This post is part of our 2023 cybersecurity prediction series.
Gal Helemski, CTO and co-founder, PlainID
In 2023, identity-first security will gain more focus and adoption. Already we see increasing growth in the identity space as the importance of identity as the new security perimeter is sinking in. Identity solutions would expand their support, especially in the cloud, and provide deeper levels of control. An essential part of that would be understanding Authorizations and the link between the identity world and the security of data and digital assets.
Authorization manages and controls the identities' connection to digital assets (such as data). That is a fundamental part of identity-first security. It starts with the authenticated identity and continues with the controlled process of what that identity can access. Full implementation of identity-first security can’t be achieved without an advanced authorization solution that can address all required technology patterns of applications, APIs, microservices and data.
I believe most security leaders are still focused on the perimeter of their digital enterprise, which needs to change. Identity-first security can’t end at the gate. Identities and their access should be verified and controlled on all levels, access points, network, applications, services, APIs, data and infrastructure.
Already we are seeing that an increasing number of technologies and cloud vendors are offering the policy option in addition to the traditional entitlement and role-based method. This is a very positive step towards simplification of this challenging space.
Arti Raman, CEO and founder, Titaniam
In 2022, we saw a continuous flood of ransomware attacks, which spawned the increasing adoption of Ransomware as a Service (RaaS). The threat actors behind these attacks have honed their skills in ransom negotiations and extortion processes, creating a playbook they can use to go after nearly any organization. Because of this, the number of ransomware attacks we’ll see in 2023 will only continue to rise and move downstream.
To combat these attacks, organizations in 2021 and 2022 heavily invested in prevention, detection and backup technology. However, in 2023 that may not be enough. As threat actors get more creative and innovative with their malicious attacks, data security professionals also need to embrace newer, more innovative and effective technologies to defend their systems.
In fact, a recent report found that more than 99% of security professionals are searching for better data protection tools to protect themselves from ransomware and extortion. Similarly, 70% of participants in a different report indicated they experienced data theft at some point during the previous 12 months. Of those respondents, 98.6% believe a more modern data security solution could have prevented their data theft.
While no prevention technology can guarantee 100% protection, new technology must focus on assumed breach concepts and providing more guardrails. By analyzing what made successful breaches successful, we as a cybersecurity community can take the first step toward a technological shift that will revolutionize how we fight back against ransomware.
Aaron Sandeen, CEO and co-founder, CSW
As organizations struggle to navigate an unsteady economy with increasing inflation, higher interest rates, and a potential recession, many are undergoing significant layoffs and hiring restrictions. Companies are substantially reducing expenses in an effort to survive the uncertainty, including IT and cybersecurity budgets, which will ultimately have an impact on the cybersecurity industry.
As a result of the weak economy, organizations will lack the people and resources to maintain their cybersecurity defenses, which will provide bad actors an opening. With a wider range of attack vectors available in 2023, cyberthreats will advance in sophistication and harm.
Alongside dwindling resources, there is a mass amount of increasing data, with experts expecting 94 zettabytes of data worldwide by the end of the year. Making sense of the data you have is becoming more and more crucial at a time when enterprises must deal with a flood of sensitive data. Because of this, I believe the driving force behind cybersecurity initiatives in 2023 will be predictive intelligence coupled with actionable insights. Better cybersecurity is achieved by combining raw data with contextual threat intelligence that is updated continuously using automation, AI, and ML, as well as expert validation.
Richard Bird, Chief Security Officer, Traceable
In terms of trends we need to shine a light on, 2023 will be the year that the leaders in the majority of companies, organizations and agencies around the world wake up on any given morning and think, ‘Whoa, I have a security problem!’ As we close out 2022, most enterprises either don’t realize the size of the risk they currently face with their unsecured and largely unmanaged API ecosystem or they are willfully ignoring the risks by believing that API gateways and web application firewalls are protecting them. We should be very happy that the current state and maturity of API security affords us the opportunity to get it right in 2023. API security is a greenfield within most companies and organizations today, which means we are in a moment where we can choose tools, processes and frameworks that will deliver huge improvements in security and risk mitigation. The alternative, if we don’t capitalize on this moment, is that in 2024 and beyond API security tactics and performance will be dictated and demanded of us by regulators and we will no longer have the flexibility and agility to meet these challenges without the overhead of compliance pressures.”
2023 will be the break-out year for API security as a focus area for many of the Fortune 1000 companies. The lack of control, security and governance around APIs isn’t just exposing companies to serious risks, but also to massive amounts of operational inefficiencies caused by APIs being developed and deployed independently across multiple devops teams. This means that there are huge numbers of “zombie” APIs, abandoned, but never removed from a company's systems. There are costly redundancies due to the inability for companies to enforce and inform DevSecOps on internal standards for API creation and deployment. Without visibility into the API ecosystem at a company, you can bet that money is being wasted on the creation of redundant APIs happening nearly every day. That redundancy comes at a cost, inefficiency isn’t free.
