Cybersecurity considerations 2023

The topic of digital trust is finding its way into board agendas as issues concerning privacy, security and ethics gain momentum due to increased regulation and growing public opinion. The future success of any digitally enabled business is built on digital trust, making cybersecurity and privacy key nodes of growth. CISOs must be prepared to help the board and C-suite create and maintain the trust of their stakeholders if they are to maintain a competitive advantage. Achieving this potential requires a collective commitment from all stakeholders.

Embedding security within the business in a way that helps people work confidently, make productive choices, and play their part in protecting the organisation remains a key yet often challenging objective for CISOs. The solution here lies in viewing cybersecurity from both a user and business perspective. 

It’s no surprise that business operating models have fundamentally changed over the last decade, becoming platforms for more fluid, data-centric, connected ecosystems comprising of internal and external partners and service providers. To mitigate potential damage in such a connected computing world, CISOs can incorporate elements like zero trust, Secure Access Service Edge (SASE) and cybersecurity mesh models to mitigate and manage threats.

CISOs need to adopt a holistic view of their organisation's cybersecurity capabilities and gaps. This means knowing which services to keep in-house and which to outsource, ensuring a shared responsibility cybersecurity model between the organisation and trusted service providers.

In the race to innovate and harness emerging technologies, concerns over security, privacy, data protection and ethics — while increasingly being put under the spotlight — are also often ignored or overlooked. Left unchecked, this negligence could lead businesses to sabotage their potential, especially with new AI privacy regulations on the horizon.

Following the G20 adoption of principles for trustworthy AI, there have been major developments in AI risk management and regulation. Singapore for one, has launched its own AI security standard while the National Institute of Standards and Technology (NIST) in the United States has published its AI risk management framework. Adding to this list is the EU AI act which will go live later this year. 

Businesses across almost every industry are shifting towards a product mindset by focusing on developing network enabled services and managing their supporting devices. CISOs and their teams are getting increasingly involved in the engineering, development and product support functions as organisations come to terms with the importance of cybersecurity. 

The interval between initial compromise to enterprise-wide ransomware activation is decreasing. Rogue and state-sponsored attackers can now penetrate systems with automated tooling and accelerate the exploitation of systems. Security operations should be optimised and structured to fast-track the recovery of priority services when an incident occurs. This can help reduce the adverse impact on clients, customers and partners.

No security system is infallible. There is an air of inevitability that, at some point, most organisations will suffer a breach — either large or small, and likely more than once. Regulators are increasingly focusing on plausible scenarios and pushing companies, particularly those in strategically important industries like energy, finance, and health care to maintain resilience.