Finding and keeping good talent on hand is a challenge, and with purse strings tightening, there is only so much money and perks to throw at candidates. To stop IT from being a revolving door, CISOs need to address gaps in their company culture.

Ask yourself: why would a senior analyst want to work for me besides a paycheck? ISACA found that the top three reasons for cybersecurity professionals leaving their job (excluding pay) were:

• limited promotion and development opportunities,
• high work stress levels,
• lack of management support.

CISOs also need to be mindful that bringing in new staff means making a change that requires flexibility. A good hire can help establish more efficient processes to overcome current issues. Not only will your organization reap the benefits of improved security, but supporting innovation is a win for team morale and retaining valuable employees.

Shadow and distributed IT will leave CISOs in the dark

The days of monolithic IT are behind us. Digital transformation, accelerated cloud adoption, and an increase in remote workforces have led to an influx in distributed and shadow IT.

Highly distributed enterprises face the (expensive) task of securing systems and data spread across remote operations, headquarters, the cloud, etc. This can be exceptionally challenging for organizations that are set up like holding companies.

Simply blocking unauthorized apps and devices won’t solve shadow IT problems.

CISOs need a new approach to shed light on these growing concerns. Beyond implementing the right technology, a strong security culture needs to be established across the company. Being attuned to the needs, concerns, demands, and habits of an organization will help security leaders better “speak the language” of staff to ensure effective training.

Security training for senior management and executive roles is even more crucial than for the rest of the company.

BlogofInnovation.com