Exeon Analytics: Focus on CISOs in 2023

Zurich, December 15, 2022

Top management and advisory boards will become even more demanding in 2023 when it comes to IT security in their companies, according to Swiss security firm Exeon Analytics following a roundtable discussion with CISOs from medium and large companies. Whereas in the past, they have predominantly only wanted to be informed about security risks, in the future, the focus will be on demonstrating effective proactive measures against potential security incidents. CISOs must demonstrate how they can improve cybersecurity and respond more quickly to incidents before they can cause severe damage.

"Especially in times of shortage of staff and expertise, the demands on CISOs will again increase significantly in the coming year," said Gregor Erismann, CCO of Exeon Analytics. "On the other hand, this also means that security officers must be more closely involved in business decisions in order to act as enablers. IT security is increasingly becoming the foundation of business success, and therefore the CISO needs to be integrated into the business strategy."

Every partner brings its security risks

This is also true when working with partner companies with access to the corporate network and whose security is therefore a deciding factor for their own company's cybersecurity. The same is true for third-party applications deployed on the company's infrastructure. Many partners or third-party applications have privileged access that can lead to a compromise of the company's network, either intentionally or through misconfiguration. Supply chain attacks have already been shown to be one of the most dangerous gateways into the corporate network in 2022. CISOs surveyed by Exeon expect this trend to intensify in 2023. CISOs' responsibilities will therefore extend even further beyond their networks.

This is especially true for cloud applications, where there is no longer a perimeter that the organization can control. "Here, CISOs are currently seeing that cloud providers want to position themselves primarily through ease of use and quick and easy provisioning," Erismann said. "But that can easily lead to security not getting the priority it deserves and needs."

Managed services, AI and automation

CISOs will increasingly address staffing shortages in the coming year through automation and the use of managed services, according to Exeon. AI-based tools, particularly in the area of monitoring and early detection, will also continue to grow in importance. However, Exeon warns against seeing the provider merely as a supplier when it comes to using managed services in particular. Security decisions are strategic decisions; therefore, working with a managed service provider should also be a true strategic partnership. Phishing will remain a significant threat in 2023

Phishing will remain a key issue in 2023, according to CISOs surveyed by Exeon. Phishing attackers only need to succeed once, while the CISO and their team must defend against every attack. In addition to a great deal of reconnaissance at all levels of the hierarchy, this includes comprehensive monitoring of network activity so that malware placed by successful phishing attempts can be detected early on based on network anomalies and stopped before it causes any damage. For example, lateral movements typical of ransomware or even other attacks can be detected.