Virtualization Technology News and Information
Article
RSS
Coviant Software 2023 Predictions: Cybersecurity - The View from San Antonio

vmblog-predictions-2023 

Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

Cybersecurity Predictions for 2023: The View from San Antonio

By Gregory Hoffer, CEO, Coviant Software 

One of the fascinating things about op-art is how the image can change based on your perspective. It's much the same in forecasting the future in tech. Your outlook is likely to reflect your location, especially if you are rooted in Silicon Valley, the 128 Belt, Research Triangle, or the Pacific Northwest. This is what the coming year looks like from my perch in San Antonio (which is, itself, an up and comer in the tech sector).

New Regulations in the U.S.

In the coming year in the U.S., we can expect the regulatory environment to expand, setting new standards for data security, privacy protection, operational integrity, and closer communications between the private sector and federal government on issues related to cybersecurity. There will be a similar broadening of data regulations overseas. Not everyone will be happy with the changes; many will complain that the regulations are a "big government" imposition on the affairs of private business and free markets. Others will embrace the new laws and point to a broad failure of industry to address cybersecurity adequately. They'll be right.

According to the FBI's 2021 Internet Crime Report, complaints are up over 280% from 2017, and associated economic losses have risen nearly 500% during that time, from $1.4 billion to $6.9 billion. And that's just the incidents of cybercrime investigated by the FBI. Ransomware, while comprising a small percentage of the total number of complaints, is one of the most dangerous, increasingly targeting critical infrastructure organizations. Among them, hospitals and healthcare networks are the most frequent victims. This is concerning given a recent Ponemon Institute study that found 20% of hospitals that had suffered a ransomware attack also reported an increase in patient mortality.

For these reasons lawmakers will feel compelled to intervene. Already the White House has issued several executive orders and other statements intended to address various issues related to cybersecurity in the federal government, across industries, and for consumers. Laws introduced in 2022 with an intent to shore up privacy and security, like the American Data Privacy Protection Act (ADPPA) and the Protecting and Transforming Cyber Health Care Act (PATCH Act), have stalled, but may gain new momentum with the mid-term elections behind us.

New Regulations Overseas

Globally there will also be new laws and standards to pay attention to. Earlier in 2022 an agreement was reached between the U.S. and EU on a new cross-border data flow framework, and the UK is also working on establishing a new set of data privacy rules now that they are out of the EU and GDPR doesn't apply to them directly. Developing nations will also seek to improve their cybersecurity regimes to make their economic infrastructures safer to try and attract foreign investments.

Focus on Digital Supply Chain Security

Related, I think we'll see collaboration within the international business community to try and establish regulations or standards to set a much higher bar for digital supply chain security.  This will require building in incentives for participation and verification. There's far too much at stake economically to not make supply chain security a priority. Standards like the Federal Information Processing Standard (FIPS), Common Criteria, and ISO 27001 may play a role in this endeavor, but any security framework must also take into consideration smaller and medium-sized businesses that may not have the resources to adhere to rigorous compliance requirements. I had a great interview with Authority Magazine on this topic back in September 2022, if you would like to read more.

Post-Quantum Progress

Finally, ongoing work by the National Institute of Standards and Technology (NIST), the European Telecommunications Standards Institute, and other public, private, and academic organizations to develop encryption algorithms for the post-quantum era will make significant progress-but will not result in the adoption of any quantum-safe encryption standards. This doesn't mean a quantum-safe algorithm will not be developed. Instead, it will reflect the caution needed to ensure reasonable expectations are maintained.

We've already seen one potential post-quantum encryption candidate broken using current computing power; to ensure that any new standards are truly safe will require rigorous testing. This important work is necessary to ensure the safety of digital communications, and as we get closer to a world where quantum computing is viable, we are likely to see an increase in attacks by state-sponsored threat actors intended to harvest data protected with current encryption standards with an intent to decrypt them in the future using quantum computing assets. 

They say things are bigger in Texas, but our wide horizons might be just a little closer than it seems, and that's why the tech future is clearer when you're in San Antonio.

##

ABOUT THE AUTHOR

Gregory-Hoffer 

Gregory Hoffer is CEO of Coviant Software, an award-winning developer of secure managed file transfer (MFT) solutions based in San Antonio, Texas.

Published Tuesday, December 06, 2022 7:30 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2022>
SuMoTuWeThFrSa
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567