More automation, zero trust and complex attacks -- enterprise security predictions for 2023
Over the past couple of years enterprise security teams have faced a number of challenges, not least the shift to more remote and hybrid working.
This has driven forward plans to adopt automation and technologies like zero trust. So, what changes can we expect to see as we move forward into 2023?
Zero trust adoption plans will accelerate says Charles Henderson, global managing partner and head of IBM Security X-Force. "Now finally more than just a 'buzzword,' security teams will accelerate zero trust adoption plans in 2023, making several missteps along the way. Without a deep understanding of trust relationships implementations will fail and we already seeing security teams build 'less trust' rather than 'no trust' architectures. This confusion will open the door to security gaps that adversaries may take advantage of in 2023."
Torq co-founder and CTO Leonid Belkind expects greater integration between security automation tools. "The security automation ecosystem will open up, so previously disparate security systems can talk to each other. Cybersecurity cannot exist in a vacuum; systems, applications, and tools must become interoperable and interconnected. Security automation enables the seamless bridging of these systems, bringing them together under one roof, for comprehensive management, monitoring, and measurement."
Jeremy Fuchs, cybersecurity researcher/analyst at Avanan, sees complex attacks requiring a more integrated approach. "In 2023, we'll see the rise of attacks across a full-suite of platforms–from mobile to email to collaboration, etc. Attackers will up their game with more complex attacks that target the entirety of an organization’s infrastructure. This will require a more integrated approach to securing these applications, and it will require the ability for these security methods to communicate, share intelligence and prevent an attack at one point from leaping to another."
Julia O'Toole, CEO of MyCena Security Solutions, believes we'll see more credentials-based attacks:
In the 2022 Verizon DBIR, it was revealed that stolen credentials still play a part in over 80 percent of today's breaches. Criminals have identified that weak spot for years and will get even better at extracting value from it.
Breaches will continue to grow next year because organizations still don't control their network access doors: in most office environments, employees are given a username but then asked to make up their own keys (passwords). No matter how strong that password is, it is the employees who control the keys to the company. That's why the company has no control or visibility over whether passwords have been phished, shared or sold.
No organization would ever allow its employees to go out and make keys to access their offices at free will, but in the digital world they do this every day. This leads to employees being the target of phishing scams, as organizations have deliberately placed the security of their data in the hands of their employees.
Navisite CISO Aaron Boissonnault thinks companies will need to keep a tight reign on their security spend. "It's not about layering on more security technologies to address the latest threat. That not only creates management complexity but requires constant oversight in an environment where those skills are hard to find. Even as companies prioritize cybersecurity in their 2023 budgets, they should still apply a high level of scrutiny to their spend. I recommend starting with a baseline third-party security assessment, so they can understand the specific gaps they have in people, processes and technology, and then fill those gaps with the right mix of in-house and outsourced staffing and expertise."
There will be greater C-Suite demand for visibility into risk contributions of apps and the teams that build them, believe the team at Oxeye. "The days when the greatest challenge for the appsec team was 'What vulnerabilities are in our applications, and how do we remediate them?' will go away. This will be replaced by the need to establish and report metrics on the risk contribution of each application, and the chain of accountability to the teams that are responsible for their production and security. Leaders will want to know this so they can allocate resources accordingly to lower their overall risk exposure. This will force appsec teams to find tools that provide detailed, high fidelity risk profiles for each application within their care that include the 'risk score' of their applications (calculated from the total, type, and severity levels of the vulnerabilities that are left without remediation), the type of data that these applications collect, transfer and store, and the number of records that are collected, among others."
This view is echoed by Michael Mumcuoglu, CEO and co-founder of CardinalOps. "2023 is likely to be the year executives, boards, and auditors demand better cyber reporting around business risk instead of conventional metrics like mean time to respond (MTTR) and mean time to detect (MTTD). These critical stakeholders will increasingly be asking CISOs to report on their defensive posture with respect to attacks that can have a material impact on the organization -- such as ransomware attacks and attacks on crown-jewel assets like databases with sensitive information -- using metrics based on industry-standard frameworks such as MITRE ATT&CK."
There will be more use of 'multi-modal' authentication thinks Tina D'Agostin, CEO of Alcatraz AI:
Multi-modal authentication has grown recently, especially with changing work environments and enhancements in technology. These changes are driving new approaches, including the need to develop zero-trust security measures to address rises in cybersecurity breaches and workplace incidents.
This shift in the modern workplace has boosted the value of multi-modal authentication, enabling employees to access secure areas with various modes such as facial authentication, PIN codes, fingerprints, and others for greater security and flexibility.
Many companies are opting to use facial authentication as part of their multi-modal strategy because of the added benefits it offers. Iris and fingerprint technology, which can be temperamental, are known to cause more friction at the access point. Facial authentication reduces unnecessary friction and improves the speed at the access point -- essentially providing the benefits of two-factor authentication (2FA) at the speed of single factor.
We will see a rise in cloud-native breaches, believes Shira Shamban, CEO and co-founder of Solvo. "Not only will we see a rise in security incidents overall, but specifically, a rise in cloud native breaches. According to 2022 research, nearly half of all data breaches occurred in the cloud. As companies continue to migrate parts or entire infrastructures to the cloud, we will see an increase in the amount of data and crown jewels stored in the cloud, leading to more opportunities for cloud-native security incidents. Applications must be built in a way where third parties can be trusted. Because this supply chain isn't secure, hacking in the cloud holds a lot of growing value in the eyes of cyber attackers."