This post is part of our 2023 cybersecurity prediction series.
Gal Helemski, CTO and co-founder, PlainID
In 2023, identity-first security will gain more focus and adoption. Already we see increasing growth in the identity space as the importance of identity as the new security perimeter is sinking in. Identity solutions would expand their support, especially in the cloud, and provide deeper levels of control. An essential part of that would be understanding Authorizations and the link between the identity world and the security of data and digital assets.
Authorization manages and controls the identities' connection to digital assets (such as data). That is a fundamental part of identity-first security. It starts with the authenticated identity and continues with the controlled process of what that identity can access. Full implementation of identity-first security can’t be achieved without an advanced authorization solution that can address all required technology patterns of applications, APIs, microservices and data.
I believe most security leaders are still focused on the perimeter of their digital enterprise, which needs to change. Identity-first security can’t end at the gate. Identities and their access should be verified and controlled on all levels, access points, network, applications, services, APIs, data and infrastructure.
Already we are seeing that an increasing number of technologies and cloud vendors are offering the policy option in addition to the traditional entitlement and role-based method. This is a very positive step towards simplification of this challenging space.
Arti Raman, CEO and founder, Titaniam
In 2022, we saw a continuous flood of ransomware attacks, which spawned the increasing adoption of Ransomware as a Service (RaaS). The threat actors behind these attacks have honed their skills in ransom negotiations and extortion processes, creating a playbook they can use to go after nearly any organization. Because of this, the number of ransomware attacks we’ll see in 2023 will only continue to rise and move downstream.
To combat these attacks, organizations in 2021 and 2022 heavily invested in prevention, detection and backup technology. However, in 2023 that may not be enough. As threat actors get more creative and innovative with their malicious attacks, data security professionals also need to embrace newer, more innovative and effective technologies to defend their systems.
In fact, a recent report found that more than 99% of security professionals are searching for better data protection tools to protect themselves from ransomware and extortion. Similarly, 70% of participants in a different report indicated they experienced data theft at some point during the previous 12 months. Of those respondents, 98.6% believe a more modern data security solution could have prevented their data theft.
While no prevention technology can guarantee 100% protection, new technology must focus on assumed breach concepts and providing more guardrails. By analyzing what made successful breaches successful, we as a cybersecurity community can take the first step toward a technological shift that will revolutionize how we fight back against ransomware.
Aaron Sandeen, CEO and co-founder, CSW
As organizations struggle to navigate an unsteady economy with increasing inflation, higher interest rates, and a potential recession, many are undergoing significant layoffs and hiring restrictions. Companies are substantially reducing expenses in an effort to survive the uncertainty, including IT and cybersecurity budgets, which will ultimately have an impact on the cybersecurity industry.
As a result of the weak economy, organizations will lack the people and resources to maintain their cybersecurity defenses, which will provide bad actors an opening. With a wider range of attack vectors available in 2023, cyberthreats will advance in sophistication and harm.
Alongside dwindling resources, there is a mass amount of increasing data, with experts expecting 94 zettabytes of data worldwide by the end of the year. Making sense of the data you have is becoming more and more crucial at a time when enterprises must deal with a flood of sensitive data. Because of this, I believe the driving force behind cybersecurity initiatives in 2023 will be predictive intelligence coupled with actionable insights. Better cybersecurity is achieved by combining raw data with contextual threat intelligence that is updated continuously using automation, AI, and ML, as well as expert validation.