Experts in cybersecurity are familiar with the ‘shift left’ trend. Shifting left in cybersecurity will be the trend in 2023, but also the way of the future.
Shift left is related to DevSecOps – i.e. development, security and operations – and means ‘baking in’ cybersecurity to applications as early as possible. I would argue that this change in thinking will become a trend in cybersecurity in 2023, along with a shift to more proactive thinking. By this I mean built-in security; implementing cybersecurity protocols across the whole IT architecture and stack to make security an increasingly integral part of IT.
Being proactive also refers to the ways threats are identified and dealt with. It’s no longer sufficient to wait around and hope not to be noticed by cybercriminals. We need to act before they notice us.
One example of this proactivity is that having a separate security, information and event management (SIEM) system is a thing of the past. What is needed is for the security operations centre (SOC) to become a fully integrated hunter that proactively and constantly sniffs out cyberthreats. SOCs should no longer only monitor the environment, they should also actively – and even aggressively – hunt for all things evil in the digital world.
This proactive approach has implications for how an organization acquires, sets up and conducts its cybersecurity. Gone are the days of ten-year security outsourcing contracts. Cybersecurity and the threat landscape of today evolve far too fast. If you’re slow in acquiring and building your setup, it will become obsolete immediately.
Thus today’s agreements need to include the modernization of security agreements in such a way that the organization is not tied in to only one vendor. In terms of the cybersecurity mix – i.e. technology, people and processes – one needs to have flexibility and agility in a completely different way to before. Our customers are already asking for such a shift.
All this brings us to the key component that continues to lay the foundation for cybersecurity: risk assessment. An organization itself needs to assess its own risks, and plan and act upon them. This is a priority, as the organization is ultimately responsible for handling its cyber risks and for building a cybersecurity framework that accounts for these risks in the most effective way.
I leave you with these thoughts: please consider getting a great cybersecurity partner, and keep your cybersecurity practise growing and evolving. Shifting left in cybersecurity will be the trend in 2023, but also the way of the future.
Please feel free to reach out to me to discuss how we could make this work for your organization.
How do you improve your cybersecurity? Do you wonder about the current cyber trends and threats? How about what motivates cybercriminals?
Our Cybersecurity guidebook is a good place to start. Let's demystify cybersecurity.
Download the guidebook