2022: The best and worst of cybersecurity times

The end of one year and the beginning of the next is always a time for reflection. This year, however, is especially unusual in that even as threats increase in both volume and sophistication there is pressure to reduce spending as the overall global economy continues to soften.

Complicating matters further, a lot of the cybersecurity leadership that is in place today is relatively new. A global survey from recruitment firm Marlin Hawk that polled 470 CISOs at organizations with more than 10,000 employees finds nearly half (45%) have been in their current role for two years or less.

Overall, the survey places current security leadership turnover rates at 18% on a year-over-year basis. In fact, approximately 62% of CISOs were hired from another company, so it’s fair to assume many of them are still navigating the internal politics of the organizations that hired them. It’s also important to remember that new blood is not necessarily a bad thing. There are plenty of organizations relying on outdated cybersecurity playbooks that could stand to benefit from a fresh approach based on a more modern set of processes and defenses.

Budget concerns

Of course, there’s always been pressure to be more efficient. A chronic shortage of cybersecurity personnel has required cybersecurity leaders to work more closely with their peers to shift more of the responsibility for implementing cybersecurity polices toward IT operations and application development teams. Investments in automation have also increased as part of an effort to spend a little more upfront in the hopes of dramatically reducing costs later.

It's also worth noting that there is a greater appreciation for cybersecurity than ever, so business leaders are not as quick to cut budgets as they might be in other areas. At the same time, not everyone is always in the same financial boat. The energy sector, for example, is thriving compared to some sectors. In fact, security investments, if anything, are increasing to better protect critical infrastructure.

In effect, it’s the best and worst of cybersecurity times — more so than ever. The real issue, which is not always appreciated, is that saving on security isn’t quite the same thing as cutting costs by reducing, for example, the number of virtual machines that might be provisioned in the cloud.

Moving target

Cybercriminals are adversaries that continually evolve their techniques and tactics. Recently, more of those attacks recently are being targeted at applications, which in turn requires investments in additional tools and platforms to secure. It's not simply a matter of shifting resources from one area to another because cybercriminals will simply shift back to launching attacks against infrastructure.

More challenging still, cybercriminals have almost infinite resources, thanks mainly to ransomware payments that continue to fill their coffers. Every time an organization decides it’s in their best interest to pay to recover their data, they are providing cybercriminals with the resources needed to launch additional attacks.

Cybersecurity heading into the New Year has never been more frustrating and rewarding in equal measures. The most important thing to remember, however, is to not let the challenges at hand overwhelm the spirit to continue to wage the good fight.

Subscribe to Journey Notes