Virtualization Technology News and Information
Beachhead Solutions 2023 Predictions: Layered Security, NIST and, Security Budgets


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Layered Security, NIST and, Security Budgets

By Cam Roberson, Vice President at Beachhead Solutions

2023 will see organizations trying to weather an unclear economic outlook (and tightening budgets) amid increasing infosecurity threats. It'll be a tricky juxtaposition that will, unfortunately, probably lead to security breach headlines for some. I anticipate the following three narratives will be a big part of the security story in 2023:

1. NIST will take the spotlight

While compliance with the U.S. government's NIST cybersecurity framework provides for voluntary security guidance and best practices, its comprehensive structure offers a valuable blueprint for all more specific government (e.g. CMMC, DFARS) and other industry mandates. NIST includes five core functions and more than 100 subcategories delineating specific technologies and best practices to identify, protect, detect, respond, and recover from cybersecurity attacks.

In 2023, NIST will continue to rise as a (if not the) de facto cross-industry. Businesses will put in the work to achieve NIST compliance, and promote that achievement as proof of their effective cybersecurity practices. Companies will utilize this proof point as a competitive differentiator over less secure competitors. As familiarity continues to grow in the coming year, NIST compliance will rise as an effective method of winning customers, as well as keeping their data safe. Importantly, the comprehensive nature of NIST also puts organizations in an easily-attainable position to meet other compliance mandates they are subject to.

2. Businesses with ransomware-centric protections will pursue more layered security postures

Ransomware defense continues to get a lot of attention-and a lot of budget-from businesses across industries. And as well it should. But organizations will use 2023 to take a deeper look at how comprehensive and holistic their current security posture is. Are they over-prioritizing ransomware attention to the detriment of other significant risks to business data and continuity (like insider risk, lost and stolen devices, and compliance violations)? Businesses still need to have continuous security training regimens that teach employees to recognize phishing emails, keep login credentials secure, stick to approved network connections, and not share devices or leave a credentialed session unattended. Businesses also need to introduce (if they haven't already) governance controls capable of recognizing insider threats, complete with audit-quality activity logging and reporting. Finally, encryption and remote access control safeguards must be ready to automatically deny data access in real-time the second that threat conditions are present. Organizations that introduce these well-rounded measures in 2023 will find themselves not only safer from ransomware, but from the full spectrum of threats-many of which are more likely to affect them than ransomware.

3. Organizations will resist the temptation to cut security budgets

Economic uncertainty will have many businesses seeking to tighten up budgets and reduce overhead costs wherever they can. That said, most businesses understand that cybersecurity is one area where budget cuts would be a penny-wise-but-pound-foolish decision. The stakes are just too high, given that cybersecurity investments safeguard not just systems and data but also a business's regulatory compliance and reputation. Fines from regulatory enforcement are steep enough to cripple many companies, and loss of reputation can be even harder to bounce back from. In 2023, businesses may seek to become more efficient with their security budgets, but will be careful to keep the effectiveness of their cybersecurity measures intact.

A year of security reflection and improvement

Aligning with these trends, 2023 may well be the year that budget pressures make businesses closely examine and optimize their cybersecurity postures. By following NIST guidance and bringing ransomware fears into balance, organizations can come away with more robust and comprehensive protections that remain well in-budget.



Cam Roberson 

Cam Roberson is Vice President at San Jose-based Beachhead Solutions, which provides a PC and device security platform for businesses (and MSPs) across industries to encrypt data and automate threat responses. Cam began his career with Apple Computer, where he held several senior product management roles in the computing and imaging divisions.

Published Wednesday, January 04, 2023 10:01 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2023>