10 Cybersecurity Predictions And Emerging Trends For 2023
Posted January 27, 2023 by Sayers
AI. Cloud. Disaster recovery. Identity management. What will be top of mind this year?
We brought some of our engineering experts together to share their cybersecurity predictions, including emerging trends and technology that will impact the cybersecurity landscape.
The result of their discussion is our top 10 predictions for 2023. Which ones are most relevant to your organization?
1. AI Increasingly Will Impact Software Coding And Cybersecurity.
AI is bringing in the next generation of software development, enabling machine-generated software 2.0 to partially replace, or at least complement, manual coding. Microsoft’s GitHub Copilot, a cloud-based AI tool, uses natural language prompts to build coding suggestions for software developers.
While such innovations can boost productivity, automatically generated codes could introduce underlying vulnerabilities or other security concerns.
“Even though you’re trying to automate or self-code some of these applications by using AI tools, that’s going to layer up other areas of the product lifecycle and require more eyes on the quality assurance and validation.”
Chris Glanden, Senior Security Architect at Sayers
2. Companies Will Look For Alternatives To Rising Cloud Costs.
Cloud computing costs with the big three cloud service providers – Azure, AWS, and Google – have a potential increase in the next year by up to 30%, partly due to increased energy costs. As a result, some companies might decide to turn back to on-premise hosting or go hybrid.
“What remains to be seen is how the energy crunch in Europe is going to impact cloud prices overall, as big players that have data centers in Europe and North America try to spread that cost around to users.”
Kevin Finch, Senior Business Continuity Architect at Sayers
3. Enterprises Will Need To Deal With Their Dark Data.
Much of the enterprise data routinely generated by employees, customers, applications, and machines tends to pile up without being used. Estimates range from 40% to 90% of enterprise data sits untouched, depending on the industry.
Dark data includes potentially sensitive information, and many organizations don’t know how much dark data they have. AI has potential applications that could help, such as enabling companies to set criteria for automated deletion once certain files age out.
“The amount of information being generated is just crazy, and people and organizations keep buying more storage. This will become more of an issue, especially with regulations such as the European Union’s General Data Protection Regulation, the California Consumer Privacy Act, and other states putting in place the right to be forgotten by deleting certain personal data.”
Chris Willis, VP of Cybersecurity and Network Engineering at Sayers
4. Insurers Will Want Organizations To Show Verified Recoverability.
You have a disaster recovery plan. You’ve trained your staff, you’ve tested it. But can you verify your DR plan actually works? As insurance costs rise amid weather-related disasters, ransomware attacks, and other factors, look for the topic of verified recoverability to become more common.
“There are some tools on the market I think are going to get some traction, because insurers are going to ask for proof of recoverability. The marketplace is going to have to step up and provide it.”
Kevin Finch, Senior Business Continuity Architect at Sayers
5. SASE Will Continue To Grow. But Will A New Security Architecture Buzzword Take Over?
Think of a cybersecurity buzzword, and either zero trust or SASE likely will come to mind. Zero trust emerged more than a decade ago as a strategy and security model. Secure access service edge (SASE)will continue to grow in popularity for bringing networking and security technologies into an integrated, scalable service delivered from the cloud.
What’s next? Gartner talks about a cybersecurity mesh architecture approach, but we predict a shorter entry will emerge for your cybersecurity buzzword bingo card.
“It’s a lot easier to ask for budget for a large shift in what you’re trying to do with your security, versus lining up a bunch of individual projects. There’s an architectural shift that’s going to happen, and we’re starting to see that conversation happening in the identity space to combine different technologies and capabilities under an umbrella term that makes it easier to start asking for budget.”
Joe Schnell, Senior Cybersecurity Architect at Sayers
6. Identity Technologies Will Take Off Within Enterprises.
Authentication verifies a user’s identity; authorization determines their access rights. Expect the identity space to be active this year, with technology coming out to address the need for identity authorization in enterprises.
“Look at zero trust, look at cyber insurance. There’s multiple pieces, but a lot of it boils down to identity, in being able to trust but verify. It’s something we’ve always known, but the zero trust initiative is throwing identity back in the spotlight.”
Jason Marocchi, Cybersecurity Engineer at Sayers
7. More Organizations Will Start Planning To Be Post-Quantum Ready.
Last year the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced the first group of winners from its six-year competition to devise and vet encryption methods that could resist an attack from a future quantum computer.
Such a computer could have the speed and processing ability to potentially crack the security that protects digital privacy in systems such as corporate email and online banking.
“As the quantum space continues to build out, we’ll see a focus on more quantum-resistant encryption so we can trust the encryption we write and use.”
Ken Wisniewski, Senior Security Architect at Sayers
8. Cyber Asset Attack Surface Management (CAASM) Will Help More Companies Know What They Need To Protect.
Gartner coined the CAASM term, defining it as “an emerging technology focused on enabling security teams to solve persistent asset visibility and vulnerability challenges.”
Axonius has led the charge in this emerging category of solutions, which enable organizations to see all assets regardless of where they reside, discover security coverage gaps and risk, and remediate issues.
“If you don’t know what data and assets you have, you’re not going to properly maintain and protect them. Knowing what you have internally, in addition to what you have publicly exposed on your external attack surface, is going to be more of a concern with companies moving forward.”
Chris Willis, VP of Cybersecurity and Network Engineering at Sayers
9. Data-centric Security Solutions Will Move Security Closer To The Data.
Database security management includes tools and controls to secure databases from cyberattacks and unauthorized use. Expect more such data-centric security tools now that people have become the perimeter.
The increase of remote workers and BYOD means enterprises have to rethink their emphasis on network security, and consider how they secure their structured and unstructured data.
10. Supply Chain Worries Extend Beyond Hardware.
The supply chain that feeds into your IT environment comprises not only the hardware and parts for your servers and devices, but also the software and services that run your company. Ask these questions as part of your organization’s risk management:
- If your organization didn’t develop the code, where did it come from?
- How well are you securing that code?
- What about third parties providing services for you – are they using their own laptops to provide those services, and how well are those secured?
Questions? Contact us at Sayers today. We offer extensive solutions and expertise to cover all areas of your business.
