Against a backdrop of increasingly cloud-based infrastructure, threat actors are constantly finding novel ways of exploiting the ever-expanding ecosystem of cloud technology. From ongoing ransomware attacks to a growing number of supply chain related data breaches, cyber incidents are becoming progressively more sophisticated, leaving organisations vulnerable. And with 95% of workloads set to be deployed in the cloud by 2025, cybersecurity solutions (and the channel) will have to respond.
Here are three cyber trends we can expect to see in 2023.
1. Software supply chain security is shifting left Supply chain related cyber incidents have ballooned in recent years, with breaches like SolarWinds making the headlines, and Gartner predicts that by 2025, 45% of global organisations will be impacted by a supply chain attack. As hackers increasingly make use of open-source software, varied code and cloud-based infrastructure, organisations are quickly realising the necessity of more proactive security responses – and many are “shifting left”.
Shift-left security means introducing security measures earlier within every layer of the software supply chain. While this sounds like an ideal solution, hasty deployment can lead to a range of issues from insecure code to pipeline-based access controls, and without specific security measures, shift-left remains just that – an ideal. Indeed, simply moving security products, processes, and solutions upstream in the security cycle isn’t an effective shift-left strategy and can create more blind spots.
How to respond: Don’t overlook supply chain risk, and consider ongoing analysis. Start with a software bill of materials (SBOM) to inventory which software components are in use within the supply chain and map potential risks. This baseline view can be used to implement a plan to regularly identify dependencies and understand crucial identity security implications. For instance, it can clarify who, whether human or machine, has access to which tools and software and if there are any associated risks. In addition, business, application, and functional teams must identify supply chain risks and mitigate them together, rather than only a siloed security team.
2. Cyber insurance will be essential (but difficult to get!) Cyberattacks across the globe grew by 38% in 2022, while the average total cost of data breaches was $4.35 million. With this cost set to rise to $5 trillion a year by 2024 it is no surprise that organisations with meaningful exposure to cyber threats will look to build cyber insurance plans into their risk management practices in 2023. Cyber insurance policies can provide coverage for (amongst other
things) cost and other liabilities stemming from intrusions and extortion threats, data breaches and lawsuits, regulatory fines, network outage situations and reputation restoration costs.
Cyber insurance is a critical means of transferring operational risk, but the growing volume of cyber threats now pressures insurance availability. In addition, weak security postures may make insurers wary of providing coverage. As a result, 2023 will likely see significant supply and demand friction, with insurance companies raising premiums, or tightening up on policyholder risk profiles.
How to respond: While insurers will dictate coverage, organisations can maximise their ‘insurability’ by investing in robust defensive cyber policies, controls, monitoring and employee training. Partnering with a provider that uses data-powered underwriting policies and has direct bid connections to preferred insurers should also be a consideration.
3. Planning for a post-quantum cryptography future must begin in earnest
As quantum computing advances, encryption methods once considered unbreakable find themselves vulnerable. According to Quanta Magazine, “If today’s cryptography protocols were to fail, it would be impossible to secure online connections […] Anyone could access anything; anyone could pretend to be anyone.”
But as computing power expands, 2023 will see new opportunities to harden security postures, including deploying quantum-era cybersecurity to detect and deflect cyberattacks. Per IBM, “Quantum cybersecurity can provide more robust and compelling opportunities to safeguard critical and personal data than currently possible.” The issue is that more tangible cyber threats are likely to be the focus of security leaders, with the quantum risks of hardware and system assessments falling by the wayside.
How to respond: Enterprises need to create a basic encryption roadmap to upgrade cryptographic protocols and maintain quantum resilience. This planning must begin in earnest, as required cryptographic upgrade processes from public key infrastructure to post-quantum cryptography for large organisations may take years. Consider starting with an IT estate audit to discover and inventory where encryption is applied and where upgrades are needed in order to grow quantum protection.
Channel impact
As the cyber landscape continues to evolve, organisations will face several challenges. First, difficult economic times mean organisations are looking for ways to cut costs. Organisations are also turning to vendors and resellers that provide technology that is easy-to-implement, intuitive to use, and works well within their existing technology stack. Security resources are scarce too, with organisations looking to partners for implementation support.
In 2023, organisations will respond to these challenges by continuing to simplify and converge their cyber solutions. Channel customers want a single or reduced number of vendors, partners or MSPs to minimise complexity and costs. They also want to do more with their existing investments and to build
onto their incumbent systems with technology that compliments and empowers them to be able to meet the challenges ahead.