Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
The low-down for cybersecurity in 2023: Keep your guard up and seek solutions over tools
By Lalit Ahluwalia and Christina Richmond, Inspira
Security by design, the consolidation of tools across the
cybersecurity market, increasingly automated vulnerability management, the
impact of 5G adoption and more prominent software bills of materials (SBOMs) - are
all foresights into the 2023 cybersecurity landscape by the experts at Inspira
Enterprise. Lalit Ahluwalia, CEO & Global Cybersecurity Lead, and Christina
Richmond, strategic advisor, predict a wealth of change, optimization and new
vulnerabilities to come as technology continues to evolve in the coming year.
Prediction 1: Security by Design: Integrations Straight from Vendors Will
Gain Prominence
The concept of security by design will be a major factor for product
vendors and technology providers moving forward. Security measures will no longer
be an afterthought or extraneous addition - they'll be a mandate or required
integration. The technology market and coinciding cybersecurity measures are in
a constant state of evolution - and with modern malware capabilities, all
devices must be defended properly.
Instead of purchasing an IoT device or similar piece of technology from a
vendor and then having to search for the software needed to protect it -
cybersecurity features should be integrated straight from the factory. Aside
from eliminating the risk of an unprotected device on your network, this
concept helps further simplify an already complicated cybersecurity market on the consumer side - the necessary
security features and integrations have shifted from additional protection to an essential component of the build. - Lalit
Ahluwalia, CEO & Global Cybersecurity Lead, Inspira Enterprise
Prediction 2: Increased Tool Consolidation Across the Cybersecurity Market
There's no hiding that the cybersecurity market is overly complicated. In
our experience, it has been extremely difficult for customers to decide which
technologies are crucial and which are extraneous - as every new product on the
market claims to be the "silver bullet" for malware.
What ends up resulting from this security technology bloat are
organizations that have implemented several top-line technologies but have
trouble with their integration - or worse, gaps in their security mesh.
Businesses need to shift their focus to the outcome they desire to achieve - what
aspects of your infrastructure are you aiming to protect? Figure out your system, what results you need to achieve, and implement the technologies that address those specific concerns. - Lalit Ahluwalia, CEO & Global
Cybersecurity Lead, Inspira Enterprise
Prediction 3: Risk and Vulnerability Management Will Become Increasingly
Iterative And Automated
When it comes to vulnerability management, organizations participating in
red teaming to test cybersecurity posture are only gaining insight into that particular
point in time. It shows organizations that threat actors can get into these
systems right now through these specific channels - but generally, they can only afford to address a piece of it, not the whole environment.
Moving into 2023 and beyond, businesses will take advantage of automated
risk and vulnerability management solutions that seamlessly incorporate asset
information, threat insights and business risk metrics on a subscription basis
to allow continuous red teaming/pen testing engagements. This will give
organizations a great sense of what's breaking in their environment and through
which channels so they can assess the entire environment on a regular
basis.
In addition, risk management platforms will continue to gain inventory and
asset management functionality that will allow analysts to assess
organizations' entire inventory, give insight into what that inventory is, and
then identify where vulnerabilities are to automate some of the
remediation.
While automation isn't yet truly 100% "set it and forget it", risk
management automation platforms are going to be key for data privacy
management, and that folds directly into vulnerability management as a whole. The result being - more and more
organizations will automate end-to-end vulnerability management, from inventory
assessment and management all the way out to risk assessment and remediation,
due to the shortage of talent and increasing complexity of tools implemented
into security stacks. - Christina
Richmond, advisor, Inspira Enterprise
Prediction 4: 5G Will Be a Catalyst for the Introduction of Even More IoT
Devices, Leading To More Vulnerability in Critical Infrastructure and Driving
Governments to Take Action
5G is coming and with 5G comes the proliferation of the Internet of Things,
such as sensors in your oil field or in your manufacturing plant that talk to
your network and tell you that something is broken, or sensors in your water
meter that tell you that somebody's tampered with your water flow and there's
imminent danger. This also applies to smart cities, where everything is
connected in the city to enable you to go from one WiFi hotspot to another WiFi
hotspot, or to control the cadence of traffic lights. We've been talking about
billions of IoT devices for 10+ years, but with 5G we're really going to see
that increase come to fruition.
With this, we'll see Edge data centers proliferate as well. They're already
starting to build out, and these centers will in turn require more automation.
There aren't enough human beings on this planet to handle the billions of
devices, even if they all were trained in security. Our rapid advancement
towards worldwide connectivity through IoT devices, IT/OT infrastructure and
smart cities will make automation paramount to success.
Unfortunately, I think that we're going to see some pretty big critical
infrastructure attacks in the next year. But this will reinforce the need to
implement a better strategy for protecting our IT and OT infrastructure. As
critical infrastructure becomes increasingly vulnerable with the proliferation
of Edge, 5G and IOT, moving into 2023 and beyond we'll see the development of
this strategy continue to escalate as a government priority for the US and
likely globally. - Christina Richmond, advisor, Inspira Enterprise
Prediction 5: Software Bills of Materials (SBOMs) Will Become More
Prominent in 2023
NIST and CISA have been making great strides in building out frameworks,
suggestions and guidelines, especially in sections two and four of President
Biden's May 2021 Executive Order, which relate specifically to critical
infrastructure and focusing on the software supply chain for private enterprise
and service providers. In a post-Solar Winds world, we'll see SBOMs become more
of a priority. It's like the ingredients on a food wrapper, letting you know
everything that is involved in the recipe. The SBOM lets companies know each
piece of software that is included in a particular product.
SBOMs still aren't fully baked out, but we're going to see a lot more of
them included in the vulnerability management stack. What's missing today is
updating the SBOM to keep up with developers. That's not happening fast enough
and visibility into the SBOM is poor, because changes are not tracked. In 2023,
we'll start to see more startups working on the tracking of SBOMs so that they
update automatically when you make a software update, but so far, they are few and far between. SBOMs are going to be much more important in
2023 - they'll be taken more seriously and effort will be put into helping
automate the updates to SBOMs without all the painful work. - Christina Richmond,
advisor, Inspira Enterprise
New Year, New Problems
The convergence of emerging technologies with the evolving
cybersecurity landscape is bound to create a multitude of new challenges for
analysts defending our infrastructure. That said, updated procedures, more
advanced automation and the simplification of existing protocols will also have
its benefits. Cyber-defenses and their respective threats are in a constant
state of evolution and navigating this increasingly complex relationship will
be paramount to ensuring our global cybersecurity posture remains high.
##
ABOUT THE AUTHORS
Lalit Ahluwalia is the CEO and global cybersecurity head
for Inspira Enterprise. He is a cybersecurity executive and strong IT leader
with a professional track record of successfully establishing cybersecurity programs
and helping his clients be secure in the face of a constantly evolving cyber
threat landscape. He has led the North America Security practice for Accenture,
Global Cybersecurity practice at Wipro, and diverse portfolio of security
initiatives for Deloitte and PwC.
Christina
Richmond is a strategic advisor for Inspira
Enterprise, a global cybersecurity risk management and digital transformation
service provider across the Americas, Asia Pacific, Middle East, India and
Africa regions. She is a long-time cybersecurity advisors and recognized
luminary in the industry. For nearly a decade, Christina was a well-known
industry analyst and led the global security services research practice at IDC.