In 2023, API security will drive realizations and revelations by enterprises that go beyond the threat and risks of APIs. API security is dependent on the discovery and collection of the APIs that a company is exposed to. Once organizations take that step, they quickly realize that the entire operational framework of their API management is problematic. There is very little in the form of standardization and governance for APIs in most companies, which means that there are huge amounts of inefficiency and costly redundancy across those same APIs. API security in 2023 will create a broader understanding of not only the risks a company is facing, but also the costly consequences of a broadly unmanaged function within their organizations.
The pathway to self-awareness and self-learning about API security starts with taking a simple step; exercising intellectual honesty. API security and operations isn’t something new. It is an extension of the best practices that have always been demanded in the digital world. If you believe you don’t have an API security problem because you don’t use a lot of APIs or because you leverage an API gateway or web application firewall, you’re not being intellectually honest. Every day, in highly publicized events, the attack surface and vulnerabilities of APIs is being clearly communicated to the market. Believing that APIs won’t be opportunistically exploited by bad actors just isn’t supported by data, evidence and the history of technological evolution. The time to learn and move on API security is now, not two years from now when the seriousness of the risk is fully understood.
Surya Varanasi, CTO, storcentric
The ransomware threat will continue to grow and become increasingly aggressive – not just from a commercial standpoint, but from a nation-state warfare perspective as well. Verizon’s 2022 Data Breach Investigations Report, reminded us how this past year illustrated, “... how one key supply chain incident can lead to wide ranging consequences. Compromising the right partner is a force multiplier for threat actors. Unlike a financially motivated actor, nation-state threat actors may skip the breach altogether, and opt to simply keep the access to leverage at a later time.” For this reason, channel solutions providers and end users will prioritize data storage solutions that can deliver the most reliable, real-world proven protection and security. Features such as lockdown mode, file fingerprinting, asset serialization, metadata authentication, private blockchain and robust data verification algorithms, will transition from nice-to-have, to must-have, while immutability will become a ubiquitous data storage feature. Solutions that do not offer these attributes and more won’t come even close to making it onto any organization’s short-list.
Consumer attitudes towards online security and privacy will heighten. A key driver here will be that while enterprises getting hacked and hit by ransomware continue to make the headlines, cybercriminals have begun to hit not just enterprise businesses with deep pockets, but SMBs and individuals. SMBs and individuals/consumers are actually far more vulnerable to successful attacks as they do not have the level of protection that larger enterprises have the budgets to employ. As work from home (WFH) and work from anywhere (WFA) remain the paradigm for many across the data/analytics field, they will require data protection and security solutions that can also protect them wherever they are.
In the coming year, The ideal cybercrime defense will be a layered defense that starts with a powerful password, and continues with Unbreakable Backup. As mentioned, backup has become today’s cyber criminals' first target via ransomware and other malware. An Unbreakable Backup solution however can provide users with two of the most difficult hurdles for cyber criminals to overcome – immutable snapshots and object locking. Immutable snapshots are by default, write-once read-many (WORM) but in the coming year, sophisticated yet easy to manage features like encryption where the encryption keys are located in an entirely different location than the data backup copy(ies) will become standard. And then to further fortify the backup and thwart would be criminals in the coming year we will see users leveraging object locking, so that data cannot be deleted or overwritten for a fixed time period, or even indefinitely.
Brian Dunagan, Vice President of Engineering, retrospect
Freedom and flexibility will become the mantra of virtually every data management professional in the coming year. In particular, data management professionals will seek data mobility solutions that are cloud-enabled and support data migration, data replication and data synchronization across mixed environments including disk, tape and cloud to maximize ROI by eliminating data silos. We will likewise see an uptick in solutions that support vendor-agnostic file replication and synchronization, are easily deployed and managed on non-proprietary servers and can transfer millions of files simultaneously – protecting data in transit to/from the cloud with SSL encryption.
Ransomware will remain a huge and relentlessly growing global threat, to high profile targets and to smaller SMBs and individuals as well. There are likely a few reasons for this continuing trend. Certainly, one is that today’s ransomware is attacking widely, rapidly, aggressively, and randomly – especially with ransomware as a service (RaaS) becoming increasingly prevalent, looking for any possible weakness in defense. The second is that SMBs do not typically have the technology or manpower budget as their enterprise counterparts.
While a strong security defense is indispensable, we will see that next year security leaders will ensure additional measures are taken. Their next step will be enabling the ability to detect anomalies as early as possible in order to remediate affected resources. Large enterprises, SMBs and individuals alike will need a backup target that allows them to lock backups for a designated time period. Many of the major cloud providers now support object locking, also referred to as Write-Once-Read-Many (WORM) storage or immutable storage. Users will leverage the ability to mark objects as locked for a designated period of time, and in doing so prevent them from being deleted or altered by any user - internal or external.
