As cyber threats continue to evolve, Chief Information Security Officers (CISOs), security analysts, and their teams face a daunting array of challenges as they strive to protect their organizations from cyber threats. Over the last several years, security incidents have been on the rise, talent shortages persist, and attacks are becoming increasingly sophisticated. As a result, the efficacy of cybersecurity measures that once proved effective in countering threats has diminished, indicating a need for new strategies and approaches in the field.

Top challenges faced by CISOs and security analysts

Rising cloud service attacks

According to a recent survey titled “Cybersecurity Perspectives 2023”, commissioned by Scale Venture Partners, a staggering 71% of organizations have experienced three or more types of security incidents, representing a 51% increase compared to the previous year.

The most prevalent cyberattacks include those targeting cloud services, with 50% of organizations reporting at least one such incident in the last 12 months.

Moreover, there was a 58% surge in the number of firms falling victim to phishing attacks, leading to the theft of employee credentials.

The survey also highlighted two new incident types: compromise through a software supply chain vulnerability and attack/compromise of an AI model.

Talent scarcity

Despite the pressing need for skilled cybersecurity professionals, enterprises are still struggling to attract, hire, and retain them. A concerning 57% of firms reported that the scarcity of security personnel was the most significant barrier to achieving their desired security posture.

Cloud security positions were considered the most difficult to fill, followed by network security and application security roles.

Reduced efficiency of existing cyber protection

Threat actors are continuously adopting innovative attack methods, disrupting AI/ML data models, and uncovering novel attack mechanisms, resulting in a decline in the efficiency of once-trusted cybersecurity measures. Only 48% of security leaders have confidence in the effectiveness of their cybersecurity defenses against prevalent security threats.

The rise of AI/ML

By 2024, Artificial Intelligence (AI) and machine learning (ML) are expected to assume a paramount role in cybersecurity, as reported by four out of five security leaders. Security leaders are also worried about the governance of AI/ML models and monitoring the drift in malicious and non-malicious AI models.

Market gaps

Security leaders have identified notable disparities between the perceived “importance” and actual “satisfaction” with commercially-available cybersecurity solutions. The most significant market gaps were observed in cloud application and CI/CD security, where there exists a substantial delta of 45% or more between the importance attached to these solutions and the level of satisfaction they currently provide to security leaders.

Preparing for 2023 and beyond

As organizations brace themselves for the challenges ahead, CISOs and security analysts are taking proactive steps to bolster their cybersecurity measures:

Cybersecurity spending priorities

Network security and cloud infrastructure security remain among the top three spending priorities for enterprise security leaders. Identity and access management (IAM) has surged from 8th to 2nd place, reflecting the growing concern around identity security in a multi-cloud environment. Security automation has also returned to the list of priorities, signaling a focus on efficiency and response capabilities.

Stricter policy enforcement

83% of firms have set their sights on strengthening the enforcement of existing security policies this year. Simultaneously, 63% of organizations are actively pursuing enhanced visibility and transparency regarding their security status. Gaining deeper insights into the software supply chain and safeguarding AI/ML models and data pipelines rank high among their priorities.

Tools to empower cybersecurity talent

In the coming year, security leaders plan to implement strategies aimed at enhancing the efficiency of their cybersecurity teams, given the limitations they face. Notably, 63% of companies express a keen interest in harnessing security tools equipped with AI and Machine Learning capabilities. 62% of organizations are eager to adopt tools that automate manual security processes.

Investing in innovative solutions

Enterprises are investing more in emerging security solutions to address perceived weaknesses in the current offerings from leading vendors. Budget allocations for new, innovative, and experimental security solutions have increased by 18% this year, though this growth rate is lower than the previous year’s 27%.

Building in-house solutions

43% of organizations intend to develop in-house security solutions this year, with large enterprises taking the lead in this trend (83% compared to 57% for mid-sized firms). Threat intelligence and network security are among the top focus areas, while endpoint security takes priority over cloud infrastructure security for in-house development.

As the cyber landscape continues to evolve, it is evident that CISOs and security leaders must remain vigilant and adapt their strategies to confront the ever-changing threat landscape. With the right tools, talent, and investments, organizations can enhance their resilience and safeguard their assets from the growing menace of cyberattacks.

Source: Cybersecurity Perspectives 2023

Read next: Over 35% of Indian organizations faced data breaches, reveals 2023 Thales Cloud Security Report