The coming new year is a good moment for chief information security officers to reflect upon what they’ve learned this year and how to apply this knowledge going forward.
“If companies are not going to learn these lessons and mature their security practices, we will see increased scrutiny in audits and third-party risk assessments, and this may have a financial, reputational, operational, or even compliance impact on their business,” says Sohail Iqbal, CISO at Veracode.
1. Don’t wait for a geopolitical conflict to boost your security
2. The population of threat actors has exploded, and their services have become dirt cheap
3. Untrained employees can cost a company millions of dollars
4. Governments are legislating more aggressively for cybersecurity
5. Organizations should keep better track of open-source software
6. More effort should be put into identifying vulnerabilities
7. Companies need to do more to protect against supply chain attacks
8. Zero trust should be a core philosophy
9. Cyber liability insurance requirements might continue to increase
10. The “shift-left” approach to software testing is dated
11. Using the wrong tool for the wrong asset will not fix the problem
12. Organizations need help understanding their complete application architectures
13. Security should be a continuous effort
14. Have plans in place
Source for more details: 14 lessons CISOs learned in 2022
