The Future of Cyber: Perfect the Present, Focus on Future

To remain resilient, cybersecurity leaders must perfect fundamentals while staying forward-thinking. So how can they juggle these to ensure cyber resilience?

Clewin McPherson, Chief Information Security Officer, Exiger

April 19, 2023

4 Min Read
neon green digital lock
Stu Gray-2GN9BH6 via Alamy Stock

The global political, healthcare, and climate unrest of the past three years have made one thing clear to governments and corporations alike: Cybersecurity, throughout the entire supply chain, must be a top priority. Even so, Gartner found that just 23% of security and risk leaders monitor third parties in real time for cybersecurity exposure.

Granted, it’s a challenging endeavor: CISOs and other security and risk leaders need to not only perfect the fundamentals, but they must also stay relentlessly agile to stay ahead of ever-advancing cybercriminals and continue to prioritize innovative technologies. So how can companies and agencies seamlessly juggle these to ensure cyber resilience?

Focusing on Fundamentals

Simply evaluating and analyzing a company’s cyber risks is a good place to start -- and a key requirement to obtain cyber insurance. Concentrating on simple, classic controls, such as implementing authentication at every level of a business’ systems, eliminating unneeded data, and encrypting data are all vital first steps to strengthening cyber posture.

Without these first steps, it will be impossible to stay on top of evolving threats. Cybersecurity resilience doesn’t have a one-step fix -- it’s crucial to begin with these fundamentals to become more resilient for the future.

Staying Agile

While the basics are important, recent examples have shown the world that the risk landscape can shift within a matter of days. The log4J case of late 2021 caused chaos within businesses believed to have strong cyber posture, and they had to scramble to mitigate risk not only within their own business, but across their software supply chain.

This isn’t to point fingers -- it is a challenging time for companies. There are increased cyber risks created by a hybrid workforce, and cyber teams are often overburdened. In the log4J case, without any third-party transparency, it took days or weeks to identify the root of the exposure.

In addition, in this volatile landscape, industry leaders need to move beyond point-in-time data and focus on trailing metrics.

Tackle New Technology

In order to evaluate cyber risks and stay nimble, companies are often resorting to lengthy questionnaires that provide a point-in-time snapshot of their risk. This process becomes even more bogged down when evaluating third-party and supply chain risks, as they must rely on all vendors to fill out these lengthy questionnaires swiftly and accurately. This becomes enormously time-consuming for cyber teams; time that could be better used to maintain and strengthen cyber hygiene.

This is when utilizing technology can help tackle transparency more efficiently. Platforms that gather vendor risk data from numerous channels can provide a better complete understanding of a business’ cyber risk. At the same time, the technology can provide real-time insight into a company’s vulnerabilities, allowing leaders to make accurate, informed decisions during chaotic moments to minimize disruption to the company, its third parties and industries at large.

Continuing Cyber Progress Into the Future

Even if companies perfect the fundamentals while staying forward-thinking, the industry must also continue to progress -- and that includes building the future of cybersecurity talent. After all, the industry can only progress as far as its leaders.

There is already negative unemployment in the cybersecurity industry due to lack of knowledgeable resources. Combine this with more boomers approaching retirement and fewer skilled workers to take their place, the cybersecurity space is experiencing a significant skill and knowledge gap. Today’s cybersecurity leaders bear the responsibility of cultivating, mentoring, and shaping the future of cybersecurity talent. We must act with urgency today to recruit, train, retain, and mentor the next generation of cybersecurity talent.

The best way to foster this talent is to introduce it to students well before college -- the industry must work to incorporate cybersecurity into STEM curriculum in high school or even earlier. It’s only in this way that a diverse group of students will be able to recognize and explore this as a career option.

Cybersecurity innovation has come far, but industry leaders cannot stop perfecting, evolving, and nurturing -- it’s the only way to secure the world’s future from risk.

About the Author(s)

Clewin McPherson

Chief Information Security Officer, Exiger

Clewin McPherson is Chief Information Security Officer at Exiger. He focuses on the firm’s global information technology operations, information security, and risk management programs.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights