3 Lessons From Cybersecurity Leaders in 2023

The last time we checked on the status of the cybersecurity landscape, the results were mixed.

According to our recently published report, The State of Security 2023, security remains a challenge; although fewer organizations say it’s harder to keep up with security requirements, many still respond reactively to the challenges that come their way.

Overwhelming team workloads, security stack complexity and increasingly sophisticated threats are among the top issues. Meanwhile, the top priorities include cloud security, DevSecOps and security automation.

In addition to these areas of focus, the research from The State of Security 2023 surfaced a few strategies that set the real leaders apart — the security teams that are trusted and whose value is understood across the rest of the business.

1. Use data and analytics to optimize threat detection and response

Compared to security teams that are seen as roadblocks to the rest of the organization, enablers more often rely on analytics to:

• Identify cyber risks (38% versus 26% among teams seen as roadblocks)
• Improve threat detection (40% versus 25%)
• Accelerate investigations (35% versus 27%)
• Automate remediation (38% versus 22%)

As these teams’ efforts to build data-driven efficiencies across detection, investigation and response improve security operations results, they’ll likewise continue to elevate the security team’s status with the business.

2. Proactively counter ransomware risk and supply chain threats

Security leaders are much more likely to report increasing investment for the expressed purpose of helping mitigate ransomware risk. Their proactive steps include:

• Advanced analytics for anomaly detection (35% versus 18%)
• SOAR solutions (35% versus 21%)
• Endpoint detection and response (34% versus 17%)
• Privileged account monitoring (30% versus 20%)

As with ransomware, the teams that best enable the business are visibly more proactive about supply chain risk. Here are the actions such teams favor when grappling with the specter of supply chain attacks:

• More frequent meetings between the CISO and executives and/or the board of directors (26% versus 15%)
• Conducting incident response activities like threat hunting and/or forensic investigations (25% versus 13%)
• Assessing whether current security controls would prevent/detect SCAs (30% versus 15%)
• Increasing log inspection (26% versus 16%)

3. Take a multi-functional approach to building resilience

True organizational resilience lies not only with the security team’s crucial efforts to improve threat detection and incident response, but through holistic collaboration. Across organizations, resilience has been strongest with a collaborative approach in which everything — from software development and infrastructure monitoring to business continuity planning — brings security leaders to the table with IT and business executives to protect the organization.

Security teams seen as enablers to the business more often report their organization has a formal approach to cyber resilience, instituted organization-wide (32% versus 19%); they are also 2.5x as likely (32% versus 13%) to note that their security operations team is collaborating with “all” adjacent functional areas included in the survey — ITOps, app dev, observability and digital experience.

We’ve provided some of the important steps necessary for your organization to face cybersecurity threats. The increased and collaborative focus on resilience in particular is noteworthy. While investing in resilience seems like a reactive, rather than proactive, strategy because it focuses on what you do in the aftermath of an incident, we would argue that it’s actually proactive. Things like risk assessment, incident response planning, key investments in technology and training, and more are crucial ingredients for building resilience that will help your organization be prepared when the inevitable happens.

For more on resilience and the state of cybersecurity, read The State of Security 2023 in full.