Skip to content
    Back to Blog December 22, 2022

    Key Cybersecurity Takeaways Going into 2023

    We’ve talked to hundreds of IT and security professionals to find out what their 2022 was like. We heard about their challenges, discoveries, strategies, and priorities when it comes to managing and securing assets and reducing the attack surface.

    At a recent (ISC)² webinar, 2022: A Year of Wrangling Assets and Reducing the Attack Surface, I covered the top five learning and trends from 2022 and the top five priorities for 2023 (and one anti-priority). Here we’ll look at some of the highlights. 

    Asset Inventory and Controls Gaps: Belief vs. Reality

    When it comes to understanding the entire asset inventory and the relationship between controls and security solution coverage, there are gaps between belief and reality. 

    In some industries, we’ve seen:

    In the conversations we’ve had recently with customers, there’s a renewed focus on understanding where unrealized or overlapping investment can be recovered. Aside from the obvious security implications of missing security solution coverage, we’ve heard from IT and security professionals that finding wasted spend could be the difference between losing and justifying headcount. 

    “We would believe we scanned our entire network and understood what our actual threat and risks were, only to find out later on that we were off by 10% to 20%. That was almost an accepted risk that we didn’t want to accept.”

    David Christensen, VP and CISO, PlanSource

    Prioritizing security resources for strategic value: Changing the perception of security as a cost center

    For IT and security pros, one of the biggest questions they have going into 2023 is, “How do I show our value is more than just preventing breaches?”

    It’s difficult enough for IT and security teams to get a handle on all the devices, cloud services, applications, software, and user accounts in their IT environments. More complexity means less visibility, more security gaps, and more security incidents. Add to that the pressure of justifying value beyond avoiding breaches.

    We often hear from our customers that they want to quantify the value that their teams produce. They don’t want to show that security is just a department of “no”. A few examples we’ve seen:

    The anti-priority: SaaS

    With the high rate of SaaS applications across companies, what are the priorities for securing and managing SaaS?

    That was the premise of “The Truth About SaaS Security and Why No One Cares … Yet”, a comprehensive study conducted by Savanta on behalf of Axonius.  

    Now that spending on SaaS apps surpassed spending on Infrastructure as a Service, the belief was that securing SaaS would match that trend. The result: Not so much … yet.  

    Although 66% of organizations are spending more on SaaS than a year ago, only 34% are currently worried about SaaS costs. 

    Why aren’t people worried about it? It’s pretty obvious — there’s a lot going on. The concept of SaaS security and managing SaaS is important, but when there’s so many other urgent priorities, it falls to the bottom of the list. SaaS management and security are initiatives that organizations will end up spending time and effort on, but only the most mature security teams have already started to address SaaS security. 

    Interested in reining in your assets and reducing your attack surface? Request a demo today. 

    Sign up to get first access to our latest resources