Some predictions for 2023. We will see most security frameworks continue to fail in 2023 for a simple reason: complexity. And the role of CISO will be elevated to be on the board or reporting directly to the CEO.
As the CCPA comes into effect in the new year, we should prepare to see stricter regulations unfold both in the US and at a national level. Companies hiring for the CISO role must ensure candidates are informed of the legal expectations and are up to speed with protocols for security incidents.
Cyber leadership is currently based on individual best effort, with no agreement on what ‘good’ looks like, with Chief Information Security Officers (CISOs) typically blinkered on the implementation of controls rather than understanding the risks to the business and driving cultural change accordingly.
The days of managing from the shadows are long gone for the CISO. Today’s CISO is more than an advisor to the C-suite with 88% of boards of directors viewing cybersecurity as a business risk. The role for the CISO has expanded to encompass advising the entire business and employees on how they can help ensure data security.
Randori report indicates that cybersecurity programs are struggling to manage attack surfaces that have become significantly more difficult due to pandemic conditions.