2023 Cybersecurity Predictions: Experts Sound Off On Cloud, Remote Work, CISOs, and Identity

This post is part of our 2023 cybersecurity prediction series.

Andrew Smith, Senior Manager, Strategy and Market Intelligence, Wasabi Technologies

The changing role cloud will play in preventing cyber threats in 2023.

Given the heavy reliance on virtual tools to support hybrid work environments across the globe, increasing adoption of SaaS tools, and continued growth of enterprise data volumes, it is inevitable that cybersecurity threats will persist and become increasingly complex in 2023. It is nearly impossible to prevent all the ways bad actors can infiltrate networks, exploit unknown vulnerabilities, and target company data and backups to extort money from organizations.

In many ways, security preparedness and malware prevention is a cat-and-mouse game, which is why so many organizations deploy security strategies that include not just prevention and detection, but data protection, backup, and recovery as well. I expect to see more IT and security decision-makers adopting cloud-based backup strategies as a central tenet of their overall data security strategy. And, as security threats remain persistent in 2023 and beyond, cloud data management and protection features like cross-region replication and object lock/immutability will be increasingly important tools for security and infrastructure admins in their perpetual battle to prevent data loss and downtime due to malware and ransomware attack.

Jason Keogh, Field CTO, 1E

2023 will show it’s possible to achieve positive DEX and security, together.

In 2023, organizations will focus on driving a positive digital employee experience (DEX) without compromising security. Not only do draconian security controls lead to bad DEX, but they also cause users to find workarounds, which on balance creates an overall less-secure IT estate. Out of frustration with tough or confusing restrictions, they may, for example, create or store company data on personal devices or in personal cloud storage, or access company apps and data from unprotected personal machines. Better auditing and change control aligned to self-service and real-time capabilities are key to good security with good end-user experience. Looking ahead to 2023, organizations should implement real-time controls and exception handling to improve DEX and security—together.

Matt Carroll, CEO and co-founder, Immuta

CISOs will need to become the enablers - not the bottlenecks - of the modern data stack.

The rapid shift of data from on-premises to the cloud is spurring one of the greatest cybersecurity challenges to date. Despite most CISOs having a full arsenal of tools for protecting data in the cloud, the proliferation of cloud players and cloud-based SaaS solutions has accelerated data sharing to a breaking point. Traditional approaches that worked for on-premises environments can’t keep up with the exponential growth in the number of users, data sources, and policies that must be governed, managed, and secured today.

In 2023 we'll see a major shift in data security architecture, forcing CISOs to roll up their sleeves and put controls into place around this budding "Modern Data Stack." This will include proper access controls that effectively balance access and security, continuous monitoring of business intelligence, and data science activities for anomaly detection. At the same time, how we think about monitoring will have to change – zero trust won't work using traditional approaches because there are too many endpoints.

Deepak Goel, CTO, D2iQ

Cloud-native and Kubernetes projects become secure by default.

Kubernetes offers many advantages but also poses unique security challenges that can be difficult to address for organizations lacking in Kubernetes talent and experience. Although Kubernetes has many built-in security features, its security requires understanding of how to address different types of vulnerabilities that can impact each part of the stack. For many organizations, Kubernetes security has been left for the architects and developer teams to manage. However, Kubernetes clusters are not secure by default, and as threats become more advanced and mature it will be unrealistic to require developer teams to also be security experts.

This is why organizations will increasingly see the need to reevaluate their security practices and prioritize a more advanced security-focused culture in 2023. Deploying Kubernetes platforms with security built in by default will be recognized as a means to reduce the burden of security on IT teams. Keeping security and developer expertise separate will reduce the pressure and burnout on both sides.

Kaarel Kotkas, Founder & CEO, Veriff

Identity verification will be crucial to companies’ success in the Metaverse.

As technology leaders across industries prepare for the new opportunities the metaverse can offer them, security – and most importantly, a solid base of digital trust – needs to be top of mind. Despite estimates of the technology’s value reaching $800 billion by 2024, without solving the biggest roadblocks, including trust, engagement and an obvious hardware problem, connections in the metaverse for businesses and customers alike will remain just endless hype. For companies looking to take full advantage of what the metaverse has to offer in 2023, it is critical that robust and effective identity verification and KYC tools, and protocols to match, are put into place. If the metaverse is to be successful, there needs to be a guarantee that users are who they say they are.

###