This post is part of our 2023 cybersecurity prediction series.
Ben Johnson, CTO and co-founder of Obsidian Security, Obsidian Security
2023 will be the year of SaaS Security Posture Management (SSPM) and securing SaaS.
2023 will be the year of SSPM and securing SaaS, but for that to happen, we must continue educating organizations on the risks of SaaS. In doing so, organizations must ensure their left-of-boom teams (vulnerability management and GRC) have the ability to reduce SaaS risk while ensuring their right-of-boom teams (security operations, incident response, threat hunting) have continuous threat management capabilities. While SaaS security has given organizations the ability to scale applied security, not just awareness, now is the time to distribute security hardening and operations to go with the distributed technology and distributed responsibility. As we know, the pandemic sped up the hybrid work model, and organizations that prioritized endpoint or public cloud security over the past couple years are now ready to secure SaaS and the modern workflow.
CISA came into its own in 2022; In 2023, the agency increase the sector’s maturity as a whole.
Financially motivated crimes such as ransomware, blackmail, and selling access tokens will continue to gain popularity and will be the top adversaries in 2023. I also believe that with the increase in economic uncertainty, as well as the recent midterm elections and shifts in power, groups like Anonymous will come back and conduct vigilante missions. Additionally, CISA came into its own in 2022. This next year, we’ll see CISA drive better, more resilient security, especially in critical infrastructure — increasing the sector’s maturity as a whole.