2022 has been another huge year for cybersecurity. The teenage cybercriminal gang Lapsus$ wreaked havoc on some of the world’s largest corporations, the Russo-Ukrainian conflict brought the prospect of all-out cyber warfare terrifyingly close to fruition, and hackers stole an unprecedented amount of cryptocurrency. In spite of this – or, perhaps, because of this – the cybersecurity industry has enjoyed significant growth over 2022, bucking a global trend of economic deterioration. With this in mind, we spoke to some of the industry’s leading thinkers to find out what they think 2023 has in store for us.
Vendor Consolidation
Speak to any cybersecurity expert for long enough and the topic of consolidation is bound to come up. Recent Gartner research even revealed that 75% of organisations are seeking consolidation. But what exactly is driving this? According to Shlomo Kramer, CEO at Cato Networks, economic deterioration is to blame.
“Just as COVID caused a massive acceleration in digital transformation projects, the recession will accelerate security consolidation. Numerous studies indicate that enterprises maintain dozens of security tools. And with so many security tools, controls are fragmented resulting in reduced visibility, operational overhead increases with the need for extra personnel and skills to master the various tools, and gaps between tools are created leaving the cracks through which attackers can infiltrate. Most companies — 75% — expect to reduce the number of security vendors they use, replacing them with one, converged security platform,” he said.
But while many welcome consolidation, some experts are concerned that it will leave some organisations with sub-par security tools.
“Typically, organisations attempt to consolidate their required capabilities often by stitching together 10 or more tools from multiple vendors. Let alone how costly this can be, it usually fails to deliver the integrated and holistic security approach necessary to protect cloud-native applications. So, logically, industry analysts are now advising customers to seek vendors that can help them converge these capabilities into fewer tools – or ideally a single platform,” said Stanimir Markov, CEO at Runecast.
Stanimir also points out that many vendors have attempted to address these issues by combining a number of products, some through acquisitions, into what he believes is a loosely integrated platform.
“But organisations will be savvy to this and will seek out vendors that can provide capabilities that are all organically part of the same product and not put together from separate tools. The benefits for this will not only come in terms of better visibility and control for vulnerability management, security compliance and ITOM, but as well for IT procurement teams in achieving cost reductions,” he continued.
Looking beyond pure cybersecurity consolidation, Nadir Izrael, CTO and co-founder at Armis believes that “in 2023 we’ll see a push, including increased investments, to completely integrate security and technology. We’ll see this especially in increased adoption of connected assets, from medical devices to operational technology robots in manufacturing. The perimeterless hybrid world will keep growing, making unified security control and scalable process management top priorities for the C-suite.”
Ransomware
2022 is already being heralded as the “year of ransomware”, but cybercriminals are unlikely to abandon the technique come 2023. According to Greg Day, VP and global field CISO at Cybereason, the ransomware problem will get even worse, as the “fifth generation of ransomware emerges. A recent report by Cybereason found that 73% of organisations suffered at least one ransomware attack in 2022, compared with just 55% in 2021. As the world reaches saturation of ransomware, adversaries will explore new methods to get money from the same victims. This will be the fifth generation of ransomware.”
This opinion was echoed by Erfan Shabadi, cybersecurity expert at comforte AG , who said:
“It’s difficult to think of anything other than ransomware continuing to be the number one risk to businesses in 2023. The Putin regime will continue to harbour some of the world’s most prolific ransomware actors, and as long as their tactics, techniques and procedures (TTPs) continue to bear fruit, little is likely to change. Growth in the volume of attacks might not hit the 93% year-on-year rise we saw in 2021, but for network defenders the relative success of ransomware-as-a-service will mean more attempts to steal, encrypt and hold to ransom their most business-critical data. We may even see the emergence of more groups like the infamous Lapsus$ collective. These will not even bother to deliver a ransomware payload, and instead simply seek to extort their victims with the threat of releasing sensitive internal and customer data.”
Regulation
The UK government’s recent telecoms security proposal has been lauded by experts as a harbinger of wider security regulation for the UK’s CNI. The issue of regulation is a particularly contentious one, and many experts are concerned that they will put unnecessary pressure on an already overstretched industry.
“There have been many regulations, standards and orders released in the past few months. These will put pressure on industries as well as consulting organisations to enhance their efforts in compliance and controls in all sections of cybersecurity. A common element in all these regulations are requirements on periodic penetration testing of applications, incident response, supply chain and Open source security,” said Lekshmi Nair, Managing Principal, APAC, Synopsys Software Integrity Group.
APIs
The use of application programming interfaces (APIs) exploded in 2022. A recent study even revealed that overall API traffic grew by 168%, while attack traffic grew by 117%. In light of this, and the nuances inherent with API security, 2023 is being heralded by some experts as “The Year of the API.”
“In 2023, industry awareness about the capabilities modern businesses require to fully protect their API ecosystems will continue to grow. With millions of API users and calls, companies need to automatically and continuously monitor APIs to quickly detect and block API security threats. Having deep context into API behaviours – to spot normal versus abnormal behaviours – will be essential for companies to safeguard their critical data and services from API attacks,” said Nick Rago, Field CTO at Salt Security.
Lekshmi Nair, Managing Principal, APAC, Synopsys Software Integrity Group, also felt this way, arguing that in 2023 we will see an “increase in API attacks resulting in investment in API Security strategy APIs are enabling the distributed infrastructure driven by modern requirements. There are recent attacks such as Optus, which occurred due to API security flaws creating a renewed awareness of the need for secure architecture, robust testing and continuous monitoring of APIs.”