We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – August 3. Join AI and data leaders for insightful talks and exciting networking opportunities. Learn more about Transform 2022
CISOs’ roles need to transition from technologists who prevent breaches to corporate strategists managing cyber risks. Unfortunately, slowing down CISOs’ career growth are security tech stacks that aren’t designed for new digital transformation, virtualization and hybrid cloud initiatives in their companies. Gartner’s recently published top security and risk management trends for 2022 report explains where the most vulnerable security stack gaps are.
The seven trends also help to explain the many challenges CISOs face when transitioning their careers and cybersecurity spending away from tactics and into strategic roles. Implicit in these trends is the urgent need to treat cybersecurity as a business decision. Taken together from the standpoint of enterprises focused on new digital initiatives, the seven trends show clearly that cybersecurity needs to be a business enabler first. The two trending proof points of cybersecurity’s business value are decentralized decision-making and faster response times to business challenges.
How Gartner’s trends define a cybersecurity roadmap
Responding to threats is what enterprises and their CISOs need the most help with today. As a result, Gartner chose to organize their trends and assign most of them to threat response. That’s a clear indication that their enterprise clients are focused on this area and looking for guidance. Attack Surface Expansion, Identity Threat Detection and Response and Digital Supply Chain Risk are the three trends Gartner sees as most important for threat response.
Rethinking Technology is the second strategic trend, including Vendor Consolidation and Cybersecurity Mesh. The third strategic trend is Reframing The Cybersecurity Practice. Gartner adds Distribution Decisions and Beyond Awareness to this group.
Taken together, Gartner’s trends create a high-level cybersecurity roadmap that any enterprise can follow. Best of all, it starts out closing the gaps in existing security tech stacks at their most vulnerable breakpoints. These include identity access management (IAM), privileged access management (PAM) and reducing threats to digital supply chains.
Translating the seven trends into a strategic roadmap yield the following:
Roadmap phase 1: Responding to threats
- Attack surface expansion
- Identity threat detection and response
- Digital supply chain risk
Roadmap phase 2: Rethinking technology
- Vendor consolidation
- Cybersecurity mesh
Roadmap phase 3: Reframing practice
- Distributing decisions
- Beyond awareness
What the trends mean for CISOs
The more adept a security stack becomes at managing risk and supporting new business, the greater the potential career growth for CISOs. But unfortunately, legacy systems don’t just hold enterprises back from growing, and they hold careers back too. Today, speed and time-to-market are getting compressed on all digital business initiatives and new ventures. That’s the catalyst driving the urgency behind the seven trends.
The trends mean the following to CISOs today:
- Decentralized cybersecurity is an asset. Getting away from centralized cybersecurity and adopting a more decentralized organization and supporting tech stack increases an organization’s speed, responsiveness and adaptability to new business ventures. Centralized cybersecurity is a bottleneck that limits the progress of new initiatives and limits the careers of those managing them, most often CISOs.
- Cybersecurity needs extreme ownership. The hardest part of any CISO’s job is getting the thousands of employees in their organizations to follow cybersecurity hygiene. Authoritarian approaches and continual virtual learning programs are limited in effectiveness, evidenced by the record ransomware breaches in 2021 and continuing this year. CISOs need to take on change management to create extreme ownership of outcomes by employees. Finding new ways to reward ownership for cybersecurity and good security hygiene are key. The best-selling book, Extreme Ownership, is an excellent read and one that CISOs and their teams need to consider reading this year when it comes to leadership and change management.
- Attack surfaces are just getting started. It’s a safe bet that the number, complexity and challenges of managing multiple threat surfaces are only going to grow. CISOs and their teams need to anticipate it and secure their digital supply chains, especially in their core DevOps process areas. Getting IAM and PAM right is also essential, as the trend Identity Threat Detection and Response explains.
CISOs: find new ways to add value
Getting bogged down with security tactics puts enterprises and careers at risk. Instead, concentrate on making cyber-risk a business and organizational risk first. Only then can CISOs transition their organization to be more of an enabler and accelerator of new products and not a roadblock to new revenue. Most important is for CISOs to look at the trends through the lens of how they can build stronger relationships outside of IT. Starting with other C-level executives, board members with a specific focus on the CRO and CMO are key. The two executives who are the most responsible for revenue also make the riskiest decisions for an enterprise. Seeing how cybersecurity can manage risk is a great way to grow a business and a career.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.