We are excited to bring Transform 2022 back to life on 19th July and virtually 20th July – 3rd August. Join AI and data leaders for sensible conversations and exciting networking opportunities. Learn more about Transform 2022
CISO roles need to transition from technologists to prevent breaches in corporate strategists managing cyber risks. Unfortunately, the slowdown in CISO’s career growth is due to security tech stacks that have not been developed in their companies for new digital transformation, virtualization and hybrid cloud initiatives. The recently released top security and risk management trends for Gartner’s 2022 report illustrate where the most sensitive security stack gap is.
The seven trends also help explain the challenges CISO faces as they move their careers and cyber security spending away from strategy and into strategic roles. These trends include the urgent need to consider cyber security as a business decision. Taken together from the perspective of enterprises focusing on new digital initiatives, the seven trends clearly show that cybersecurity needs to enable business first. Two trending proof points about the business value of cybersecurity is the time for decentralized decision making and quick response to business challenges.
How Gartner’s trends define the cybersecurity roadmap
Responding to threats is what the enterprise and their CISO need most today. As a result, Gartner chose to adjust his tendencies and hand over most of them to the threat response. It is a clear indication that their enterprise clients are focusing on this area and seeking guidance. Expansion of the attack surface, Identity Threat Detection and Response, and Digital Supply Chain Risk are the three trends Gartner considers most important for responding to a threat.
Another strategic trend is to rethink technology, including vendor integration and cybersecurity mesh. The third strategic approach is the reframing of cybersecurity practice. Gartner adds to this group in addition to distribution decisions and awareness.
Together, Gartner’s trends create a high-level cyber security roadmap that any enterprise can follow. At best, it starts closing the gaps in existing security tech stacks at their most sensitive breakpoints. These include Identity Access Management (IAM), Privileged Access Management (PAM) and Risk Reduction for the digital supply chain.
Translating seven trends into a strategic roadmap achieves the following:
Roadmap Phase 1: Responding to threats
- Attack surface expansion
- Identity threat detection and response
- Digital supply chain risk
Roadmap Phase 2: Rethinking technology
- Vendor aggregation
- Cyber Security Mesh
Roadmap Phase 3: Reframing Practice
- Distribution of decisions
- Out of awareness
What do trends mean for CISOs
The more specialized a security stack becomes in managing risk and supporting a new business, the greater the potential career growth for CISO. But unfortunately, legacy systems not only stop the enterprise from growing, but they also hold back the career. Today, the pace and time-market is shrinking on all digital business initiatives and new ventures. It is the catalyst that drives the urgency behind the seven trends.
Trends mean the following for CISO today:
- Decentralized cyber security is an asset. Avoiding centralized cyber security and adopting a more decentralized organization and supporting the tech stack increases the organization’s speed, responsiveness, and adaptability to new business ventures. Centralized cybersecurity is a barrier that limits the progress of new initiatives and the careers of those who administer them, mostly CISOs.
- Cyber security requires heavy ownershipThe hardest part of any CISO job is to get thousands of employees in their organizations to follow cyber security hygiene. The effectiveness of authoritarian approaches and continuous virtual learning programs is limited, as evidenced by Ransomware’s record-breaking 2021 and will continue this year. CISO requires change management to create extreme ownership of results by employees. The key is to find new ways to win ownership rewards for cyber security and good security hygiene. The best-selling book, Extreme Ownership, is an excellent read, and CISOs and their teams need to consider reading this year when it comes to leadership and change management.
- The surface of the attack is just beginning. It is a safe bet that the number, complexity and challenges of managing multiple hazardous surfaces will only increase. CISOs and their teams need to anticipate and secure their digital supply chain, especially in their core DevOps processing areas. It is also important to get the IAM and PAM properly, as trends illustrate the detection and response to identity risk.
CISO: Discover new ways to add value
Entangled in security tactics endangers ventures and careers. Instead, focus on making cyber-risk a business and organizational risk first. Only then can CISO transition their organization to become more capable and accelerated of new products and not hinder new revenue. The most important thing for CISOs is to look at trends through the lens of how they can build strong relationships outside of IT. Starting with other C-level executives, key board members with a specific focus on CROs and CMOs are key. Even the two executives who are most responsible for revenue make the most risky decisions for the enterprise. Looking at how cybersecurity can manage risk is the best way to grow a business and career.
Venturebeat’s mission Transformative Enterprise is about to become a digital town square for technology decision makers to gain knowledge about technology and transactions. Learn more about membership.