Virtualization Technology News and Information
Article
RSS
Juniper Networks 2023 Predictions: Cyber Protection and Policies from the C-Suite

vmblog-predictions-2023 

Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

Cyber Protection and Policies from the C-Suite

By Drew Simonis, CISO, Juniper Networks

The role of the CISO has quickly evolved over the last couple of years. Between surging breaches and cyberattacks, the COVID-19 pandemic and ensuing changes to the workplace, the threat landscape is more volatile than ever, making security an increasingly crucial part of the C-suite conversation.

Gone are the days when technical acumen sufficed for leading cybersecurity teams. To combat the scale of threats companies face today, CISOs must be extremely collaborative, strategic and apt at decision-making. In fact, a survey conducted by 451 Research found that 70% of CISO respondents said an emphasis on risk management is a top change in the CISO's role. Now, more than ever before, CISOs must work closely with the rest of the C-suite and other company stakeholders, while staying up to date on the threat landscape, latest cyber policy, and preparing to deal with the financial burdens associated with security breaches.

It's a juggle, to be sure, but CISOs who are able to keep their company's internal structure and strategy secure will find the most success in combatting challenges associated with the cybersecurity landscape. To that end, I've compiled a list of trends that CISOs and other executives should watch out for in 2023 regarding cyber insurance and security bills and legislature.

Cyber insurance makes way for cyber warranties. We all know premiums, retentions and exclusions are increasing, but rather than abandoning cyber insurance all together we'll begin looking for other ways to secure and protect our businesses. To that end, customers may begin demanding, or savvy vendors may begin offering, "cyber warranties" with relevant products. For example, a cyber warranty could promise help recovering data if malware makes it through a web or email filter that was meant to protect the network.

Speaking of insurance...CISO liability will become another issue in hiring top security leadership. As mentioned above, there's an increasing amount of pressure and responsibility on CISOs in this aggressive threat landscape. Because of this, CISO candidates will look to their company to cover them in high-risk situations ranging from breach disclosure to secure software attestations to loss of reputation. We can look to Uber's former CSO for an example of just how costly these breaches can be. As a safety precaution, Executive Risk insurance policies will become more frequently included in hiring contracts.

Application security gets a big spotlight. The Software Bill of Materials (SBOM) was a good start, and it will pull back the covers on a lot of bad software composition, but it's also brough application security to the forefront of many security professionals' minds. The recent announcement requiring NIST SP 800-218 adherence and specific attestations will give companies further pause about the choices they are making when building software. Will API-first development paradigms and applications as a mesh of services, rather than monolithic code bases, gain traction? It's certainly possible.

Security bandwagon brings demand for licensing. The security requirement bandwagon is moving fast, and everyone wants to jump aboard. With the enforcement of CMMC (Cybersecurity Maturity Model Certification), CIRCIA (Cyber Incident Reporting for Critical Infrastructure Act of 2022) and the looming SEC disclosure rules in the US, NIS2 (Network and Information Security) in Europe, NIS expansion in the UK and so forth, the signals are clear that cyber is a big deal. Given the talent shortage and all the creative ways companies are bringing new folks into the industry, 2023 may well be the year we see some emerging demand for professional licensing, ala the Engineering industry. 

Overall, we can expect big changes in cyber policy in 2023 with implications for hiring teams, CISOs and broader security teams alike. Moving forward, all eyes will be on cyber education, insurance and proper policy framework, with the CISO overseeing the lot of it. That said, each of us must be aware of the threats we face, how those threats would take advantage of our choices and what better choices to make in that context. To sustain this, security has to be part of the culture and very framework of every business.

##

ABOUT THE AUTHOR

Drew Simonis, Chief Information Security Officer, Juniper Networks

Drew Simonis 

Drew Simonis is the Chief Information Security Officer for Juniper Networks. As CISO of Juniper Networks, Drew is responsible for the protection of Juniper and its information assets. With more than 20 years of experience in the security industry, Drew holds expertise in threat and vulnerability management, insider threat mitigation, data loss prevention and building security teams. Most recently, he served as the Vice President of Global Security at Hewlett Packard Enterprise, where he worked for over seven years. Prior to that, Drew held roles for Willis and Symantec, among others.

Published Tuesday, November 15, 2022 7:32 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2022>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
27282930123
45678910