“When it comes to the cyberthreat actor, 2022 was a year much like any other. They continued to evolve — to automate more and use more sophisticated methods. Unfortunately, when it comes to cybersecurity, the last three years stand out. Yes, the region’s security professionals played the usual parallel game of catch-up to the threat actors’ rapid evolution, but changes to their own IT environments have tied SOCs’ hands more than usual. They no longer protect simple, on premises environments. The cloud, third-party services, shadow IT, and more, plague cybersecurity professionals to an alarming degree,” commented Paul Baird, CTSO at Qualys.
Against this backdrop, below are the seven predictions that Qualys believes will shape the threat landscape in 2023.
- More accountability for CISOs
CISOs’ repeated calls for more investment in security will finally be heard and the role will be granted more autonomy, but at a price. Organisations will expect their security leaders to justify expenditure, action, strategy, policy, KPIs and more.
- Machine learning will combat alert fatigue and SOC burnout
Threat actors automate, and have become more effective because of it, but the security professionals tasked with stopping them are complaining that they do not have the tools to do so. Basic endpoint detection and response (EDR) is insufficient to dial down the noise and allow SecOps teams to zero in on genuine threats and boost morale. Advanced machine-learning-powered analytics is the answer, and in 2023 it will play a bigger role as highly regulated industries try to address their cybersecurity talent shortages.
- More support for neurodiversity
The region has made some important steps in diversity and inclusion, with most having concentrated on gender and people of determination. In 2023, a significant leap can be made in closing talent gaps if organisations look to neurodiversity. Studies strongly suggest neuro-divergent individuals gravitate towards more technical, insular roles, avoiding managerial positions or those that involve public speaking or customer contact. As soft skills become increasingly important, and skills shortages persist, it will be necessary to address neurodiversity by training managers to recognise it and support each team member properly. If not, recruiters will have to hire CISOs for their soft skills, but they may lack technical experience, and will also be unfamiliar with the digital environment they inherit.
- More focus on supply-chain risks
This year, CISOs must look to the SBOM (software bill of materials) to understand all the elements of the technology stack and their dependencies. Some of these will be deployed and maintained by third parties and can be weak points even for organisations with robust security postures. The supply chain must now be seen as integral to cybersecurity strategy, and if necessary, enterprises must support their suppliers in reaching higher levels of maturity. The SBOM will be an indispensable tool in understanding the chain, the gaps that must be plugged, and who must plug them.
- (Ineffective) Legislation against ransomware payments
Gartner predicts that by 2025, 30% of countries will enact laws prohibiting ransomware payments. While these moves may seem like a solution, the panic of being operationally crippled may mean that companies pay out anyway, rendering the laws ineffective. Instead, governments should opt for introducing legislation to support, incentivise, and mandate anti-ransomware best practices. Legislation against payments will drive breaches underground and the industry will lose the transparency culture it is fought so hard to engender.
- 5G will give rise to more attacks on mobile endpoints
As 5G’s regional adoption accelerates, faster data transfer on mobile devices will make them as attractive to threat actors as to consumers. And private 5G deployments for IoT and other use cases will introduce weak endpoints into otherwise secure ecosystems.
- More code, more vulnerabilities
As an industry, it is important to come together to promote openness around vulnerability reporting, as bug-bounty programs cannot cover the volume of code being written for the digital experience economy. However, a worldwide bug-bounty program supported by governments could help with standardisation. Additionally, frameworks like OWASP can help developers ensure their code is as secure as possible.
“Let 2023 be the year we take the lessons learned during the pandemic years and put them to use. We know how sophisticated attackers have become and we know the ways they can be slowed and beaten. All that remains is the will and resources to act. Adapting is the only way to best the attacker, and with the right strategies, skillsets, regulation, and commitment, we can do better and ensure we all have a happier new year than the cyber-gangs,” concluded Baird.
Discussion about this post