Analyst Chat #149: The Top 5 Cybersecurity Trends - Looking Back at CSLS 2022

Welcome to the KuppingerCole Analyst Chat. I'm your host. My name is Matthias Reinwarth, I'm the director of the Practice Identity and Access Management here at KuppingerCole Analysts. My guest today is Martin Kuppinger, he is the Principal Analyst here at KuppingerCole. Hi, Martin.

Hi, Matthias, pleasure to talk to you again.

Great to have you. And we are here just to have a look back on last week because you and I, we have been, with many other colleagues and great participants, at the Cybersecurity Leadership Summit in Berlin. We want to highlight a few of the main topics that we identified during the course of this conference and the workshops that we did there.
Maybe I start out because I think there are a lot of trends that can be identified and with a special focus of the Cybersecurity Leadership Summit being on leadership, not so much on technical geekiness. That was an interesting event. And the main thing that I learned is that IT security really has left its IT silo. It's everywhere.
It's in politics, it's in the military, it's in governance, it's in governments. So you see cybersecurity in many areas where it has not been fully recognized earlier. Do you agree?

Yeah, and I think it's also that we don't tend to talk about IT security. We tend to talk about cybersecurity and the broader cyberspace, which, so to speak, is pretty much overlapping with the digital space in which businesses today, and organizations in general, not only businesses are operating. So when we when we talk about digital business, when we talk about a digital age, it means more and more of
the value chain and the supply chains of organizations either are in that space or are linked to that space, and the same with products. There are so many products nowadays that have some IT in it and so we have this linkage and that means that we have this linkage between the cybersecurity and the digital or cyber space -
I'm a little bit reluctant to term cyberspace because it's so heavily overloaded, but it explains why it is how it is.

Absolutely. I fully agree. And it's really getting broader. And everybody now is confronted with cybersecurity. Earlier, you could evade it just not use it. This is not no longer possible. Another aspect that I find really interesting is the role of AI. It's both. It's friend and it's foe. We see it as a supporting technology now finally really arriving in the tools that support us in analyzing security events or incidents within a SIEM or SOAR solution.
But we also see it as a threat when it comes to manipulating data, images, when it comes to deepfakes. There were quite some interesting talks about that. What are your takeaways from these discussions, Martin?

Yeah, so I think the first thing is we shouldn't be too scared. So we need to be aware, we maybe need to be a bit scared of what could happen. But honestly, I have seen so far way better solutions for recognizing things like deepfake than solutions for creating deepfake at scale. So most of what has been become public visible as deepfake was relatively easy to identify probably even without AI.
But on the AI side, we always have this option also to identify anomalies. And I strongly believe, by the way, that when we go more in these areas, sophisticated areas where some say, okay, AI helps us in creating totally new types of attacks or this is a really sophisticated deepfake. Here the balance goes fortunately a bit more to the defender because the defender only needs to identify a few anomalies, for instance in a deepfake, while the attacker needs to create the perfect deepfake so that it's not sort of immediately detected as such.
So from that perspective, I think we need to put a strong emphasis on what can we do better with AI? How can we utilize AI to augment the defenders? Because at the end, AI for me is really less artificial intelligence than augmenting intelligence. And this is the way we should look at it.

Right. So this was one trend that we can easily identify. So it's really the modern technologies that have arrived in cybersecurity, both on the defensive part and on the attacker side. Another trend that I really have seen is that just because we have these new technologies, we have cloud, we have hybrid, we have serverless, we have AI, we have all these different modern, new, geeky aspects of IT and technology,
the landscape is not getting simpler or more, more modern at all. It's getting more complex. We really add complexity to existing landscapes. And they don't go away. Just think of Active Directory on premises in many large organizations. This is still there and this needs to be managed and this just raises complexity. So that is a trend that I took away from CSLS, would you agree there as well?

You know, that is something we have in every area. So when you bring in something new then it means for a transition period, you have to deal with the old and the new, the challenge is that sometimes this transition period is very long in IT, that can be decades in some cases. And if you look at transition periods from data centers to cloud, from mainframes to other things, then that are frequently decades we are talking about, that is a challenge. Where we need to be very careful is not to build always new security silos, but probably go more, a bit more for what is the common denominator, how can we address security
across different areas? And specifically when new things pop up so that we have the public cloud and the virtual private cloud and edge etc., how can we come to a point where we don't create new cybersecurity silos, so to speak, for each of these environments? And this is something which I believe will need a bit more radical thinking.
Stepping back and saying, okay, what is the starting point? How should we start with security? And then, is there something we need to add or remove for certain environments?

I fully agree. And having said that, what you just said, we wanted to position the Cybersecurity Leadership Summit also in relationship to business resilience, to make organizations, to make businesses more resilient, which goes beyond mere cybersecurity and it goes beyond mere incident response. So having a bigger, a broader approach towards resilience. In your discussions with leaders there, it was a Leadership Summit, has that arrived in organizations already, this thinking of making an organization, making an infrastructure, making technology more resilient?

