October 19, 2022
6 min read
As cyber leaders continue to grapple with the speed at which the cyber landscape continues to evolve, they should take stock of 3 key trends: 1 - threats, 2 - best practices and 3 - pressures. I was fortunate to be joined by some of my peers--Amy Bogac (CISO, The Clorox Company), Kim Baumann (Executive Partner, Gartner Executive Programs) and Bobby Christian (COO, Deepwatch)--at our State of Cyber: Today’s Threats to Watch virtual event recently to talk about just those things and how cyber teams should prepare for the remainder of 2022.
It should come as no surprise that we have an increasing number of threat actors, especially given the geopolitical situations creating headwinds for us in 2022.
Those in cybersecurity roles need to understand the variety of threat actors that now exist. Threat actors are no longer just individuals. Entire organizations or networks are being stood up that are trying to breach organizations.
Every company is reliant on its infrastructure on a daily basis. Those in head cybersecurity roles understand that it takes a village to keep a company profitable and running strong, but also safe and secure.
The major threats out there are:
Never underestimate the power of security awareness training. Companies can no longer rely solely on their once-a-year annual training and a more focused approach is necessary.
Cybersecurity talent needs to be in a position where they can identify threats and inform on best practices. There needs to be a sold risk awareness and response plan in place should the unthinkable happen on the cyber warfare front.
The C-suite is beginning to recognize the impact of a cybersecurity breach on the overall operations of businesses, so they're likely open to investing in more in incident response. You need to evaluate your business and the critical areas: What is the most critical component of your business and what generates your revenue? You must know what is in your environment and what is critical to protect.
Once you do that, it's time to put a maturity baseline in place
When you're outlining your incident response plan, ensure you're considering your offsite sources like vendors and cloud networks.
Given how quickly the need for cyber professionals has grown coupled with the relative newness of cyber as a function within business, a gap has resulted in available cyber talent. Cyber roles have a faster than average projected growth rate of 33%, on a national level, in cyber jobs from 2020 - 2030.3 Companies Cyber leaders must recognize that the cyber team members they have are some of the most desirable talent, so you should ensure you're having career growth conversations with them and investing in their continued success within your organization.
While recruiting may be challenging, consider those already at your organization. As Bobby Christian said, "we're going to have to create these people and we have to look in different pockets now than we've ever looked before." Source people from across your organization and consider reskilling them so they can move into a cyber career track. With better training, more foundational knowledge, and a talent pipeline built for the future, the gap can begin to close.
VP, Chief Information Security Officer
Dr. Fred Kwong has been in the information security and technology field for the past 20 years working in the education, financial, telecommunication, healthcare, and insurance sectors. He is an award-winning thought leader in security and currently works at DeVry University where he serves as the VP and Chief Information Security Officer.
