The Cyber Crystal Ball: What will 2023 hold?
2022 has been a transformative year for the cyber world. Although it was somewhat expected at the start of the year that ransomware attacks would continue to grow, the Ukraine / Russia war shocked everyone and brought a whole new dynamic to the cyber landscape. The rise of political and state sponsored attacks that the conflict sparked took cyber threats to new heights.
As the war in Ukraine rages on and a recession takes hold across the globe, what will 2023 have in store and how should businesses prepare? As Richard Orange, Vice President EMEA at Exabeam, notes, “with the UK now in a recession – and a broader background of global economic uncertainty – many businesses are looking to reduce costs.”
Chris Cooper, Cyber Security Practice Director at Six Degrees, agrees that the economy will have a huge impact on the sector: “When the economy declines, traditionally, cybercrime increases. With the prevalence of malware services for hire now available on the dark web, this could be even greater than in previous years. As organisations streamline their spending, I anticipate that we will see an increasing uptick in security breaches, particularly where this spending has impacted cyber security budgets.”
Exabeam’s Orange adds that businesses might look to cut staff in order to save costs, but should be aware of the consequences that could ensue as a result: “Staff cuts present a significant insider threat risk. When large cuts are imminent, the threat also extends beyond malicious outgoing employees. Those that think they might be about to be fired, or those who have decided to resign (but haven’t yet) are all more likely to remove sensitive data – perhaps to their home devices – often even without knowing they could be committing a data breach.”
Making the best of what you have
With every business having to tighten its belt, many will be looking to get the best out of the technologies that they already have. However, one of the key things that could help organisations save money on their offerings is to consolidate their existing tech.
“There are so many tools out there and lots of businesses have multiple solutions to make sure that they are fully protected,” explains Brian Brockway, Global Chief Technology Officer at Commvault. “However, we have seen the industry start to consolidate and this should continue into 2023. All of the components need to work together in order to operate at maximum efficiency and stand the best chance of being protected. Consolidating them into one platform will be essential to ensure that you are getting the best out of your solutions and having a single pane of glass is key to managing them. Especially as costs continue to rise, organisations must ensure that they are spending every penny wisely and getting optimal output from every purchase.”
Donnie MacColl, Senior Director of Technical Support / GDPR Data Protection officer at Fortra, agrees that many organisations are already “taking action and consolidating their vendors. However, a large number of businesses are also making the decision to consolidate and merge their solution providers. Companies are becoming very aware that, after reviewing and understanding the functionality of their solutions, one supplier is capable of providing much more value than they are currently receiving from two separate ones. Organisations can then combine solutions together, creating a much stronger proposition. For example, a vulnerability management solution can pass prioritised vulnerabilities to an automation tool to perform remediation tasks, as opposed to displaying the vulnerability on a screen and waiting for a person to manually step in.”
What’s new?
Although 2023 will be largely about utilising existing technology to ensure that costs are kept to a minimum, we can also expect to see a number of new technologies emerging.
Jeff Sizemore, Chief Governance Officer at Egnyte, provides insight into what he sees taking off next year: “Secure data enclaves will drive infrastructure spending in 2023 as companies understand how to better manage their content amid increasing cyber threats. Much like a safe or vault, secure enclaves allow organisations to protect their highly sensitive data – such as intellectual property, Controlled Unclassified Information (CUI) and Personally Identifiable Information (PII) – in a controlled environment where authorised users can collaborate. In a world where not all data is created equal, I anticipate that we will see increased adoption of secure enclaves across business disciplines in the new year, enabling organisations to handle their sensitive content more effectively.”
Gal Helemski, CTO and Co-Founder of PlainID, advocates that identity-first security will be key for 2023: “Already we see increasing growth in the identity space as the importance of the identity as the new security perimeter is sinking in. Identity solutions would expand their support especially in the cloud and provide deeper levels of control. Important part of that would be the understanding of authorisations and the link between the identity world to the security of the data and digital assets in general.”
Finally, Itay Shakury, Director of Open Source at Aqua Security, explains how legislation will have an impact on how we utilise new technologies and push the industry forward: “With supply chain security rising to be a top concern, it seems that SBOM (Software Bill of Materials) are the culmination of industry efforts to take control of the situation. The U.S.A. White House executive order on this matter, and the later NSA report are pushing the industry to further accelerate this momentum. While simply generating SBOM is already becoming easily accessible today, the processes and tools around handling, signing, and managing the SBOMs, as well as applications of SBOMs in different use cases will become more sophisticated and prevalent”.