I think that many organizations start having that. So when I look at today's state and also when I look at the structure of this event we have been running, I think this structure is one which displays it very well. We had more the CISO oriented leadership track. We had this track that was more about making it more concrete in terms of resilience, which is the team of the CISO, the people who are working with the business who care for the resilience and we had more the technology track which looks at how do I do that, which technologies can I achieve. And I think what we see is that
we see a strong push from the C-level beyond the CIO and CISO, from the boards on CISO and CIO to look at the business impact, to look at the resilience, to look at how an organization can recover when something goes wrong, which then requires their teams to really bridge the gap between technical cybersecurity and the business aspects like business impact analysis, like incident response management, all these things, bringing them together.
And I think this is definitely a huge trend in the market, to sort of bridge the gap between technical cybersecurity and the business impact. And at the end resulting - and this is the point which is the key aspect - resulting in increased resilience of the business. So cyber resilience is a key element of business resilience nowadays.

I fully agree and we did a workshop on that and it really was a great feedback from the audience and a good workshop with contributing new ideas, making sure that the organization is resilient, starting from the planning up until to the learnings afterwards and to continuously improve the overall resilience posture. One topic, and I thought of having five and this is the fifth, is really a new topic that came up and I'm really interested in learning more about that.
We just did a first start about that topic and the acronym behind that is MDM. And I think that is really an aspect that we need to look at and much more importantly, leaders need to look at. Can you elaborate a bit on that, please?

Yeah. And we are talking not about MDM as mobile device management, a not about MDM as master data management. We're talking about misinformation, disinformation, and malinformation. So that's something which is, I would dare to say ubiquitous in our societies nowadays. Information that is the least questionable spreading, being used in politics, being used in many other areas.
It's not a new phenomenon. I’m just reading a book about the history of charlatanry, where in fact, this approach always has been used since the Renaissance times and even before, and you can go back to the Greeks. It is not entirely new. The interesting question is, is this a CISO topic? This is a cybersecurity topic?
And if so, why? And I think there, the resilience aspect helps to look at it because the spread of malinformation, misinformation, disinformation about an enterprise, about an organization can cause concrete business harm. And that spread of information can also be triggered by internal data leaking, by internal data being abused, by employees, a former employee spreading information they shouldn't share, but
not necessarily is correct. But also by attacks that lead to whatever taking over certain channels, certain accounts and social media of an organization etc. So there are quite a number of things involved. And so there's a clear, at least interface to the CISO. I don't say that this is a CISO only topic.
Surely not. It's bigger, but the CISO must become involved in that due to the use of IT to spread MDM and due to the need to secure certain aspects in IT to reduce the risk. And then it also goes into this entire area, we talked about it quickly, like business impact analysis and in the end of the incident response because a larger discussion starting based on MDM somewhere on social media factually means that there's an incident that needs to be handled.
And so what we need to do is to take this as a C topic beyond just IT. Because it's something that can cause massive harm to organizations and it is doing so. So banks in the Ukraine have been factually attacked via MDM to foster uncertainty and to really put them in trouble.
And so it is happening, it is happening at a number of layers and the CISO needs to be involved because it's a topic where cybersecurity, where IT is part of.

Absolutely. I fully agree and we had a great, great panel on that topic. And this is a topic that we really need to cover more. And I anticipate that we will do a complete episode of this podcast very soon about this topic because it's really, really getting more and more important. And while we have been talking about this just last week in this panel and in several other occasions. This weekend then we could see what misinformation can mean when some fake company account tweets on Twitter without verification that, for example, insulin is for free now and that really hit organizations massively as an example.
So misinformation, disinformation and malinformation is a real threat, and we can see that in real life every day, more or less.

Another current example is this FTX crypto exchange thing. Whatever has been in real or not, but just the fact that someone started talking about that there’s something going wrong at them, cost in fact then, triggered the escalation of everything. That might be have been well-funde, it's not necessarily MDM, but the same definitely can happen in such areas.
And we have seen this on other occasions with someone just starting to talk about, okay, here's something going wrong that is not correct. And put specifically the financial space organizations very quickly in trouble.

Absolutely. And these have just been five topics that we picked from the Cybersecurity Leadership Summit that we had in Berlin last week. There are many other topics that we covered as well, but these were the five most striking and I hope this is also interesting to the audience to follow up on these topics and maybe to have a quick look at the agenda that we had there.
And if there are any topics that are of interest to you. There will be follow ups here as blog posts, videos, podcast episodes. And of course the full event is available as recordings across all tracks, including the workshops. So thank you, Martin, for sharing your experience and your insight and yeah, just your memories from last week.
And I'm looking forward to talking to you again soon, maybe about MDM. Thanks, Martin.

Okay. Thank you. Was a pleasure.