Table of Contents
For the second year running, we polled CISOs and cybersecurity leaders on the projects they consider most urgent and compiled their answers in our 2022 CISO Priorities Flashcard. Among the many initiatives available for their consideration, here are some of the highlights. To see the infographics themselves, skip ahead.
The Remote Workforce
As businesses went remote in 2019, cybersecurity teams scrambled to secure users who left the security of the perimeter by going remote. Consequently, in 2021 94% of CISOs noted securing their remote workforce an “absolute priority” or “priority”. In 2022, the response is more muted from U.S. CISOs. 78% of CISOs regard securing the remote workforce as a priority, making it the top priority for the second year running.
While it can be assumed that CISOs addressed the initial impact of those cohorts starting to work from home, remote workers remain an ongoing concern. Under hybrid work models devices moving in and out of perimeter defenses represent new challenges and vulnerabilities.
Facilitating Proficient Day-to-Day Cybersecurity Operations
In 2022, many top priorities concern the ease of cybersecurity operations. Automating threat detection and response (78%) and unifying threat visibility across all assets (62%) are some of our respondents’ top priorities. These measures indicate that tools that make the SOC team’s work more automated and more efficient are getting precedence.
Demand for cybersecurity talent is only increasing. Efforts that help operators with their daily tasks not only make the most of an expensive resource but improve staff retention.
The Cybersecurity Big Picture
Improving the cybersecurity posture as a whole is at the forefront of CISOs’ minds. Enhancing cybersecurity testing beyond penetration testing (63%) and measuring the effectiveness of the cybersecurity ecosystem (62%) are being prioritized in 2022. With so many tools, projects, and methodologies to choose from, subjectively testing the system and its components is key. CISOs are looking to spend their budgets intelligently and get evidence of their performance that they can take back to their board.
Supply Chain Surprise
In 2021, supply chain attacks dominated the headlines, with the Kaseya and SolarWinds attacks at the forefront. Sophisticated attackers are looking to exploit vulnerabilities in pipelines and packages (such as log4j) to compromise organizations lower down in the supply chain. That’s why we were surprised that only 49% of cybersecurity leaders consider supply chain risk assessment a priority. In an ideal world, this should be a key component of any organization’s due diligence practices.
The SOC Team Is Here to Stay
CISOs are least interested in outsourcing cybersecurity operations (17%). Smaller businesses without a CISO or cybersecurity staff might acquire the help of a 3rd party. However, organizations with mature information security stacks recognize the reality that cybersecurity is not just bought but operated. CISOs are committed to the constant measurement and improvement of their cybersecurity operations.
The complete 2022 U.S. and Canada CISO Priorities Flashcard is freely available for download. You can also explore the—slightly different—priorities of Latin American CISOs in the Latam and Brazilian versions of the flashcard.