Virtualization Technology News and Information
Article
RSS
Inspira 2023 Predictions: Keep your guard up and seek solutions over tools

vmblog-predictions-2023 

Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

The low-down for cybersecurity in 2023: Keep your guard up and seek solutions over tools

By Lalit Ahluwalia and Christina Richmond, Inspira

Security by design, the consolidation of tools across the cybersecurity market, increasingly automated vulnerability management, the impact of 5G adoption and more prominent software bills of materials (SBOMs) - are all foresights into the 2023 cybersecurity landscape by the experts at Inspira Enterprise. Lalit Ahluwalia, CEO & Global Cybersecurity Lead, and Christina Richmond, strategic advisor, predict a wealth of change, optimization and new vulnerabilities to come as technology continues to evolve in the coming year.

Prediction 1: Security by Design: Integrations Straight from Vendors Will Gain Prominence

The concept of security by design will be a major factor for product vendors and technology providers moving forward. Security measures will no longer be an afterthought or extraneous addition - they'll be a mandate or required integration. The technology market and coinciding cybersecurity measures are in a constant state of evolution - and with modern malware capabilities, all devices must be defended properly.

Instead of purchasing an IoT device or similar piece of technology from a vendor and then having to search for the software needed to protect it - cybersecurity features should be integrated straight from the factory. Aside from eliminating the risk of an unprotected device on your network, this concept helps further simplify an already complicated cybersecurity market on the consumer side - the necessary security features and integrations have shifted from additional protection to an essential component of the build.  - Lalit Ahluwalia, CEO & Global Cybersecurity Lead, Inspira Enterprise 

Prediction 2: Increased Tool Consolidation Across the Cybersecurity Market   

There's no hiding that the cybersecurity market is overly complicated. In our experience, it has been extremely difficult for customers to decide which technologies are crucial and which are extraneous - as every new product on the market claims to be the "silver bullet" for malware.

What ends up resulting from this security technology bloat are organizations that have implemented several top-line technologies but have trouble with their integration - or worse, gaps in their security mesh. Businesses need to shift their focus to the outcome they desire to achieve - what aspects of your infrastructure are you aiming to protect? Figure out your system, what results you need to achieve, and implement the technologies that address those specific concerns.  - Lalit Ahluwalia, CEO & Global Cybersecurity Lead, Inspira Enterprise

Prediction 3: Risk and Vulnerability Management Will Become Increasingly Iterative And Automated

When it comes to vulnerability management, organizations participating in red teaming to test cybersecurity posture are only gaining insight into that particular point in time. It shows organizations that threat actors can get into these systems right now through these specific channels - but generally, they can only afford to address a piece of it, not the whole environment.

Moving into 2023 and beyond, businesses will take advantage of automated risk and vulnerability management solutions that seamlessly incorporate asset information, threat insights and business risk metrics on a subscription basis to allow continuous red teaming/pen testing engagements. This will give organizations a great sense of what's breaking in their environment and through which channels so they can assess the entire environment on a regular basis.      

In addition, risk management platforms will continue to gain inventory and asset management functionality that will allow analysts to assess organizations' entire inventory, give insight into what that inventory is, and then identify where vulnerabilities are to automate some of the remediation. 

While automation isn't yet truly 100% "set it and forget it", risk management automation platforms are going to be key for data privacy management, and that folds directly into vulnerability management as a whole. The result being - more and more organizations will automate end-to-end vulnerability management, from inventory assessment and management all the way out to risk assessment and remediation, due to the shortage of talent and increasing complexity of tools implemented into security stacks.  - Christina Richmond, advisor, Inspira Enterprise

Prediction 4: 5G Will Be a Catalyst for the Introduction of Even More IoT Devices, Leading To More Vulnerability in Critical Infrastructure and Driving Governments to Take Action

5G is coming and with 5G comes the proliferation of the Internet of Things, such as sensors in your oil field or in your manufacturing plant that talk to your network and tell you that something is broken, or sensors in your water meter that tell you that somebody's tampered with your water flow and there's imminent danger. This also applies to smart cities, where everything is connected in the city to enable you to go from one WiFi hotspot to another WiFi hotspot, or to control the cadence of traffic lights. We've been talking about billions of IoT devices for 10+ years, but with 5G we're really going to see that increase come to fruition.

With this, we'll see Edge data centers proliferate as well. They're already starting to build out, and these centers will in turn require more automation. There aren't enough human beings on this planet to handle the billions of devices, even if they all were trained in security. Our rapid advancement towards worldwide connectivity through IoT devices, IT/OT infrastructure and smart cities will make automation paramount to success. 

Unfortunately, I think that we're going to see some pretty big critical infrastructure attacks in the next year. But this will reinforce the need to implement a better strategy for protecting our IT and OT infrastructure. As critical infrastructure becomes increasingly vulnerable with the proliferation of Edge, 5G and IOT, moving into 2023 and beyond we'll see the development of this strategy continue to escalate as a government priority for the US and likely globally. - Christina Richmond, advisor, Inspira Enterprise

Prediction 5: Software Bills of Materials (SBOMs) Will Become More Prominent in 2023

NIST and CISA have been making great strides in building out frameworks, suggestions and guidelines, especially in sections two and four of President Biden's May 2021 Executive Order, which relate specifically to critical infrastructure and focusing on the software supply chain for private enterprise and service providers. In a post-Solar Winds world, we'll see SBOMs become more of a priority. It's like the ingredients on a food wrapper, letting you know everything that is involved in the recipe. The SBOM lets companies know each piece of software that is included in a particular product.

SBOMs still aren't fully baked out, but we're going to see a lot more of them included in the vulnerability management stack. What's missing today is updating the SBOM to keep up with developers. That's not happening fast enough and visibility into the SBOM is poor, because changes are not tracked. In 2023, we'll start to see more startups working on the tracking of SBOMs so that they update automatically when you make a software update, but so far,  they are few and far between.  SBOMs are going to be much more important in 2023 - they'll be taken more seriously and effort will be put into helping automate the updates to SBOMs without all the painful work. - Christina Richmond, advisor, Inspira Enterprise

New Year, New Problems

The convergence of emerging technologies with the evolving cybersecurity landscape is bound to create a multitude of new challenges for analysts defending our infrastructure. That said, updated procedures, more advanced automation and the simplification of existing protocols will also have its benefits. Cyber-defenses and their respective threats are in a constant state of evolution and navigating this increasingly complex relationship will be paramount to ensuring our global cybersecurity posture remains high. 

##

ABOUT THE AUTHORS

Lalit-Ahluwalia 

Lalit Ahluwalia is the CEO and global cybersecurity head for Inspira Enterprise. He is a cybersecurity executive and strong IT leader with a professional track record of successfully establishing cybersecurity programs and helping his clients be secure in the face of a constantly evolving cyber threat landscape. He has led the North America Security practice for Accenture, Global Cybersecurity practice at Wipro, and diverse portfolio of security initiatives for Deloitte and PwC.

Christina-Richmond 

Christina Richmond is a strategic advisor for Inspira Enterprise, a global cybersecurity risk management and digital transformation service provider across the Americas, Asia Pacific, Middle East, India and Africa regions. She is a long-time cybersecurity advisors and recognized luminary in the industry. For nearly a decade, Christina was a well-known industry analyst and led the global security services research practice at IDC.

Published Thursday, December 29, 2022 7:31 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<December 2022>
SuMoTuWeThFrSa
27282930123
45678910
11121314151617
18192021222324
25262728293031
1234567