Interview: Simon Ractliffe, Qualys

What is the major potential tech pain point that will face all organisations large and small in 2023?

It is estimated that enterprises have as many as 47 different cybersecurity solutions deployed, collectively spending $150 billion annually. Quantifying the risk and cost of too many tools is a pain point that colleagues often raise. Complexity introduces operational blind spots, inefficiency and additional risk that can threaten the business.

Customers want to get more for their money and use a platform with integrated solutions that work well together, save time and increase overall efficiency. This can be done by consolidating cybersecurity stacks onto a single agent, reducing remediation times and cyber risk, while maximising security spending.

Which new technologies will reach critical mass and become dominant in 2023?

The proliferation of connected devices will continue to surge in 2023, and with this comes the need for operational transparency and cyber hygiene. We need to detect these devices, understand what they are doing and ensure they are resilient to disruption, ie, patched and properly configured.

With lower system maturity and ‘standards’ in their infancy, the amazing potential of connected devices needs to be treated with care. Applying the usual governance, risk and compliance fundamentals will help to avoid loss of confidence. And automated detection and response to emerging threats at scale will make it easier for us to deliver the desired outcomes.

How is the current talent shortage impacting your industry and how will this be overcome in 2023?

It takes a long time to find, recruit, onboard and train new cybersecurity talent. We can’t hire more people to address escalating security challenges, so the only way out is through automation. While there has been some reluctance to automate because of the fear of breaking things, there are areas where automation can improve security and workforce engagement. We can automate in areas where patches don’t typically break things. For example, we know there are monthly patches from Microsoft. Organisations can set an automated task to update Chrome on every corporate laptop each month, eliminating the need for manual patch deployment.

This is just one of many ways that automation can reduce costs and improve reaction times. Additionally, automation frees your security teams from repetitive, lower-level tasks and empowers them to focus on more strategic areas and broaden their skills. Thus, teams are more likely to stay, develop and grow with the business.

How can the technology sector build resilience into supply chain management during times of global uncertainty?

Talk to any number of CISOs and they will tell you how hard it is to sustain, orchestrate or standardise supply chains — that they need a repeatable, consistent process to ensure a prescribed level of security awareness by suppliers.

While technology solutions can help, current offerings are cumbersome, prone to errors, slow and not standardised. As an industry, we need to shift to near or real-time assessment and improve how we quantify the supply chain risk. This includes risk-scoring value chain participants and having the ability to take action should participants move outside of predetermined tolerances.

The combination of regulatory drivers, the flow-on effect from end-user obligations and security hygiene will help increase the adoption of more effective solutions and compel organisations to seek alternatives where persistent risk is considered too high for single supplier engagement.

As Regional Vice President for Australia and New Zealand at Qualys, Simon Ractliffe is responsible for helping customers with their digital transformation journey and assisting organisations in complying with the cybersecurity regulatory mandates, in particular for the critical infrastructure industry. He has over 30 years of experience in IT infrastructure and cybersecurity.