2023 #CISOPredicts: Adam Glick, CISO at SimpliSafe
Members of Silicon Valley CISO Investments (SVCI) offer their take on the challenges and trends that will shape 2023.
As Chief Information Security Officers (CISOs) across industries including tech, insurance, and retail, we have the benefit of sharing (and comparing) our perspectives on a variety of hot-button issues. As members of Silicon Valley CISO Investments (SVCI), we also get a front seat to the most recent cybersecurity innovations by advising and investing in the next generation of startups—and using our decades of expertise to help them thrive.
From where we sit in the C-suite, here’s our take on the trends and challenges that will shape 2023:
Adam Glick Chief Information Security Officer, SimpliSafe
We’ll find a way to do less with less
Flying cars. Okay, maybe not in 2023. But, in 2023, things are going to get worse before they get better. I’m not sure there’s any elastic, or otherwise, relationship with malicious actors and cybercrime and the general state of the global economy. While many organizations are battening down the hatches in anticipation for a rough 2023 and many have already jettisoned their payroll cost, it’s doubtful that cyber criminals have taken the same approach. While there’s limited evidence to support that poor economic times lead to greater crime and prosperous times the inverse, cyber crime seems to just not care about it at all. Digital crime has been exponentially increasing over the past decade and is quickly turning into a multi-trillion dollar industry. We’re entering another asymmetric period where malicious actors aren’t being asked by their HR team for a reduction in force. Lazarus’ CFO isn’t asking them to do more with less.
So, what’s a CISO supposed to do? The answer isn’t more with less—it’s different with less, and truthfully less with less. It’s demonstrating to the board what you’re going to accomplish and equally—what you will not accomplish given constraints. Looking for a truly recession-proof industry? Cyber crime may be it.
On a maybe slightly more optimistic prediction, I think there are some technical changes we’ll see in 2023. Here’s what I think we’ll see:
Less push-based MFA: It’s clearly defeatable via fatigue.
Increased consolidation of products: As a previous proponent of best-in-class point solutions, it’s become unrealistic and unwieldy. Outside of the must-haves for security controls, I’m taking a C+ product that can do 5 B- things over an A+ product that does one thing really well.
More supply chain controls: Supply chain is as dangerous as ever and still represents a large risk to many organizations. I hope to see large strides on controls here.
My last few predictions I’m going to put out into the universe if for nothing more than hope:
All these pricey OpEx SaaS solutions will become realistic. We get it—recurring revenue is much nicer for your stakeholders, but guess what? There’s only so much OpEx budget to go around and all the nice-to-have technologies are not making the cut when my budget is up against it.
Lengthy due diligence questionnaires will die. What’s the point? Has anyone in the history of due diligence ever adequately and accurately gleaned the appropriate risk from a 300-question questionnaire that a 20-question one couldn’t figure out? Any SolarWinds customers want to share how their TPRM team accurately identified that risk?
Oh, and flying cars—I’ve got a good feeling about it this year!
Keep following to read additional takes on 2023 by SVCI CISOs!