Small and medium-sized enterprises may not have the budgets to invest in all of the latest technology advances, but they still need to keep up with an increasingly digital landscape. SMEs need to choose carefully when spending their money on the latest technology – three experts below give their views on what they believe will be the emerging tech trends.
Deryck Mitchelson, Field CISO, EMEA at Check Point Software Technologies:
Small and medium-sized enterprises have had to adapt rapidly to an increasingly digital landscape, relying more heavily on technology to conduct their day-to-day operations than ever before. This has opened them up to new cybersecurity threats that disproportionately impact smaller organisations. In fact, according to Check Point Research, an organisation in the UK is being attacked on average 775 times per week in the last six months. As we look towards a new year, we are already seeing some emerging tech trends that we expect will impact how SMEs combat this worrying threat.
Shortage of skills:
Every industry and every company is experiencing a cyberskills shortage. This is a trend we expect to see continue into the new year and is something that will impact how SMEs tackle some of the key cybersecurity challenges that lie ahead. Specifically, it is likely that a dedicated security team will no longer be a feasible option, leaving companies without adequate protection from growing cybersecurity threats. As a result, we expect to see a greater adoption of outsourced services as businesses begin to lean on the expertise of managed security service providers. This trend is further supported by the recent changes to Network and Information Systems (NIS) regulations, which will bring MSPs within the scope to keep digital supply chains secure.
Cloud adoption halted
While 2022 has seen the rapid adoption of cloud technology, I suspect that this will begin to plateau and even decline due to the rise in cost and complexity. Many firms will consider bringing workloads back in-house or to private data centres to reduce their overall threat surface. This is because there is a significant operational and technical overhead required to maintain a growing cloud estate, whereas on-prem services can be much simpler to manage. As a result, this could see SMEs taking a few step backs in their Digital Transformation journey that was accelerated because of the pandemic.
Focus on prevention in 2023
Next year will undoubtedly bring with it an array of challenges for SMEs when it comes to cybersecurity, but businesses should be comforted by the fact that by taking a preventative approach, it is possible to prepare and secure their networks from new and emerging threats.
Nicky Tozer, Senior Vice President of EMEA, NetSuite:
The last few years have taught us that ‘uncertainty’ has become a consistent business backdrop, and 2022 was no different – to the extent that ‘permacrisis’ has been declared the UK’s word of the year. These years have demonstrated the need to stay flexible and adapt to any scenario, however severe, and this need for agility looks set to be a key theme in 2023.
As uncertainty continues into 2023, businesses should focus on making their digital infrastructure more robust to protect against risk. For instance, when considering their supply chain, businesses have been forced to react quickly to continual product shortages, delivery strikes and port delays, that show no signs of slowing down. This is just one example where businesses have had to make rapid moves to stay afloat, moving from just-in-time towards a ‘more stock, less deliveries’ model, trying to balance out associated costs of storage and management.
In 2023, automation will also be a vital investment for finance teams, not only to do more with less people, but to give professionals more time for value-add projects. Centralising data and automating financial processes mitigates risk, makes data more accurate, and allows finance teams to focus on analysis and respond to market changes.
Paul Baird, UK Chief Technology Security Officer, Qualys:
While the region’s security professionals played the usual parallel game of catch-up to the threat actors’ rapid evolution, changes to their own IT environments have tied Security Operations Centres’ hands more than usual. They no longer protect simple, on premises environments. The cloud, third-party services, shadow IT and more plague cybersecurity professionals to an alarming degree.
And now, it’s time to see what happens next. Here are three predictions for 2023 that every CISO should digest.
- More accountability for CISOs
CISOs’ repeated calls for more investment in security will finally be heard and the role will be granted more autonomy, but at a price. Organisations will expect their security leaders to justify expenditure, action, strategy, policy, KPIs and more.
- Machine Learning will combat alert fatigue and SOC burnout
Threat actors automate and have become more effective because of it, but the security professionals tasked with stopping them are complaining that they do not have the tools to do so. Basic endpoint detection and response (EDR) is insufficient to dial down the noise and allow SecOps teams to zero in on genuine threats and boost morale. Advanced Machine Learning-powered analytics is the answer, and in 2023 it will play a bigger role as highly regulated industries try to address their cybersecurity talent shortages.
- More focus on supply chain risks
This year, CISOs must look to the SBOM (software bill of materials) to understand all the elements of the technology stack and their dependencies. Some of these will be deployed and maintained by third parties and can be weak points even for organisations with robust security postures. The supply chain must now be seen as integral to cybersecurity strategy, and if necessary, enterprises must support their suppliers in reaching higher levels of maturity. The SBOM will be an indispensable tool in understanding the chain, the gaps that must be plugged and who must plug them.
The year of living securely
Let 2023 be the year we take the lessons learned during the pandemic years and put them to use. We know how sophisticated attackers have become and we know the ways they can be slowed and beaten. All that remains is the will and resources to act. Adapting is the only way to best the attacker, and with the right strategies, skillsets, regulation and commitment, we can do better and ensure we all have a happier new year than the cybergangs.
Click below to share this article