Society has been predicting the technology of the future since Jules Verne. Remember the Jetsons? Based on the predictions in that show, we should be flying cars to work and enjoying fully automated robot maid service. But for cybersecurity, predicting the future is grounded in realities that are already here. For the casual reader, forecasting the future of cybersecurity for the year ahead might seem like guess work or prognostications, but those in cybersecurity have to proactively anticipate what the “bad guys” may be planning. When it comes to predicting industry trends, a good rule of thumb is that the more reliable a source is then the more accurate the prediction will tend to be.
This last year, one of the biggest security problems I pointed out was the infestation of bots, and we witnessed their harmful influence emerge in the Game Stop saga and then again over at Twitter where their presence exaggerated the number of accounts that were active and harmed the integrity of what was shared on the platform. We’ll see more bots emerge in the news this year, but new evolving threats are going to be the norm in 2023. Part trend, part signal, and part experience, here are more cybersecurity predictions to look for in 2023.
Big Year Of SASE
Get ready for big buzz on SASE – Secure access service edge is a cybersecurity technology on the verge of a massive push. It comes down to organizations seeking simplified solutions, tighter technology stacks, and an achievable alignment between network performance and security as data and users become more diverse, more widely distributed, and more vulnerable than ever. Think of this as secured data that is closer than ever to the edge of the network with a minimal amount of distance to the end user.
Zero Trust Adoption
Many sources cite that the industry is still underutilizing the Zero Trust cybersecurity principles. Updated security platforms and tools are broadly adopting Zero Trust integration and for the most part, this appears to be a cultural and educational matter that will see increasing adoption in the year ahead. While Zero Trust is not the proverbial ‘silver bullet’ of cybersecurity, it is part of the foundation of evolving cybersecurity that strives to authenticate users everywhere possible in a modern cloud infrastructure.
Rise In Targeted Ransomware
All you need to do to get the pulse of the ransomware threat today is pull it up as a search term in the news on any given day of the week. Ransomware attacks happen in one of two ways: by opportunistic means, or by targeting someone or something. Targeted attacks are way more sophisticated and specific, and we have seen an increase in reports that indicate custom ransomware has been launched against an organization’s specific technology stack. In the crosshairs have been large organizations that are multi-national, and through the definition of its services cannot endure a prolonged outage. More companies, more municipalities, and more core service businesses must be on the lookout, and ensure they are comprehensively protected by a triad of methods: secure the environment, have a plan to elegantly recover from a breach, and an ongoing assurance plan of security and compliance.
Cyber Regulations And The Effect On Cyber Insurance
Last year, we discussed the death and rebirth of the Cyber Insurance industry, and it came true in many ways. Cyber insurance companies were taking a ransomware and incident recovery cost beating. To fight back, premiums are beginning to skyrocket, new pre-policy cybersecurity compliance standards will be the industry norm, and conditions across the board are going to change. Many have been keeping a close eye on regulations and activities within the executive branch of the federal government when it comes to the topic of cybersecurity. We expect regulations to emerge this year around the subject of ransomware payments. This means more reporting, cyber insurance ramifications, and new pre-compliance standards will arrive. We will actively work for and hope for good legislation as these initiatives emerge.
Space And Airline Hacks
Where is Elon today? There’s an actual Twitter account that tracks and shares the location of his personal jet. One thing is for certain, his efforts at SpaceX continue to make headlines as rockets, satellites, and space missions dazzle the news cycle. It is a tale of a new space age that has computer technology and networking at its core while the whole world is watching, participating, and in some cases, bad actors are looking for the perfect opportunity to strike. With other less capable competitors launching satellites into space, there is a likelihood that this year will contain some kind of a major space tech breach, against a satellite, launch center, a network, communications – in other words, hacking will take on a new horizon, breaking free from Earth and adversely impacting satellite technology or potentially even commercial airplanes.
A Major Crypto Event
For all the financial opportunity crypto promised investors and aspires to create, its reputation has taken a beating. And the horror stories about crypto-exchange incidents are overwhelming the industry with negative press. For example, Binance lost $100m in a direct cyberattack. Various tokens have been breached. Then there was the FTX cryptocurrency exchange and hedge fund debacle. The fragility of the space has created uncertainty in its security and another crypto breach could be the final domino that knocks all other dominoes down to undermine the future of crypto currency as a viable financial alternative.
