enardeitjaptrues

We're about to finish yet another erratic year, in which Elon Musk bought Twitter, Russia invaded Ukraine, and many workers returned to their offices. We also saw, for the first time, a security chief sentenced to prison for concealing a data breach.

These events and many more have changed the business landscape and forced CISOs to steer a course through uncertain waters. "With the shifts in the cybersecurity landscape, 2022 has been a milestone year we will look back on when studying the history of when and why cybersecurity and digital trust were fused together," says Kory Daniels, CISO at Trustwave.

In 2022, organizations across multiple industries have increased their security budgets. Still, they've also realized that investments "can be a paper tiger" if security teams do not truly demonstrate how they can help protect a business, Daniels adds.

While everyone has their own way of analyzing the year and reflecting upon what happened, this exercise could provide valuable knowledge for the future, so we asked CISOs to share the most relevant lessons they've learned this year.

"If companies are not going to learn these lessons and mature their security practices, we will see increased scrutiny in audits and third-party risk assessments, and this may have a financial, reputational, operational, or even compliance impact on their business," says Sohail Iqbal, CISO at Veracode.

1. Don't wait for a geopolitical conflict to boost your security

Russia's full-scale invasion of Ukraine spurred nationalist and criminal organizations to take sides and forced businesses to embrace government-issued guidance created to help them heighten their security posture. This includes the US Cybersecurity and Infrastructure Security Agency’s (CISA) Shields Up and the UK National Cyber Security Centre’s (NCSC) Technology Assurance. "The conflict prompted many organizations to ask questions about their cyber resilience readiness to either deter these threat actors or defeat an attack," Daniels says.