Tyler Farrar, CISO, Exabeam
Nation-state actors will continue cyber operations in 2023; whether these attacks increase, decrease, or stay the same ultimately depends upon the strategic objectives of each campaign. Based on the current geopolitical climate, I think we can expect these cyberattacks to increase across the major players. For example, Russia’s failure in Ukraine exposed its weaknesses to the world, but its attacks are likely to continue against Ukraine, including operational disruption, cyber espionage, and disinformation campaigns. It would be unsurprising for the attacks to expand beyond Ukraine too, as Russia's leader attempts to prove Russia is not weak. Likewise, cyber espionage is a key tactic in China’s strategy for global influence and territorial supremacy, and I think we can expect these operations to increase, particularly across private sector companies.
In 2023, state policies will directly influence cybercriminal and hacktivist communities to obfuscate sources and methods, increasingly blurring the lines between nation-states, cybercriminals, and hacktivists. Cybersecurity teams would be wise to remain flexible with respect to threat actor attribution.
The economic downturn, and in particular inflation, has - and will continue to have - a significant impact on security spend, likely forcing reductions and leveling impacts to organizations and to threat actor behavior. The key to defense for these organizations is doubling down on cyber talent and security tools. Meanwhile, security organizations should aim to consolidate legacy technology platforms, decreasing redundant tooling, in addition to controlling cloud spend, to manage high operational costs and complex integrations.
I think this is a good time to remind organizations that zero trust is simply a security framework, not a tool. It is not a ‘single solution,’ but rather a framework used to secure data in a modern digital enterprise. Zero trust is also not overhyped, despite some opinions to the contrary. It has become a critical step towards mitigating cyber risk, detecting malicious behavior, and responding to security incidents. By requiring users and devices to be authenticated, authorized, and continuously monitored for a ‘trusted’ security posture before access is granted, zero trust can contain threats and limit business impacts when a breach does occur.
We’ve seen the classic Cat and Mouse Game before: as credential-based attacks evolve, so too do cyber defenses. Threat actors will continue to leverage tried and true methods like social engineering, initial access brokers, and information stealer tools to carry out their objectives. Where multi-factor authentication stands in the way of compromising an account with stolen credentials, we can expect cyberthreat actors to implement new techniques to bypass this particular layer of defense. I think this will lead to an expansion of passwordless authentication solutions, to combat the attackers.
We can also expect to see more malicious attacks, as anyone can play this game. A broader set of threat actors will join in to conduct cyber operations in 2023. They have financial motivation, government mandates to justify their cause, not to mention bragging rights that increasingly attract a younger group of threat actors.
During the past year, we witnessed several high-profile breaches, where organizations suffered severe brand damage. This resulted in a shift from data recovery to reputation management when faced with a ransom. I expect to see threat actors shift their strategies to exploit this fear through extortion vs. ransomware in the year ahead.
Further, threat actors will continue to take advantage of weaknesses in the software supply chain, which will become the number one threat vector in 2023. Organizations should create a vendor risk management plan, thoroughly vet third-parties and require accountability, to remain vigilant and align to cybersecurity best practices. This is critical too, as cyber insurance claims have exploded. We can expect to see insurance companies lowering their risk appetite and reducing client coverage in 2023. If your organization is in the market for a policy, expect to pay a hefty premium, or face a rigorous review of the organization’s security posture, as insurance companies increase their due diligence to avoid liability.
MarKeith Allen, Senior Vice President and GM, Mission-Driven Organizations, Diligent
Digital Transformation is continuing to make its way into the boardroom in a strong way and the process will continue to accelerate in 2023. The new reality of work is a mix of virtual and in-person, and the move to digitize will continue to be a priority in the new year.
Instead of being considered an add-on to a digital strategy, modernizing governance, risk and compliance capabilities should be seen as a core component. Establishing the clarity and accountability necessary for a successful digital transformation strategy is key. The need for technology that provides more than just basic online board data repositories is growing as both the digital and governance landscapes are evolving quickly. Board portals must evolve into comprehensive governance, risk, audit, and compliance platforms that promote connectedness and transparency among executives, boards, and staff.
In 2022 we saw increased adoption of modern governance initiatives like ESG and tools that support better decision-making. An example is the rise of organizations—public and private—focusing on environmentally sound and sustainable solutions in order to satisfy ever-changing demands. Moving into 2023 we'll see increased demand and adoption of governance, risk and compliance solutions that provide innovative leaders with the insights to drive greater impact and lead with purpose.
Neil Jones, Director of Cybersecurity Evangelism, Egnyte
For the first time in a long while, cybersecurity is being viewed as a strategic investment rather than a budgetary line-item. I anticipate this trend to accelerate in 2023. By following effective cybersecurity practices like the implementation of ongoing, company-wide cybersecurity training, maximizing endpoint security, and limiting access to data on a ‘business need to know’ basis, organizations can alleviate downtime and improve employee productivity. Over the long haul, cyberattack prevention is almost always less expensive than passively waiting for an attack to occur. At a time when businesses are managing expanding data volumes, cybersecurity must be an always-on company priority.
###