2023 Cyber Security Predictions and Trends
The cyber wheel continues to spin today as it did 25 years ago, as both adversaries and cybersecurity providers hustle to outsmart each other. As they say, the more things change the more they stay the same.
Let's take it back to May 1998, when seven members from L0pht Heavy Industries testified before Congress at a first-time hearing on cybersecurity on the topic of 'Weak Computer Security in Government.' They claimed they could shut down the entire Internet in less than 30 minutes and lamented about the "unwillingness of software manufacturers to build security into their products." This hearing brought to light our lack of defense against an entire host of issues, from lack of standards to state actors. Now, with a bigger and more volatile threat landscape, we must let L0pht's testimony serve as a reminder that the same security questions and concerns persist some twenty odd years later, albeit on a much grander scale.
Data security and risk management are now board-level objectives, so it's paramount that every CISO has a clear cyber vision and agenda with an emphasis on ransomware attacks, cyber-physical systems, data privacy laws, and board-level audits. Despite the latest in cyber innovation, adversaries can still shut down your operations in entirety for hours, or even days, and publicize confidential, sometimes sensitive, data. In other words, there are no guaranteed safeguards. However, by adopting a mature, strategic posture to cybersecurity, you can best prepare, defend and recover your organization come what may.
Let's take a look at what WWT's experts on the frontlines have to say about cyber threats and trends in the year to come…
Cybersecurity strategies will remain in a constant state of adaptation and refinement in response to the quick adoption of new architectures that have been put in place over the last two years. 2023 will take these novel strategies into their next phase of maturity, while security leaders must also find ways to reduce spend due to the economic climate.
Organizations across each vertical have made a shift to cloud delivered Zero Trust architectures that favor technologies such as SASE or SSE, EDR, XDR, and more advanced identity and access solutions. A clear lesson learned coming out of 2022 is this: successful adoption of innovative technology relies heavily on a strong security foundation, where the most up-to-date policies and requirements are clearly defined and that each stakeholder in the organization has a seat at the table when making security decisions, now that cyber is now correctly recognized as crossing all domains.
Trends we'll see in 2023 are:
- Platform consolidation to decrease tooling duplication, high operational costs and complex integration requirements,
- Securing both remote and hybrid workers as organizations make decisions about long-term in-office requirements.
- Adapting security for increased cloud dependency.
- Managing and securing data that live everywhere.
- Visibility, control, protection and remediation in response to supply chain attacks, IoT attacks and ransomware.
Cybersecurity strategy for large enterprises
As most organizations come back to operational status from COVID-19, the aftermath of the pandemic, current global events surrounding the Ukraine/Russian war, the multitude of sophisticated and complex cyber-attacks across multiple regions in Asia, Europe and North America have negatively impacted most organizations across the globe and the global economy. As such, organizations are looking to prioritize their cybersecurity strategy to meet their business and regulatory requirements. With cybersecurity insurance companies tightening their policies, organizations will need to minimize their IT spend and increase security in the areas of XDR, Zero Trust, application security, identity, data security, and the cloud in order to stay profitable and relevant in this ever-changing industry.
As in the early days of Zero Trust, we're going to see OEMs position XDR (Extended Detection and Response) as a platform play or (worse) a SKU that can be purchased and implemented--rather than a methodology or philosophy in which an organization grows toward maturity. There will be a few OEMs that stand out above the rest, choosing to form strategic alliances with other best-of-breed solution providers to tell a "better together" story. This should resonate with organizations who have a multi-vendor security portfolio, whether by a strategic decision or the result of years of technical debt, company mergers and/or acquisitions.
Increase of regulatory pressure in the global financial world
The seemingly, never-ending increase in cyber threats directed against the global financial world is raising the stakes for all organizations in the secure management of data. Equally, keeping pace with the threat has placed a higher level of demand on cybersecurity organizations to ultimately manage risks. While cybersecurity teams continue in to counter, there is an unbalanced level of protection as seen by many examples of major data breaches. This reality has already started to bring an increase in regulatory demand and expected to continue in 2023. Global financial leadership should be strategically prepared to demonstrate the ability to meet or exceed regulatory standards and avoid the potential consequences of fines along with reputational damage. Cybersecurity organizations should also anticipate an increase in regulatory reviews on specific, enhanced security capabilities such as cyber resilience and similar areas.
