Cybersecurity is a basic and essential requirement for today’s organizations because they are increasingly reliant on IT, particularly as businesses becomes more digital, and this makes them increasingly vulnerable to disruption and consequently to direct and indirect financial and reputational loss due to cyber-attacks. 

Cybersecurity as a requirement for businesses was a key theme at this year’s KuppingerCole Analysts’ Cybersecurity Leadership Summit, along with the human factor in cybersecurity, the application of artificial intelligence in cybersecurity, endpoint security, operational technology and IoT security, cloud security, cybersecurity governance and risk management, and managing ransomware attacks. 

In the next few editions of KC Navigator, we will highlight some of this content as useful starting places for you to investigate these key cybersecurity topics, as well as provide links to other content available in a variety of formats.  

Our research shows that the top challenge to implementing cybersecurity is that there are too many tools, and my take on this is that organizations are not getting enough out of the tools they are using

— Berthold Kerl, CEO, KuppingerCole Analysts

Audio/video

KuppingerCole research into the top cyber threats facing organizations, the key cybersecurity initiatives organizations are pursuing, and the biggest challenges to implementing cybersecurity yielded some interesting results.  

Check out what we discovered and what was surprising, and benchmark yourself against your peers by watching this presentation on our insights into Cybersecurity Trends 2022 and a panel discussion on the same topic by members of KuppingerCole Analysts’ Cyber Council. 

Besides the technical, process, and infrastructure related measures, a vital part of effective cybersecurity is to ensure that the identity off all users and components of the ecosystem is trustworthy. To find out how the EU is addressing the need for trust in digitization, watch this presentation entitled: The Role of Trusted Identity in Cybersecurity - The Vision of an EU Trust Space

Sharing experience and key lessons from real cyber attacks is an effective way of helping cyber defenders everywhere. To hear how one organization learned from a cyber-attack and reduced the recovery time from weeks to days when they were hit a second time, watch this presentation entitled: And Suddenly It Burns Without Fire - Impact of Cyber Attacks on Your Business

Threats to Operational Technology (OT) usually have a higher impact than to classical Information Technology (IT). To find out how the German Federal Office for Information Security (BSI) is addressing these issues and working on a potential solution for securing the supply chain, watch this presentation on Cyberattack Risks for Manufacturing Industries, Operational Technology, Industry 4.0 & Recommended Countermeasures.  

If you would like to hear what our analysts have to say on various cybersecurity topics, choose from the following list of topics: 

Blogs

Our analysts have blogged on various topics relating to cybersecurity, such as what to do when trust is not an option in understanding, assuming, mitigating, and managing risks in our increasingly hybrid IT infrastructures. This question is addressed in the blog entitled: We Are Detective: Data Scientists to the Rescue for Cybersecurity and Governance

The importance of risk management in the context of cybersecurity is gaining recognition. If you would like to find out more about this topic, have a look at this blog post entitled: 3 Steps to Improve Your Cybersecurity with Enterprise Risk Management

Preparations for a cyber incident can be made through an internal or external benchmarking of the cybersecurity landscape. To find out more about how to conduct a benchmarking exercise, what to expect, and how to use the results to define a roadmap, look at this blog post on Benchmarking Cybersecurity Environments

Research

For an outline of important trends in cybersecurity that will shape security policies and solutions’ choice for organizations, have a look at this Leadership Brief on Top Trends in Cybersecurity.  

Forward-thinking companies no longer see cybersecurity, governance, compliance, and privacy as something they are just forced to do. Instead, a comprehensive alignment with applicable policies, regulations and laws is the basis for consistently and competitively enabling and sustainably operating digital business. For more on this topic, have a look at this Leadership Brief entitled: Working for the Business, not the Auditors 

All organizations must invest in an Incident Response Management (IRM) plan. For a discussion on how IRM should be set up and what the most important quick wins for your organization are, have a look at this Leadership Brief on Incident Response Management.  

Setting up the architecture with the concept of a Security Fabric helps to structure, to optimize and to improve the corporate Cybersecurity approach. For more on this topic, have a look at this Leadership Brief on Security Fabric: A Methodology for Architecting a Secure Future

The growing importance of Operational Technology cybersecurity has already been highlighted. For further discussion on this topic, have a look at this Leadership Brief on How to get a Grip on OT Cybersecurity.  

Our analysts have written reports on various cybersecurity market segments aimed at helping organizations find the solutions that best meet their needs. Review the following list of Leadership Compass reports and select those that are the most relevant to your interests.  

Advisories

Business continuity and cyber security remain largely in separate siloes. But changes in the IT and cyber threat landscapes mean there is an urgent need for organizations to alter their approach. For a discussion on why there needs to be closer alignment and integration between business continuity and cyber security teams, have a look at this Advisory Note on Business Continuity in the age of Cyber Attacks.  

Key Risk Indicators (KRI) in cybersecurity are easy to measure, and provide organizations with a quick overview of the relevant risks and how these are changing. Find out how the indicators can be combined into a risk scorecard which then can be used in IT management and corporate management in this Advisory Note on KRIs and KPI for Cyber Security.  

Tech Investment

In addition to the Leadership Compass reports mentioned above, organizations investing in technologies to improve their cybersecurity capabilities can have a look at some of the related technology solutions that we have evaluated: