Virtualization Technology News and Information
Article
RSS
How to Protect the Digital Landscape in 2023

Organizations are increasingly cautious in regard to navigating the economic downturn. Increased inflation and reduced expenses are causing many to take a close look at the budgets for cybersecurity in the face of growing complexities of the cyber attack landscape. 

As a preventive measure, more organizations heavily invested in prevention, detection and response tools to combat ongoing cyber threats in 2022. However, as threat actors continue to develop new tactics and become more sophisticated, these tools may not offer complete protection. Coming into the new year, organizations need to look to more innovative technologies to ensure the safety of their systems and digital assets.

With the economic situation constantly evolving several tech leaders have gathered to discuss the invaluable insights and torrent of innovations that we should expect in 2023. Read below for their advice and insights.

++

Neil Jones, director of cybersecurity evangelism, Egnyte

"For the first time in a long while, cybersecurity is being viewed as a strategic investment rather than a budgetary line-item. I anticipate this trend to accelerate in 2023. By following effective cybersecurity practices like the implementation of ongoing, company-wide cybersecurity training, maximizing endpoint security, and limiting access to data on a ‘business need to know' basis, organizations can alleviate downtime and improve employee productivity. Over the long haul, cyberattack prevention is almost always less expensive than passively waiting for an attack to occur. At a time when businesses are managing expanding data volumes, cybersecurity must be an always-on company priority."

++

Aaron Sandeen, CEO and co-founder, CSW

As organizations struggle to navigate an unsteady economy with increasing inflation, higher interest rates, and a potential recession, many are undergoing significant layoffs and hiring restrictions. Companies are substantially reducing expenses in an effort to survive the uncertainty, including IT and cybersecurity budgets, which will ultimately have an impact on the cybersecurity industry.

As a result of the weak economy, organizations will lack the people and resources to maintain their cybersecurity defenses, which will provide bad actors an opening. With a wider range of attack vectors available in 2023, cyberthreats will advance in sophistication and harm.

Alongside dwindling resources, there is a mass amount of increasing data, with experts expecting 94 zettabytes of data worldwide by the end of the year. Making sense of the data you have is becoming more and more crucial at a time when enterprises must deal with a flood of sensitive data. Because of this, I believe the driving force behind cybersecurity initiatives in 2023 will be predictive intelligence coupled with actionable insights. Better cybersecurity is achieved by combining raw data with contextual threat intelligence that is updated continuously using automation, AI, and ML, as well as expert validation.

++

Tim Prendergast, CEO, strongDM

Looking into next year, I think we will see the security market continue to build toward practical applications of zero trust philosophies, as the industry gets its feet under itself in terms of figuring out how to talk with customers about what 'zero trust' means and how it is supposed to work. For their part, I think customers are reaching a tipping point of being very well-educated in this market, and I think that will cause established companies to reposition product portfolios into a focused 'zero trust' messaging platform, to address the customer opportunity.

In 2023 the talk will continue around a pending recession, but we remain hopeful that things will turn around by 2024. People will begin investing in startups again that are innovating in this space. We may see a lot of private equity or mergers and acquisition continue to drive the security space. There will be a definite shift in how people are looking at this chessboard.

I want to offer simple advice for businesses in the new year, especially in a downturned economy. Be a good steward of the capital you have in front of you. I think many companies got into the habit - due to investors and plentiful cash at low-interest rates - of thinking that you can always get another round of funding. In a bear market, you realize that's not a possibility, so you must go back to the fundamentals of business. Be profitable, and focus on incrementally growing the business. Support the investments you've made and focus on optimizing your processes that can keep the pipeline busy without over-complicating it all. For example, with free-flowing cash, a lot of people were like, 'Let's go, attack 25 different markets!' Instead, focus on the core markets your business does really well. I think people were really getting a bit over their skis and trying to do too much at once.

In 2023, the market will see businesses taking more of an iterative approach to building out the business, its markets and products. Every year is a good year to build on solid fundamentals, and 2023 will be a year for organizations to be smart, and not get over their skis. One of the biggest trends that will absolutely continue into 2023 is the decentralization of the traditional corporate headquarters. We have emerged from the pandemic into a new working reality which is that the best people live where they want to live. This has led businesses to the compromise of creating a place where they can work and be contributing to the company's goals but also, they can be happy and have a fulfilling personal life. I think that the cliche work-life balance that so many people have struggled with for so long has finally gotten to a place where it feels attainable with a decentralized workplace. No one wants a job where they occasionally get to have a life, too. I think that's a fair expectation.

There are also other benefits to being decentralized, especially when you look at the distribution of people in city centers, traffic is horrible and it's not great for the environment. People being able to work from wherever they happen to be, but still have opportunities for occasional on-site or human interaction is the future. People want their time to be spent in meaningful ways, not just filling seats in the office between eight and 6 p.m. I don't think that's a reality. We have the technology to have productive conversations and get a lot of work done. In the end, I think that's better for the economy and the planet. It's why we've always been a remote-first business - because as a company that sells a SaaS solution, we don't need to physically be in the same location to build our product.

++

Surya Varanasi, CTO, StorCentric (www.storcentric.com):

1.)   The ransomware threat will continue to grow and become increasingly aggressive - not just from a commercial standpoint, but from a nation-state warfare perspective as well. Verizon's 2022 Data Breach Investigations Report, reminded us how this past year illustrated, "... how one key supply chain incident can lead to wide ranging consequences. Compromising the right partner is a force multiplier for threat actors. Unlike a financially motivated actor, nation-state threat actors may skip the breach altogether, and opt to simply keep the access to leverage at a later time." For this reason, channel solutions providers and end users will prioritize data storage solutions that can deliver the most reliable, real-world proven protection and security. Features such as lockdown mode, file fingerprinting, asset serialization, metadata authentication, private blockchain and robust data verification algorithms, will transition from nice-to-have, to must-have, while immutability will become a ubiquitous data storage feature. Solutions that do not offer these attributes and more won't come even close to making it onto any organization's short-list.

2.)   Consumer attitudes towards online security and privacy will heighten. A key driver here will be that while enterprises getting hacked and hit by ransomware continue to make the headlines, cybercriminals have begun to hit not just enterprise businesses with deep pockets, but SMBs and individuals. SMBs and individuals/consumers are actually far more vulnerable to successful attacks as they do not have the level of protection that larger enterprises have the budgets to employ. As work from home (WFH) and work from anywhere (WFA) remain the paradigm for many across the data/analytics field, they will require data protection and security solutions that can also protect them wherever they are.

In the coming year, The ideal cybercrime defense will be a layered defense that starts with a powerful password, and continues with Unbreakable Backup. As mentioned, backup has become today's cyber criminals' first target via ransomware and other malware. An Unbreakable Backup solution however can provide users with two of the most difficult hurdles for cyber criminals to overcome - immutable snapshots and object locking. Immutable snapshots are by default, write-once read-many (WORM) but in the coming year, sophisticated yet easy to manage features like encryption where the encryption keys are located in an entirely different location than the data backup copy(ies) will become standard. And then to further fortify the backup and thwart would be criminals in the coming year we will see users leveraging object locking, so that data cannot be deleted or overwritten for a fixed time period, or even indefinitely.

++

Brian Dunagan, Vice President of Engineering, Retrospect (www.retrospect.com):

1.)   Freedom and flexibility will become the mantra of virtually every data management professional in the coming year. In particular, data management professionals will seek data mobility solutions that are cloud-enabled and support data migration, data replication and data synchronization across mixed environments including disk, tape and cloud to maximize ROI by eliminating data silos. We will likewise see an uptick in solutions that support vendor-agnostic file replication and synchronization, are easily deployed and managed on non-proprietary servers and can transfer millions of files simultaneously - protecting data in transit to/from the cloud with SSL encryption.

2.)   Ransomware will remain a huge and relentlessly growing global threat, to high profile targets and to smaller SMBs and individuals as well. There are likely a few reasons for this continuing trend. Certainly, one is that today's ransomware is attacking widely, rapidly, aggressively, and randomly - especially with ransomware as a service (RaaS) becoming increasingly prevalent, looking for any possible weakness in defense. The second is that SMBs do not typically have the technology or manpower budget as their enterprise counterparts.

While a strong security defense is indispensable, we will see that next year security leaders will ensure additional measures are taken. Their next step will be enabling the ability to detect anomalies as early as possible in order to remediate affected resources. Large enterprises, SMBs and individuals alike will need a backup target that allows them to lock backups for a designated time period. Many of the major cloud providers now support object locking, also referred to as Write-Once-Read-Many (WORM) storage or immutable storage. Users will leverage the ability to mark objects as locked for a designated period of time, and in doing so prevent them from being deleted or altered by any user - internal or external.

++

Justin McCarthy, co-founder and CTO, StrongDM

In 2023 I believe we'll see rebellion against systems that aren't respectful with our time. Systems that generate ample noise and minimal signal. When it comes to the demands on our attention in 2023 and beyond, less is more.

Security technology is one area that has been requiring too much of our attention and energy for too long. It's frustrating because there's so much friction where it isn't necessary. There's a better way but consumers of security technology will have to demand it and developers and engineers have to work on it.

One small example: authentication. As we move into 2023 we'll look to WebAuthN, Passkeys, and other passwordless systems to improve the user experience and reduce the burden on IT teams. That's where we'll really start to feel the difference. And with this feeling will come elevated expectations that then get transferred to every other aspect of our IT systems and security environments. Hopefully, it will push us to ask why it can't be simplified?

++

Richard Bird, Chief Security Officer, Traceable

In terms of trends we need to shine a light on, 2023 will be the year that the leaders in the majority of companies, organizations and agencies around the world wake up on any given morning and think, ‘Whoa, I have a security problem!' As we close out 2022, most enterprises either don't realize the size of the risk they currently face with their unsecured and largely unmanaged API ecosystem or they are willfully ignoring the risks by believing that API gateways and web application firewalls are protecting them. We should be very happy that the current state and maturity of API security affords us the opportunity to get it right in 2023. API security is a greenfield within most companies and organizations today, which means we are in a moment where we can choose tools, processes and frameworks that will deliver huge improvements in security and risk mitigation. The alternative, if we don't capitalize on this moment, is that in 2024 and beyond API security tactics and performance will be dictated and demanded of us by regulators and we will no longer have the flexibility and agility to meet these challenges without the overhead of compliance pressures. 

2023 will be the break-out year for API security as a focus area for many of the Fortune 1000 companies. The lack of control, security and governance around APIs isn't just exposing companies to serious risks, but also to massive amounts of operational inefficiencies caused by APIs being developed and deployed independently across multiple devops teams. This means that there are huge numbers of "zombie" APIs, abandoned, but never removed from a company's systems. There are costly redundancies due to the inability for companies to enforce and inform DevSecOps on internal standards for API creation and deployment. Without visibility into the API ecosystem at a company, you can bet that money is being wasted on the creation of redundant APIs happening nearly every day. That redundancy comes at a cost, inefficiency isn't free.

In 2023, API security will drive realizations and revelations by enterprises that go beyond the threat and risks of APIs. API security is dependent on the discovery and collection of the APIs that a company is exposed to. Once organizations take that step, they quickly realize that the entire operational framework of their API management is problematic. There is very little in the form of standardization and governance for APIs in most companies, which means that there are huge amounts of inefficiency and costly redundancy across those same APIs. API security in 2023 will create a broader understanding of not only the risks a company is facing, but also the costly consequences of a broadly unmanaged function within their organizations.

The pathway to self-awareness and self-learning about API security starts with taking a simple step; exercising intellectual honesty. API security and operations isn't something new. It is an extension of the best practices that have always been demanded in the digital world. If you believe you don't have an API security problem because you don't use a lot of APIs or because you leverage an API gateway or web application firewall, you're not being intellectually honest. Every day, in highly publicized events, the attack surface and vulnerabilities of APIs is being clearly communicated to the market. Believing that APIs won't be opportunistically exploited by bad actors just isn't supported by data, evidence and the history of technological evolution. The time to learn and move on API security is now, not two years from now when the seriousness of the risk is fully understood.

++

Steve Moore, chief security strategist, Exabeam

The most significant observable trend to note as we move into 2023 is the increased use of credentials in cyberattacks for both initial and persistent access. Currently, more than half of all attacks happen through stolen credentials. This number will increase for initial access and remain higher for persistence. Adversaries are experiencing continued success without using malware to gain access and sign-in. From there, they can use internal credentials and tools against the defender.

Additionally, with geopolitical changes in the world, we will see an uptick in individual businesses falling victim to nation-state attacks. As information and attack techniques are shared, we can expect the lines to blur between espionage and criminal activity. Loyalists to certain nations will continue cooperating with these international hacking efforts.

As a result, I think we'll see more governments attempting to create publicly known offensive capabilities to tear down criminal groups physically and technically. These takedowns of criminal networks take great diplomacy with speed and patience and active coordination of local and federal law enforcement.

++

Tyler Farrar, CISO, Exabeam

Nation-state attacks/geo-political matters:

Nation-state actors will continue cyber operations in 2023; whether these attacks increase, decrease, or stay the same ultimately depends upon the strategic objectives of each campaign. Based on the current geopolitical climate, I think we can expect these cyberattacks to increase across the major players. For example, Russia's failure in Ukraine exposed its weaknesses to the world, but its attacks are likely to continue against Ukraine, including operational disruption, cyber espionage, and disinformation campaigns. It would be unsurprising for the attacks to expand beyond Ukraine too, as Russia's leader attempts to prove Russia is not weak. Likewise, cyber espionage is a key tactic in China's strategy for global influence and territorial supremacy, and I think we can expect these operations to increase, particularly across private sector companies.

In 2023, state policies will directly influence cybercriminal and hacktivist communities to obfuscate sources and methods, increasingly blurring the lines between nation-states, cybercriminals, and hacktivists. Cybersecurity teams would be wise to remain flexible with respect to threat actor attribution.

Impact of economics on security:

The economic downturn, and in particular inflation, has - and will continue to have - a significant impact on security spend, likely forcing reductions and leveling impacts to  organizations and to threat actor behavior. The key to defense for these organizations is doubling down on cyber talent and security tools. Meanwhile, security organizations should aim to consolidate legacy technology platforms, decreasing redundant tooling, in addition to controlling cloud spend, to manage high operational costs and complex integrations.

I think this is a good time to remind organizations that zero trust is simply a security framework, not a tool. It is not a ‘single solution,' but rather a framework used to secure data in a modern digital enterprise. Zero trust is also not overhyped, despite some opinions to the contrary. It has become a critical step towards mitigating cyber risk, detecting malicious behavior, and responding to security incidents. By requiring users and devices to be authenticated, authorized, and continuously monitored for a ‘trusted' security posture before access is granted, zero trust can contain threats and limit business impacts when a breach does occur.

Credential-based attacks and evolving threats:

We've seen the classic Cat and Mouse Game before: as credential-based attacks evolve, so too do cyber defenses. Threat actors will continue to leverage tried and true methods like social engineering, initial access brokers, and information stealer tools to carry out their objectives. Where multi-factor authentication stands in the way of compromising an account with stolen credentials, we can expect cyberthreat actors to implement new techniques to bypass this particular layer of defense. I think this will lead to an expansion of passwordless authentication solutions, to combat the attackers.

We can also expect to see more malicious attacks, as anyone can play this game. A broader set of threat actors will join in to conduct cyber operations in 2023. They have financial motivation, government mandates to justify their cause, not to mention bragging rights that increasingly attract a younger group of threat actors.

Protecting brand as much as infrastructure:

During the past year, we witnessed several high-profile breaches, where organizations suffered severe brand damage. This resulted in a shift from data recovery to reputation management when faced with a ransom. I expect to see threat actors shift their strategies to exploit this fear through extortion vs. ransomware in the year ahead.

