2023全球网络安全展望+Global+Cybersecurity+Outlook+2023_第1页
2023全球网络安全展望+Global+Cybersecurity+Outlook+2023_第2页
2023全球网络安全展望+Global+Cybersecurity+Outlook+2023_第3页
2023全球网络安全展望+Global+Cybersecurity+Outlook+2023_第4页
2023全球网络安全展望+Global+Cybersecurity+Outlook+2023_第5页
已阅读5页,还剩63页未读 继续免费阅读

下载本文档

版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领

文档简介

IncollaborationwithAccentureGlobalCybersecurityOutlook2023INSIGHTREPORTYlookenceContentspsDisclaimerty3478lookJanuary2023January2023Forewordcomeswithit.PaoloDalCinJeremyJurgensmndandeenglookExecutivesummarygtnonstyhe%eadersinstabilityismoderatelyorverylikelytoleadtoacatastrophiccybereventinthenexttwoyears.BusinessleadersDosmallandlargeenterprises%eadersinstabilityismoderatelyorverylikelytoleadtoacatastrophiccybereventinthenexttwoyears.BusinessleadersDosmallandlargeenterpriseshavedifferentexpectationsofgeopoliticalinfluence?Numberofemployees6%8%<250to1,00048%21%8%1,001to10,00058%44%4%100,000+35%29% NotatallMinimallyModeratelySubstantiallyCyberleadersDoorganizationsexpectgeopoliticalriskstoaffecttheircybersecuritystrategy?%ofrespondentsWhatchangeswill%ofrespondents%ofrespondentscticesforStrengthencontrolswiththirdpartieswho63% %Adjustinformationsharingpractices38%%%oups%ityOutlooklikelytostronglyagreethatmore3131likelytostronglyagreethatmore313162Comparedtolastyear,businessandcyberleadersareapproachingconsensusonthestateoftheirorganization’scybersecuritytalent.%0202220232022202320222023BusinessleadersCyberleadersls%CyberleadersBusinessCyberleadersWhatwillhavethemostpositiveinfluenceonanorganization’sapproachtoWhatwillhavethemostpositiveinfluenceonanorganization’sapproachtocybersecurityinthenext12months?Businessleaders’rankCyberleaders’rank12%12%6%6%9% ityOutlooklook1Theglobal1cyberlandscapeAlthoughcyberleaders,businessleadersandboardsofdirectorsarenowcommunicatingmoredirectlyandmoreoften,theycontinuetospeakdifferentlanguages.hasndoreedygeFIGURE3GeopoliticsoflyseatasHowlikelyisitthatgeopoliticalinstabilitywillleadtoafar-reaching,catastrophiccybereventinthenexttwoyears?441%47%47%NotverylikelyModeratelyNotverylikelyModeratelylikelyVerylikely%0ssleadersCyberleaderstyOutlook45%%ityOutlookFIGURE4Likelihoodofgeopoliticalinstabilityleadingtoafar-reachingcybereventinthenexttwoyears(bynumberofemployeesperorganization)verylikelynhpsnhps43%43%35%14%llMinimallyModeratelySubstantially01+250%% 72%73% 63%71% 51%49% 47%24% 38%41% 39%34% 9%2%eFIGURE6Howgeopoliticalriskhasinfluencedmyorganization’scybersecuritystrategyCyberleadersBusinessleaders80%60%40%20%0%20%40%60%80%ookookssislong-termimpact.rtssislong-termimpact.rtFIGURE7Regionalbreakdownofhowgeopoliticalriskinfluencescybersecuritystrategy%%%%%3%8%%3%roupsddataaccess%1.2EmergingtechnologyndEmergingthreatsMoreresourcesarebeingthrownatcybercrimecampaignsbycriminalgroups.There’sasensethatcybercrimeisconvergingwithnation-stateactorsandthatthisisleadingtoahighernumberofnewcampaignsbeinglaunchedaswellasattacksthataremoreclearlytailoredtothetargetorganization.Thegreaterthevolatilityinthethreat,themoretimeisbeingspentontacticaldefencebyCISOsandtheirteams.It’simportanttocreatethespaceforstrategicdevelopmentandeffectiveriskmanagement.tesinalrtlyoiseookook1.4LawsandregulationsThewaywebuildregulationsforcybersecurityiscentralized.Theregulationsthissystemcreatesarevaluable,buttheprocesstakestime.Itcantaketwoyearsforaregulationtobedeveloped.Standardizationcantake18months.Acyberattacktakesseconds.Thespeedatwhichemergingtechnologiesareimplementedoftenoutpacesourabilitytobuildsecuritymeasuresaroundthem.Weneedtogobeyondsimplecompliancewithregulationsiforganizationsaretobecyberresilient.rrtsFIGURE8Havingmoreeffectiveenforcementofregulatoryrequirementsacrossmysectorwouldincreasemyorganization’scyberresilience0%29%0%0368036802457edreyceshatFIGURECyberandprivacyregulationsareeffectiveinreducingmyorganization’scyberFIGURECyberandprivacyregulationsareeffectiveinreducingmyorganization’scyber37%35%29%%3%4%2022202320222023202220232022202344%%5%02022202329%24%5%3%0ook%9risk(year-on-yearchangeinresponsestothequestion,2022–2023reports)FIGURE10soheeCyberandprivacyregulationsareeffectiveinreducingmyorganization’scyberriskk2Leadershipperceptionchanges2ookThisindicatesthatperhapsbusinessleadershaveleapfroggedsecurityleadersinchampioningtheimportanceofcybersecurityoritcouldreflectalingeringperceptiongapworthyoffurtherresearch.Leadershipviewsoncybersecurity%% s%FIGUREFIGURE11PrioritizingcyberriskinbusinessMoreandmorecorporateboardsnowhavetruecyberexpertsamongtheirmembers.Ithelpswhenpeopleatboardlevelaresufficientlycyber-literatetoaskpertinentquestionsoftheirsecurityteamsbutalsotobringcyberintostrategicbusinessdiscussions.Boardsalsoneedtounderstandwhatacybereventmeansfortheirorganization.Toomanybusinessleadersstillunderestimatetheimpactacyberattackcanhaveontheiroperations,ontheirreputationandontheircompanyasawhole.re7%4%FIGURE12Cyberresilienceinmyorganizationisintegratedintoenterpriseriskmanagementstrategies7%4%%32%0%24%%21%%00689310689317FIGURE13Howdoyoufeelaboutyourorganization’sabilitytobecyberresilient?BusinessleadersCyberleaders2023ookookareconfidentthattheirorganizationiscyberresilient.%asefSupply-chainriskrtofstyaveelyreookeeeComparedtomyownorganization’scyberresilience,Iperceiveourthird-partyorganizations(whohavedirectconnections,processes,ordata)tobe…Creatingcyberresilienceacrossasupply-chaingdtoseenndFIGUREFIGURE14TheroleofcyberinsurancetoTheroleofcyberinsurancetotstoIntheabsenceofinsurance,organizationswoulddowelltofocusoninitiativesthatsupportecosystemresilience.Byincreasingthelevelofprotectionacrosstheirsupplychain,organizationswillenhancethecyberresilienceoftheirownoperations.Hasyourorganizationsubmittedaclaimusingyourcyberinsurancepolicyinthepasttwoyears?%%FIGURE150submittedaclaimmationutlookookGainingleadershipsupportSecurityexecutivesgainbyarticulatingastorytotheirboardthatalignswithcorporateandbusinesspriorities.Boardsshouldbepresentedwithacyberposturethatresonateswithcustomers’andauthorities’expectations,andhelpsaddresssectorialecosystemchallenges.ribedofleadershipsupportThe2022GlobalCybersecurityOutlookreporthighlightedhowcyberleadersperceiveleadershipsupportasaprimarychallengeinthemanagementoforganizationalcyberresilience.Thisyear’soutlookindicatesthatathirdofallcyberleadersstillrankedgainingleadershipsupportasthemostchallengingaspectofmanagingcyberresilience.Amajority,94%,ofrespondentsbelieve,however,thattheirboardofdirectorshasadutyofcarewhenitrelatestocybersecurity.Cybersecurityandtheboard’sdutyofcareThesecuritystaffdeservesthesameleveloftrustthatyouwouldputinotherbusinessleaders.Youmaynotknowexactlywhatiscoming,butyoushouldbeabletotrustthatthesecurityleaderisdirectionallyrightandyouunderstandwhattheirprioritiesare.utlook%34%30%29%00628934157FIGURE16Myorganization’sboardofdirectorsisabletouphold%34%30%29%00628934157whenitcomestocybersecurityoCybersecurityandbusinessleadersmustlearntoeffectivelytranslatetheirCybersecurityandbusinessleadersmustlearntoeffectivelytranslatetheircyberrisksintoenterpriserisk.talentmanagementtalentmanagementFIGURE17CyberlalDoesyourorganizationhavetheskillsneededtorespondtoandrecoverfromacyberattack?