Arresting Insider Threats
Cybercrime is hard to prove especially when conducted by an insider, but we can expect more apprehensions and arrest warrants for insiders that wish to do harm from the inside. Human error is one thing, and let’s be frank – it’s one of the primary reasons in the aftermath of many data breaches. Insider threats, as funded by the like of Lap$us, include corporate malice, espionage, social engineering, and other aspects of human access that are difficult to protect against and prepare for. Hackers are aware of these facts and thus in addition to the increased targeting, meaning the stakes have never been higher. In either case, the tools of resolution include more technical and human awareness. You can be certain that companies affected by insider threats will begin to pursue comprehensive security measures that includes forensic data collection, as well as severe punitive measures against malicious actors. The caveat is the insider culprits must be operating in jurisdictions that are willing to prosecute cybercrime, which is not a trivial matter when dealing with the outsourcing sprawl seen across global tech.
Growing Threat In 5G And APIs
On the heels of the mobile and app threat – fluid and exploding data add an increasingly vulnerable component to the future of cybersecurity. 5G mobile networking has added an entirely new high-speed dimension to every existing threat. In addition, automation, and integrations from cloud to app, app to app, from ecosystem to ecosystem, and beyond – they all entail that some type of API is in place and to hackers, that just means something else to pick at and exploit. Building secure software solutions means integrating security across the infrastructure, networking, all the way up to the application in the stack. Between 5G connectivity, weak IoT cybersecurity standards, and an ever-expanding world of API, it won’t be long before unknown cracks result in a massive incident. This why comprehensive API security is so critical.
Big Breaches? Big Fines
It seems like nothing is immune from inflation. The hammer will start to come down harder and more frequently when an organization is breached. Adding to that trend – state privacy laws are about to go into effect, along with new measures of compliance specific to breaches. The rules are becoming stricter so expect that the fines that are on the books to hit pocket books even harder, especially as future fines are expected to grow against anyone that isn’t deemed to have had their house in order prior to a breach.
Flight From Point Products
Not so long ago, the trend was to diversify and add feature ‘differentiators’ to add to the protective potential of products. And so, organizations have many brands in house – one brand of EDR, a different brand for A/V, another for firewall, IDS, IPS, DLP, and the list goes on. Well, it turns out that created a lot of places to keep track of and a lot of different things to integrate. Survey after survey indicate that a growing number of companies are looking for simplification in cybersecurity. Less diversity and more native function make the most sense for better operations.
Linux Won’t Be Immune
Serious security practitioners have never considered Linux to be a zero threat, but the platform has historically benefitted from reduced targeting because purpose-built systems, community-built standards, and overall performance have largely exempted this operating system from widespread threats. If you’ve ever wondered if nothing good can last forever, you can believe it when it comes to Linux. Sooner or later, this one is happening.
Onward, State-Sponsored Mayhem
One of the most efficient and effective tools of modern warfare is cyber war. As we witnessed in 2022, there is no break in this action and it is a full-spectrum battlefield of leaked credentials, supply chain attacks, breaches, loss of industrial secrets, and everything that comes with attacking another nation in the world of geopolitical spy games. We can never let our guard down on the global stage when it comes to proactively combatting evolving cyber threats. And the number of nations currently engaged in cyber war against each other has made it the frontlines of national security and can impact a nation’s readiness for an actual shooting war.
Technology predictions are a funny business sometimes, but not in cybersecurity. There’s nothing worse than encountering a cyber situation where you have no idea what is going on – or how to deal with an attack – or finding out your technology team could have prevented these situations with better cybersecurity tools, services, and practices.
That is part of the reason why these predictions for 2023, while not perfect, are so critical for looking ahead. They help us all to mindfully plan our security posture and readiness to counter some of the most nefarious bad actors and criminal minds in cyberspace. These predictions help set the framework for how we can set ourselves up to be prepared for potential threats. This is the call we heed as professionals in the cybersecurity field, and with the cutting-edge and evolving advantages of comprehensive security, we’re well equipped for a new year on the frontlines.
originally posted on forbes.com by Emil Sayegh
About Author: Emil Sayegh is the President and CEO of Ntirety, a global leader in Comprehensive Compliant Cybersecurity Services. Emil is an early pioneer of the Cloud, having launched and led successful Cloud computing businesses for Rackspace, HP, and Codero. Recognized as one of the “fathers” of Open Stack, Emil also led the merger between Hostway Inc. and Hosting Inc. to form Ntirety, which manages IT Security for organizations across the Fortune 500. Ntirety is the only company that embeds compliant security throughout an organization’s IT systems and culture. Emil has spent more than 25 years in the IT industry developing, marketing, and growing businesses for Dell, Rackspace, HP/Compaq, RLX Technologies, Codero, Hostway, and now Ntirety. He holds nine patents.