Further, threat actors will continue to take advantage of weaknesses in the software supply chain, which will become the number one threat vector in 2023. Organizations should create a vendor risk management plan, thoroughly vet third-parties and require accountability, to remain vigilant and align to cybersecurity best practices. This is critical too, as cyber insurance claims have exploded. We can expect to see insurance companies lowering their risk appetite and reducing client coverage in 2023. If your organization is in the market for a policy, expect to pay a hefty premium, or face a rigorous review of the organization's security posture, as insurance companies increase their due diligence to avoid liability.

++

Arti Raman, CEO and founder, Titaniam 

In 2022, we saw a continuous flood of ransomware attacks, which spawned the increasing adoption of Ransomware as a Service (RaaS). The threat actors behind these attacks have honed their skills in ransom negotiations and extortion processes, creating a playbook they can use to go after nearly any organization. Because of this, the number of ransomware attacks we'll see in 2023 will only continue to rise and move downstream. 

To combat these attacks, organizations in 2021 and 2022 heavily invested in prevention, detection and backup technology. However, in 2023 that may not be enough. As threat actors get more creative and innovative with their malicious attacks, data security professionals also need to embrace newer, more innovative and effective technologies to defend their systems. 

In fact, a recent report found that more than 99% of security professionals are searching for better data protection tools to protect themselves from ransomware and extortion. Similarly, 70% of participants in a different report indicated they experienced data theft at some point during the previous 12 months. Of those respondents, 98.6% believe a more modern data security solution could have prevented their data theft.

While no prevention technology can guarantee 100% protection, new technology must focus on assumed breach concepts and providing more guardrails. By analyzing what made successful breaches successful, we as a cybersecurity community can take the first step toward a technological shift that will revolutionize how we fight back against ransomware."  

++

Gal Helemski, CTO and co-founder, PlainID

In 2023, identity-first security will gain more focus and adoption. Already we see increasing growth in the identity space as the importance of identity as the new security perimeter is sinking in. Identity solutions would expand their support, especially in the cloud, and provide deeper levels of control. An essential part of that would be understanding Authorizations and the link between the identity world and the security of data and digital assets.

Authorization manages and controls the identities' connection to digital assets (such as data). That is a fundamental part of identity-first security. It starts with the authenticated identity and continues with the controlled process of what that identity can access. Full implementation of identity-first security can't be achieved without an advanced authorization solution that can address all required technology patterns of applications, APIs, microservices and data.

I believe most security leaders are still focused on the perimeter of their digital enterprise, which needs to change. Identity-first security can't end at the gate. Identities and their access should be verified and controlled on all levels, access points, network, applications, services, APIs, data and infrastructure. 

Already we are seeing that an increasing number of technologies and cloud vendors are offering the policy option in addition to the traditional entitlement and role-based method. This is a very positive step towards simplification of this challenging space.

++

MarKeith Allen, Senior Vice President and GM, Mission-Driven Organizations, Diligent 

Digital Transformation is continuing to make its way into the boardroom in a strong way and the process will continue to accelerate in 2023. The new reality of work is a mix of virtual and in-person, and the move to digitize will continue to be a priority in the new year.

Instead of being considered an add-on to a digital strategy, modernizing governance, risk and compliance capabilities should be seen as a core component. Establishing the clarity and accountability necessary for a successful digital transformation strategy is key. The need for technology that provides more than just basic online board data repositories is growing as both the digital and governance landscapes are evolving quickly. Board portals must evolve into comprehensive governance, risk, audit, and compliance platforms that promote connectedness and transparency among executives, boards, and staff.

In 2022 we saw increased adoption of modern governance initiatives like ESG and tools that support better decision-making. An example is the rise of organizations-public and private-focusing on environmentally sound and sustainable solutions in order to satisfy ever-changing demands. Moving into 2023 we'll see increased demand and adoption of governance, risk and compliance solutions that provide innovative leaders with the insights to drive greater impact and lead with purpose.

##

Published Friday, December 09, 2022 2:26 PM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2022>
SuMoTuWeThFrSa
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567