For most organizations, ransomware isn't just a business continuity concern anymore but rather an existential business risk. The key question concerning organizations is, are we going to have a business tomorrow? As a result, cyber resilience will become more important than ever.
Organizations will have to start with a strategy instead of a BOM and focus on improving their ability to anticipate, withstand, recover and adapt to cyber incidents and not just installing a vault. A holistic approach is needed for organizations to be able to restore critical business functions and recover critical applications within their RTO to remain operational during a cyber attack. A successful CR initiative will be a cross-functional responsibility and will start with risk assessment, vulnerability management, and business impact analysis before going into data protection, cyber recovery services, enterprise segmentation, testing and automation.
The year SaaS kicks our @$s
Most new security solutions are now being delivered "as a Service." If one looks at the flow of investment capital in 2022, SaaS solutions received huge investments and will continue to grow. Many productivity and back office apps have already migrated to SaaS delivery. SaaS is everywhere and the expansion of SaaS usage means an expanded attack surface for malicious actors to target.
SaaS Security Posture Management (SSPM) solutions will become a priority in 2023 as the attacks proliferate. In addition, new security architectures will emerge to address a different set of governance requirements posed by SaaS. We will see layers or zones in the architecture dedicated to SaaS governance. 2022 was the year API security came front and center. 2023 will see a similar emergence for SaaS governance.
As firms see continuing upward spend on cyber tooling, CISOs will come under increasing pressure to leverage value from tools and remove duplication. The output from cyber tools will be used to inform operational and business decisions and operational data collected used to inform cyber. CISOs will collaborate with operational and business teams to optimize data based on value objectives rather than pure cyber objectives. The expectation is of greater sharing not only of the data, but tools and resources, including humans. The application of AI and ML will allow data collected for one purpose to be comingled with other sets and repurposed.
Accountability and the security supply chain
In 2023, we will see an increased scrutiny in the security supply chain from customers. In Europe, we're seeing the Cyber Resiliency Act come into play, and in the UK there's a proposal for updates to the NIST framework to shift some of responsibility on to the suppliers. With the increased potential of fines plus the rising cost and complexity of cyber insurance, organizations will be held accountable by both their customers and regulators to provide accredited security solutions. We saw a 9% increase in UK firms being fined for failing to protect sensitive information and personal data, expect that to increase again in 2023.
Observability is one of those words that is now being used pervasively and requires further clarity of meaning. But if we take it to describe the need for intelligence over information, we differentiate it from simply monitoring.
Expect to see a proliferation of solutions in this space as organizations identify the need to address the basics if they are to realize the benefits that come from automation, such as reduced costs and quicker MTTR (mean time to respond). Whether in the cloud, inter-application, SIEM correlation, or the fundamentals of defining critical assets on-prem, the need for good quality data is set to spiral.
The rise in attacks against cloud services
Threats and risks will continue to evolve in 2023 due to an unrelenting shift to cloud delivery models. Organizations must adapt as their attack surfaces transform and subsequently introduce new attack vectors and vulnerabilities.
Whether you are investing in SaaS, IaaS, PaaS, or a combination of the three, security best practices will still apply. Identity and access management, classification and encryption of data, and endpoint protection are examples of necessary fundamentals. But, it's the solutions to address the unique nuances of cloud that are changing, such as Cloud Security Posture Manager (CSPM), SaaS Security Posture Manager (SSPM), Cloud Infrastructure Entitlements Management (CIEM) and Cloud Workload Protection Platform (CWPP).
You can also expect to see a consolidation of the functionality of these solutions. We have seen the merger of CSPM and CWPP to form Cloud Native Application Protection Platform (CNAPP). Look for CNAPPs to absorb additional functionality, and expect to see OEMS adding more automated, XDR-like incident response features, as well as micro-segmentation functionality, into their offerings.
This coming year, we will continue to see the consolidation of functionality into cloud security tools. Over recent years we have seen the merger of Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPP) to form Cloud Native Application Protection Platform (CNAPP).
In 2023, we will see OEMS adding more automated, XDR-like incident response features as well as micro-segmentation functionality into their offerings. Whilst we see the various cloud security tools coalescing around CNAPP, organizations should not forget the basics – know what you have (you cannot protect what you don't know you have), understand your data and its value to the business, enforce the principle of least privilege, and have visibility into your cloud platform, your vulnerabilities, in particular.