%%0utlook46%34%32%5%5%5%47%43%%34%0%32%0%0347%43%%34%0%32%0%03utlooky46%44%22323WeWehavethepeopleandskillsweneedtoday(byindustry)25%20%15%14%72%67%60%50%50%Wearemissingcriticalpeopleandskills(byindustry)ionFIGURE19Themessageisgettingthrough(year-on-yearalignmentinbusinessandsecurityviewsontheskillsgap)ook3Awayahead3ofsecurityexecutivesareconcernedaboutthelevelofcyberresilienceintheirbusiness.%ImprovingcommunicationTheroleofthechiefinformationsecurityofficer(CISO)isoneofthemostdynamiccareers.Wesecureentireorganizationsastheyevolvewithnewtechnologiesinanincreasinglydigitalenvironment.ThismeanstheCISOhasaroleinsupportingthetransformationalchangeofabusiness’stechnology,cultureandorganizationalstructures.Inthisyear’sreport,17%ofsecurityexecutivesexpressedconcernaboutthelevelofcyberresilienceintheirbusiness.Thiswasupslightlyfrom13%ofsecurityexecutivestheyearbefore.Conversely,theincreasedlevelofawarenessofcyberriskamongbusinessexecutivesledtoamarkedincreaseinconcern,from16%to27%.Thismightbeduetoabetterunderstandingbybusinessleadersofthedamagethatcanbedonetotheirbusinessoperations,commercialrelationshipsandreputationbyamajorcyberattack.Surveyresponsesforthisreportindicatethattheincreasedconcernamongbusinessexecutivescouldalsobedrivenbyregulatorydemandsforincreasedboard-levelaccountabilityforcyber-riskmanagement.Forexample,inlate2022theUnitedStatesSecuritiesandExchangeCommission(SEC)createdrulesthatmakecyber-riskreportingandbusinessresilienceplanningavitalcomponentofeffectiveboardmanagement.16Lostintranslation?Thedifficultyintranslatingcyberthreatstooperationalriskisabarriertocollaborationbetweensecurityexecutivesandbusinessleaders.Commonplacetermssuchas“ransomware”canbeexplainedtoboardsmoreeasily,butmappingcybercrimecampaignsorthreatactorstothetargetingofparticularassetsandresourcesiscomplicated.sgeomanyassetsontheirnetworktoidentifythekeyriskpoints,oreventomaptheirassets.Thismakesitdifficulttoassesswhereandhowmuchmoneyshouldbespent.Withoutawaytoclearlymapriskstovalue-creatingassetsorprocesses,aswellasaplanofactionarisingfromthis,itishardtoquantifyandjustifytheresourcesthatshouldbeallocatedtomitigatingthem.utlookutlookSharedstartingpointsFIGURE20Whatcyberriskareyoumostconcernedaboutwhenitcomestoyourpersonalcybersecurity?CyberleadersBusinessleadersIdentitytheft111232332y323434erattack45456666676712345677654321ksshtyksshtyExplainingreturnoninvestmentincybersecurityantstterantstterutlookStepstocloseStepstoclosethecommunicationsgaprateddsdcyber-resilienceprogramme.Cybersecurityleadersshoulduselesstechnicaljargonwhenspeakingwithbusinessleaders.Boardsofdirectorsshouldhelpcybersecurityleadersunderstandwhatassetsandprocessesmustbeprioritizedforprotection.Boardsshouldthenmakethemselvesaccountablefortheseprioritiesoncetheyaresetbecausecybersecurityresourcesarerarelysufficienttoeffectivelydefendallpartsofanorganizationallofthetime.FrequencyofmeetingsBoardsBoardsneedtounderstandthestrategicessenceofthemessagefromsecurityteamsandwhatthatmeansforcorporategovernanceandinvestmentdecisionsinsecurityandelsewhere.FIGURE21ReviewingorganizationaletyutlookThecybersecurityteam,ifusedthoughtfully,canprovidevitalinsightsthathelpembedcyber-riskmethodologiesinanorganization.BuildingsecuritycultureivetyToamedousnulookShortfallbetweensupplyanddemandforcybersecurityexpertsin2021ClosingthecybertalentgapPeoplethinkthatcybersecurityissomethingthat’shighlytechnical.Yes,somerolesrequiredeeptechnicalexpertise,butcybersecurityisavastdomainandmakinganorganizationcyberresilientalsorequiresgeneralistrolesthatneedabroaderskillset,fromeducationandawarenesstopolicywriting,governanceandothers.Weneedmorepeopleintheboththetechnicalandgeneralistroles.nintomMoreneedstobedonetoincreasetheflowofcybersecuritytalentintotheworkforce.Thishasbeenaconsistentlydifficultproblemtosolve,butitisalsoanareawithpossibilitiesforrealprogress.Newandinventiveprojectsarebeinglaunchedeveryyear.Asignificantnumberoforganizationsunderstandthatcybersecuritytouchesonmanyareasoftheiractivityandmakinganorganizationcyberresilientrequiresawiderangeofskillsets.Respondentstothesurveysaswellasparticipantsintheinterviewsandworkshopsconsistentlyarguedthattheacademicandprofessionaldisciplinesthatlendthemselvestocyber-resilienceskillsaremuchbroaderthanmanypeoplerealizeandarecertainlynotlimitedtocomputerscienceorengineering.Thesoftskillsforcyberrolescancomefromdisciplinessuchaseconomics,law,psychology,sociology,communicationsandmediastudies.Expandingthetalentpoolrmaloftheworkforce.However,capitalizingontheincreasedinterestincybersecurityisalsolikelytorequiregreatercollaborationbetweenorganizations.Evenhigh-qualityapprenticeshipandtrainingprogrammesrunbyindividualorganizations,suchastheAbsaCybersecurityAcademyinSouthAfrica,23haveencountereddifficultiesscalingtolargenumbers.eAscyberthreatsevolveandexpand,somustthetalentpoolthatengageswiththem.AsarguedinOctober2022byexpertsfromtheTechforGoodInstitute,theTifaFoundationandtheUnitedNationsUniversityInstitution:“Designingandimplementingappropriatecybersecuritysolutions…demandsnon-technicalcompetenciessuchasbusiness,management,legal,policyanddiplomacy.”24Theneedforthesecompetenciesgrowsas“socio-technicalthreatssuchassocialengineeringandnlineabuseareincreasinglyprolificSocialinclusionanddiversityissuesshouldnotbedecoupledfromthediscussionofcybertalentdevelopment.Manyskillsprojectsaresuccessfulbecausetheyfocusondiversityofprofessionalorlivedexperience.Diversityisnota“nice-to-have”additiontoacyber-skillsprogrammebutsomethingthatislikelytoinfluencetheprogramme’ssuccessandalsostrengthenthecyberresilienceofanorganizationtothehighestdegree.Employingarangeofpeoplewithdiverseopinions,backgrounds,experiencesandidentitiesleadstoookraitssuchascuriosity,problem-solvingandcriticalthinkingarevitalforcyberprofessionals.eeibutionsitydookConclusiontoemethicltsycantnobeookAppendix:MethodologyofCyberOutlookSurveyeamsntionnputCyberOutlookSeriesdarssookContributorsWorldEconomicForumLeadauthorsGretchenBueermannS

温馨提示

  • 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
  • 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
  • 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
  • 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
  • 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
  • 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
  • 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

评论

0/150

提交评论