These are the security trends to watch in 2023

It's about the attack surface, identity and supply chains, says Gartner's Paul Furtado

Tom Allen
clock • 7 min read

“Business thinks IT has a crystal ball, but the truth is the CISO doesn’t always know what’s going on.”

Image: Paul Furtado / Gartner

#2 Identity threat detection and response

"Identity is the new perimeter," said Furtado. "[It] is the crux of your network, the core of your network, and you need to have very strong identity discipline in your environments."

Weak identity discipline leads directly to things like credential compromise, which is still one of the main reasons companies are breached.

Action plan:

  1. Prioritise the security of identity infrastructure with tools to monitor, protect, detect and remediate.
  2. Use the MITRE ATT&CK framework (or similar) to correlate ITDR techniques with common attack scenarios.
  3. Invest in foundational IAM security best practices like least privilege.
  4. Modernise IAM infrastructure using current and emerging standards.

"We're seeing more and more organisations struggling simply from the fact that they don't do a good job with fundamentals. They don't do necessarily a good job of adapting their current models to be leveraged across their entire environment."

Related Topics

You may also like
'Levelling up cybersecurity is a team effort,' says Jacob DePriest of GitHub

Open Source

'Levelling up cybersecurity is a team effort,' says Jacob DePriest of GitHub

But security starts with developers, and AI isn’t going to replace them

clock 09 May 2024 • 5 min read
Cybersecurity Festival 2024: Four ways to cut your cyber insurance premiums

Finance

Cybersecurity Festival 2024: Four ways to cut your cyber insurance premiums

Certifications mean nothing without action

clock 08 May 2024 • 4 min read
IT Essentials: A cyber staycation

Security

IT Essentials: A cyber staycation

The UK made headlines in security news

clock 07 May 2024 • 3 min read
Tom Allen
Author spotlight

Tom Allen

View profile
More from Tom Allen

Cybersecurity Festival 2024: Four ways to cut your cyber insurance premiums

IT glitch takes passports gates offline across the UK

Most read
01

Stack Overflow subscribers rebel over OpenAI deal

09 May 2024 • 3 min read
02

'TunnelVision' bug potentially allows snooping on all VPNs

08 May 2024 • 3 min read
03

TikTok sues US government

09 May 2024 • 3 min read
04

LockBit leader unmasked

08 May 2024 • 3 min read
05

'Levelling up cybersecurity is a team effort,' says Jacob DePriest of GitHub

09 May 2024 • 5 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Security

IT Essentials: A cyber staycation
Security

IT Essentials: A cyber staycation

The UK made headlines in security news

Tom Allen
Tom Allen
clock 07 May 2024 • 3 min read
Microsoft: last year we tracked 200 major threat actors, now it's 300
Security

Microsoft: last year we tracked 200 major threat actors, now it's 300

Microsoft chief security adviser Sarah Armstrong Jones calls for more collaboration on AI and security

John Leonard
John Leonard
clock 07 May 2024 • 2 min read
Microsoft vows to overhaul security, tie executive pay to performance after string of breaches
Security

Microsoft vows to overhaul security, tie executive pay to performance after string of breaches

'We are making security our top priority at Microsoft'

Dev Kundaliya
clock 07 May 2024 • 3 min read