Enterprise CISOs will have a lot on their plate in 2022 as they continue to grapple with securely connecting a remote workforce while they need to address other pressing initiatives to protect their organization from an evolving cast of threat actors. To better understand where and how CISOs plan to prioritize their investments in the coming year, Lumu Technologies recently conducted its second annual survey of 300 cybersecurity leaders across North America and has compiled the results into an infographic.
For the second year running, Lumu polled CISOs and cybersecurity leaders on the projects they consider most urgent and compiled their answers in its 2022 CISO Priorities Flashcard. Among the many initiatives available for their consideration, here are some of the highlights:
The remote workforce
As businesses went remote in 2019, cybersecurity teams scrambled to secure users who left the security of the perimeter by going remote. Consequently, in 2021 94% of CISOs noted securing their remote workforce was an ‘absolute priority’ or ‘priority.’
In 2022, the response is more muted from US CISOs. A total of 78% of CISOs regard securing the remote workforce as a priority, making it the top priority for the second year running. While it can be assumed that CISOs addressed the initial impact of those cohorts starting to work from home, remote workers remain an on-going concern. Under hybrid work models devices moving in and out of perimeter defenses represent new challenges and vulnerabilities.
Facilitating proficient day-to-day cybersecurity operations
In 2022, many top priorities concern the ease of cybersecurity operations. Automating threat detection and response (78%) and unifying threat visibility across all assets (62%) are some of our respondents’ top priorities. These measures indicate that tools that make the SOC team’s work more automated and more efficient are getting precedence. Demand for cybersecurity talent is only increasing. Efforts that help operators with their daily tasks not only make the most of an expensive resource but improve staff retention.
The cybersecurity big picture
Improving the cybersecurity posture as a whole is at the forefront of CISOs’ minds. Enhancing cybersecurity testing beyond penetration testing (63%) and measuring the effectiveness of the cybersecurity ecosystem (62%) are being prioritized in 2022. With so many tools, projects and methodologies to choose from, subjectively testing the system and its components is key. CISOs are looking to spend their budgets intelligently and get evidence of their performance that they can take back to their board.
Supply chain surprise
In 2021, supply chain attacks dominated the headlines, with the Kaseya and SolarWinds attacks at the forefront. Sophisticated attackers are looking to exploit vulnerabilities in pipelines and packages (such as log4j) to compromise organizations lower down in the supply chain. That’s why it may come as a surprise that only 49% of cybersecurity leaders consider supply chain risk assessment a priority. In an ideal world, this should be a key component of any organization’s due diligence practices.
The SOC team is here to stay
CISOs are least interested in outsourcing cybersecurity operations (17%). Smaller businesses without a CISO or cybersecurity staff might acquire the help of a third party. However, organizations with mature information security stacks recognize the reality that cybersecurity is not just bought but operated. CISOs are committed to the constant measurement and improvement of their cybersecurity operations.