By Gaurav Banga, CEO, and founder, Balbix
- In light of the ever-growing cybersecurity skills gap, and an exploding attack surface, infosec leaders will shift their focus from increasing headcount to increasing efficiency. By prioritizing tasks based on risk, solving the most impactful issues first, CISOs can ensure that even a small team can have a maximum possible impact.
- The accepted definition of a vulnerability will broaden. Typically associated with flaws in software that must be patched, infosec leaders will redefine the term to anything that is open to attack or damage. The impact will be systematic processes, similar to those commonly applied to patching, extended to weak or shared passwords, phishing and social engineering, risk of physical theft, third party vendor risk, and more.
- In recent years, CISOs have gotten much-desired access to the board of directors, yet have struggled to speak in a language that resonates. This has limited the value of their exposure to the board, with many struggling to achieve the appropriate backing for their initiatives. In 2020, CISOs will recognize that business leaders will never understand technical security details such as threats and vulnerabilities, and will begin to leverage education and new tools to communicate business risk and economic exposure to the board.
- Unfortunately, a poor understanding of the massive enterprise attack surface will continue to be the root cause of much cybersecurity-related frustration and anxiety. Discussions with BoD members and C-suite execs on security posture will still be based on gut instinct and incomplete data. Vulnerability management tools will continue to report 1000s of issues, and BU owners will still not be able to keep up, leaving thousands of assets unpatched. Senior executives will still fall for phishing attacks, with embarrassing and expensive consequences. Security teams will still not fully understand the risk of breach of sensitive data like intellectual property. CFOs will once again approve bigger security budgets, and the organization will continue to have no idea whether that was money well spent. Infosec leaders will still not be able to tell curious execs whether the company is vulnerable to the next Wannacry. Business unit teams will still surprise the security team with new soon-to-go-live product offerings that just need to be “blessed.” And by the end of 2020, most organizations will still be one bad click, a single reused password, or one unpatched system away from a major cybersecurity incident. The others will use risk-based tools to transform their cybersecurity posture.
About the Author
Gaurav Banga is the Founder and CEO of Balbix, and serves on the boards of several companies. Before Balbix, Gaurav was the Co-founder & CEO of Bromium and led the company from inception for over 5 years. Earlier in his career, he served in various executive roles at Phoenix Technologies and Intellisync Corporation and was Co-founder and CEO of PDAapps, acquired by Intellisync in 2005. Dr. Banga started his industry career at NetApp. Gaurav has a PhD in CS from Rice University and a B.Tech. in CS from IIT Delhi. He is a prolific inventor with over 60 patents.