These are the security trends to watch in 2023

It's about the attack surface, identity and supply chains, says Gartner's Paul Furtado

Tom Allen
clock • 7 min read
These are the security trends to watch in 2023

“Business thinks IT has a crystal ball, but the truth is the CISO doesn’t always know what’s going on.”

That was the conclusion of Paul Furtado, VP analyst at Gartner, speaking at MES IT Security in Indianapolis this week.

There are some persistent security challenges - the skills gap, shadow IT, hybrid work - but Furtado focused on the newest threats facing security teams in 2023, along with an action plan to address each one.

#1: Expanding perimeter

Image: Paul Furtado / Gartner

While attacks are evolving, one of the biggest threats today is the expanding perimeter/attack surface.

Furtado pointed out that security regulations "don't differentiate between cloud, on-prem or SaaS - they just care about the data."

Action plan

  1. Perform attack surface gap analysis - "A regulator's not going to give you a free pass because you say, 'I didn't know we were using that application.'"
  2. Evaluate attack surface management technologies to visualise external digital footprint.
  3. Consider pen testing, breach simulation, etc to provide regular assessments.
  4. Test your response.

While most people - including Furtado, later in his presentation - recommend bringing business and IT together, he recommended keeping conversations about responses to a security separate.

"As soon as you start talking tech you've lost the board, and once you start talking about cyber insurance and marketing you've lost your tech team.

"It's the same scenario but two different people."

You may also like
Operation Cronos: NCA reveals details of LockBit affiliates

Threats and Risks

Operation has been crippled - for now

clock 22 February 2024 • 3 min read
Law enforcement takes down LockBit - updated

Security

NCA among the groups under 'Operation Cronos'

clock 20 February 2024 • 2 min read
Microsoft's chief security advisor joins Cybersecurity Festival 2024

Security

Sarah Armstrong-Smith will talk AI in security

clock 19 February 2024 • 1 min read

More on Security

Law enforcement takes down LockBit - updated

Law enforcement takes down LockBit - updated

NCA among the groups under 'Operation Cronos'

Tom Allen
clock 20 February 2024 • 2 min read
Microsoft's chief security advisor joins Cybersecurity Festival 2024

Microsoft's chief security advisor joins Cybersecurity Festival 2024

Sarah Armstrong-Smith will talk AI in security

Tom Allen
clock 19 February 2024 • 1 min read
Microsoft announces critical zero-day Exchange bug

Microsoft announces critical zero-day Exchange bug

Enables remote control of Exchange Server

Vikki Davies
clock 16 February 2024 • 1 min read