This post is part of our 2023 cybersecurity predictions series.
From Russian cyber warfare to increasing cyberattacks on critical infrastructure, 2022 brought a whole host of new challenges for cyber experts to navigate – and it’s already clear that 2023 will bring even more hurdles.
John McClurg, Sr. Vice President and CISO at BlackBerry provides his 2023 cybersecurity predictions:
Adversarial learning
CIOs need to understand this technique: bad actors training neural networks to fool predictive algorithms. For example, adversarial algorithms have been used to dupe cars into driving through lanes and render a stop sign invisible to classification algorithms. The same technique is applied to image and audio samples to trick prediction algorithms.
The future of the workplace
Zero Trust security measures will only become more important. Zero Trust assumes that there is no longer a traditional network edge, and takes a more stringent, continuous, and dynamic approach to user authentication, but also does this seamlessly to avoid impacting the user experience.
Human risk
Research has consistently shown that humans are still the most notable risk to cybersecurity, and this largely results from a lack of awareness, negligence, or inappropriate access controls. Training alone will not solve these problems, nor will attempts to turn everyone into a cybersecurity expert. CIOs need to focus on this truism and transition to a prevention-first security strategy by leveraging intelligent solutions that focus on impairing and impeding cyberattacks so that employees can focus on their jobs—not cybersecurity.
Increased focus on internal threats
User access to resources should also be dynamically controlled based on real-time risk assessments of their current behavior, while user-focused security controls are deployed at every enterprise network and cloud application ingress point to prevent remote employees from accidentally or intentionally violating security policies.
More sophisticated ransomware attacks
The threat landscape is rapidly expanding, and bad actors will be relentless in their efforts to carry out more sophisticated attacks in the year ahead. Ransomware will continue to make headlines, as attacks become more destructive, and threat actors develop new tactics, techniques, and procedures (TTPs) to try and stay one step ahead of vendors, while looking to leverage the massive cyber power of quantum computing wherever possible. While this technology defines a new, evolving era of advancements in data, quantum computing also offers a new set of opportunities for threat actors to gain access to sensitive information that could immobilize organizations. Security teams need to be vigilant and proactive as attackers continue to seek out innovative and creative ways to work around cybersecurity solutions.
Navigating new requirements
Producing a Software Bill of Materials (SBOM) will be top of mind for companies providing software to the U.S. government in accordance with President Biden’s Executive Order 14028, as they manage the details and navigate the implications of these new requirements. Highly visible attacks on the software supply chain start with access to the weakest link. As we head into a new year, it will be important for businesses of all sizes to be engaged as new secure software development practices are defined.
Greater IT/OT convergence
The Internet of Things (IoT) will continue to expand exponentially, bringing together physical and cyber systems. In 2023, we could see an increase in the number of organizations adopting the convergence model, particularly in the wake of CISA’s guidelines on achieving integrated security.
Lessening the impact of the skills gap
Leaders in the security space will also be focused on closing their cybersecurity skills shortage. In the face of a talent pipeline in desperate need of a turbocharge, adopting a prevention-first approach to cybersecurity, is ultimately one of the best ways businesses can guard against malicious actors as we continue to see a growing gap between threats faced and front-line security workers available to handle them.
###