These are the security trends to watch in 2023

It's about the attack surface, identity and supply chains, says Gartner's Paul Furtado

Tom Allen
clock • 7 min read
These are the security trends to watch in 2023

“Business thinks IT has a crystal ball, but the truth is the CISO doesn’t always know what’s going on.”

That was the conclusion of Paul Furtado, VP analyst at Gartner, speaking at MES IT Security in Indianapolis this week.

There are some persistent security challenges - the skills gap, shadow IT, hybrid work - but Furtado focused on the newest threats facing security teams in 2023, along with an action plan to address each one.

#1: Expanding perimeter

Image: Paul Furtado / Gartner

While attacks are evolving, one of the biggest threats today is the expanding perimeter/attack surface.

Furtado pointed out that security regulations "don't differentiate between cloud, on-prem or SaaS - they just care about the data."

Action plan

  1. Perform attack surface gap analysis - "A regulator's not going to give you a free pass because you say, 'I didn't know we were using that application.'"
  2. Evaluate attack surface management technologies to visualise external digital footprint.
  3. Consider pen testing, breach simulation, etc to provide regular assessments.
  4. Test your response.

While most people - including Furtado, later in his presentation - recommend bringing business and IT together, he recommended keeping conversations about responses to a security separate.

"As soon as you start talking tech you've lost the board, and once you start talking about cyber insurance and marketing you've lost your tech team.

"It's the same scenario but two different people."

You may also like
UK gym chain Total Fitness leaks personal images online

Hacking

Other leaked data includes ID documents, payment information and phone numbers

clock 18 June 2024 • 2 min read
Cyber gang shifts focus to SaaS apps

Security

‘Scattered Spider’ is targeting vSphere, Salesforce, Crowdstrike and more

clock 18 June 2024 • 2 min read
Regulators block Meta from training AI on user data

Artificial Intelligence

UK and EU authorities have told Meta to pause plans to train LLMs on Facebook and Instagram data

clock 17 June 2024 • 2 min read

More on Security

Microsoft 365 emails vulnerable to newly discovered exploits

Microsoft 365 emails vulnerable to newly discovered exploits

Security woes continue

Penny Horwood
clock 20 June 2024 • 2 min read
Cyber gang shifts focus to SaaS apps

Cyber gang shifts focus to SaaS apps

‘Scattered Spider’ is targeting vSphere, Salesforce, Crowdstrike and more

Vikki Davies
clock 18 June 2024 • 2 min read
Microsoft June Patch Tuesday has fixes for Windows, Outlook and SharePoint

Microsoft June Patch Tuesday has fixes for Windows, Outlook and SharePoint

A relatively quiet month

John Leonard
clock 12 June 2024 • 2 min read