This post is part of our 2023 cybersecurity prediction series.
Jon Check, Executive Director of Cyber Protection Solutions at Raytheon Intelligence &
Space
Ransomware attacks have become more complex – and will only continue on this path in 2023.
Unfortunately, any penalties for such attacks will have little to no effect as the next attacker will only become smarter and harder to catch, especially now that these attacks have become commoditized and attackers are able to put money into researching and developing more sophisticated threats. We must combat this by bringing our best diverse thinking to the table, while welcoming and inviting unique and diversified talent not always thought to be connected to the cybersecurity industry. The best ideas and most impactful solutions will come from taking a new path shown to us by an unexpected guide.
John DeSimone, President of Cybersecurity, Intelligence and Services at Raytheon Intelligence & Space
As cybersecurity threats intensify, there remains a struggle to develop talent to meet and keep pace with the expanding cyber landscape.
We as an industry should broaden our perspective on hiring to recruit and develop non-traditional talent heading into the new year. Ultimately, the cybersecurity industry needs creative problem solvers from various backgrounds and disciplines - not limited to experiences only in cyber. Creativity is a skill that can’t necessarily be taught, but we can teach these candidates how to use technology they don't already know. Each candidate’s unique skill set will help advance these technologies and effectively prepare the industry for the latest cyber threat.
Torsten Staab, PhD, Principal Engineering Fellow, at Raytheon Intelligence & Space Quantum
Day defense strategies will become more of a priority.
While Quantum Day or “Q-Day”, might be still 5-10 years out, it is coming faster than we would like. Q-Day represents the day that quantum computers will be powerful and stable enough to use the superpositioning power of qubits (i.e., quantum bits that can assume multiple states at once) to break widely used asymmetric encryption algorithms such as RSA. Unfortunately, these quantum-vulnerable encryption algorithms are widely used around the world to secure many of today’s ecommerce, finance, healthcare, critical infrastructure, and defense systems. Once Q-Day arrives, adversaries will be able to decrypt sensitive and classified communications and information if these algorithms stay in place.
The U.S. Department of Commerce’s (DoC) National Institute of Standards and Technology (NIST) announced it was getting ready to standardize the first set of four Post-Quantum Crypto algorithms.. Standardizing such algorithms means organizations around the world can begin replacing existing quantum-vulnerable encryption algorithms, helping to counter the “collect now, decrypt later” strategy currently being used by adversaries. Experts predict that globally it wi
ll take well over a decade to upgrade or replace affected systems with quantum-secure, Post-Quantum Cryptography-based (PQC) systems.
Heading into 2023, developing and deploying quantum-resistant security strategies will become a growing priority for organizations in order to better defend their systems, networks, and data from future quantum attacks.
Organizations will continue to adopt Zero Trust Security step-by-step.
Zero Trust (ZT) Security is a security model, not a product. Adopting Zero Trust Security across an enterprise requires careful planning and the use of complementary, multi-vendor solutions. For many organizations, adopting Zero Trust Security will be a multi-year journey. Establishing a solid ZT strategy up front and developing a phased, step-by-step implementation plan to avoid boiling the ocean and losing focus will be key to a successful Zero Trust Security implementation.
Moving into 2023, look for additional ZT implementation guidance and recommendations from NIST and the U.S. Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA).
Furthermore, as we head towards the Quantum Computing Era, adopting a Zero Trust architecture will become more important than ever. Zero Trust principles such as “never trust, always verify” and “assume breach,” coupled the PQC-inspired concepts such as Crypto Agility (i.e. the ability to seamlessly switch between classical and PQC algorithms and quickly replace compromised crypto algorithms if needed) will apply to any organization and be key for providing future-proof, next-generation cyber security.
Melissa Rhodes, Executive Director Human Resources at Raytheon Intelligence & Space
In the new year, we’ll begin to see a higher demand for the security industry to expand in more ways than one.
Specifically, it will call for deliberate leaders who have the self-awareness to question hiring choices. Giving one job candidate an edge over the others because of “cultural fit” or “gut feel” can all be signs of unconscious bias creeping into those decisions. If the cyber industry doesn’t recognize this, it will limit the creativity that goes into brainstorming, problem solving, and new ideas that are essential for fighting cybercrime. In fact, the business case for diversity is well-documented - a study conducted by the Boston Consulting Group indicates that diversity increases innovation, expanding ideas and ultimately impacting a company’s bottom line. In response, the security industry as a whole must be committed to giving opportunities to grow and learn to all those who have unique backgrounds that could also lend themselves to a successful cyber career. Because cyber attacks don’t discriminate, it will require diverse thinking to counter them and protect our way of life.
###