The rapid growth of the cloud and the proliferation of devices and data, along with the constantly evolving tactics of adversaries, have created unprecedented challenges for cybersecurity. To address these challenges, security leaders and the tools and processes they use must adapt quickly to protect organizations and minimize disruption. The added pressure of economic instability will only serve to further exacerbate these challenges, making it all the more important for security to evolve methods and approaches in 2023.
Here are a few key trends we predict will occur in the coming year:
A Trend Towards Tool Consolidation Without Compromising Security
As the economic climate in 2023 remains uncertain and the possibility of a recession looms, there will be increased scrutiny on technology purchases and renewals, including cybersecurity. CISOs will be expected to be efficient with their resources and will continue to search for ways to streamline their tech stack without sacrificing security. CISOs will look to consolidate their point solution stack into platforms as much as possible without sacrificing security and operations.
As CISOs work to accomplish more with limited resources, these platforms will provide a diverse range of capabilities and serve as “force multipliers” in their efforts. In some situations, CFOs may become involved in technology purchasing decisions, focusing on value, ROI, and impact. In these cases, CISOs will need to present a strong business case to their board in order to secure approval for certain technology investments.
The Rise of Protective (and Adversarial) AI
The continued refinement and improvement of artificial intelligence (AI) through increased usage and training will lead to a wider range of applicable security use cases and a higher demand from organizations seeking speed, accuracy, and risk reduction.
In 2023, AI and machine learning (ML) will make significant strides in incident response and remediation, particularly in the realm of data security. As such, the incorporation of AI and ML into data security practices will be a major factor in purchasing decisions for organizations. Those that fail to embrace these technologies will be at a significant disadvantage in terms of their ability to detect and mitigate potential threats. AI will be integrated into various aspects of the security stack, including identity and access management, antivirus and anti-malware solutions, and risk and compliance measures. AI is expected to significantly improve an organization’s ability to quickly and accurately identify and address potential security risks.
However, the use of AI by adversaries will become more prevalent as well. As AI and machine learning algorithms become more sophisticated, adversarial tactics will also evolve and become more effective. Adversaries will use AI to accelerate their ability to find and exploit vulnerabilities, create more convincing phishing emails with malware, and evade detection by security tools. It is crucial for organizations to be aware of these potential risks and take appropriate measures to protect themselves against such threats.
More Data Breaches in the Cloud
As the adoption of multi-cloud and hybrid models continues to grow, the infrastructure responsible for their management and security is struggling to keep up. This makes the cloud a vulnerable target for adversaries to exploit, making it a top priority for organizations to prioritize in 2023.
In addition, the supply chain remains vulnerable, as third parties may not always be trusted to handle access to applications and the data within them. While zero-trust strategies have made progress in the past decade, 2023 will be a crucial test for organizations to implement and effectively utilize these strategies.
It’s worth noting that in 2022, about half of all data breaches occurred in the cloud, and this number is likely to increase in 2023. Therefore, it’s essential for organizations to prioritize the security of their cloud infrastructure and applications.
APIs (and their Keys) Will be the Root of Major Cyber Attacks
The growing reliance on cloud-based models has led to an increase in the number of applications and APIs that connect them. While APIs facilitate the sharing of data between applications, they can also present vulnerabilities that may be exploited by malicious actors. These vulnerabilities can allow access to sensitive data stored in the application’s repositories. In 2023, we can expect to see a continued evolution of adversarial techniques used to exploit these vulnerabilities and gain access to valuable information. It is important for organizations to be aware of these threats and take steps to protect against them.
Stolen API keys and other “secrets” have been a major contributor to some of the largest data breaches in recent years. These secrets are often scattered across various resources and will continue to proliferate in the tech stack. In 2023, this trend is expected to continue, potentially leading to even larger data breaches. To reduce the risk of a data breach, it is crucial for organizations to be able to quickly and thoroughly locate and protect their secrets. Without this ability, they may be more vulnerable to data breaches.
Security Will be a Contributor to Business Growth
The CISO, like other leaders in the organization, will be called upon to navigate the challenges of an uncertain economic outlook and a potential recession. To do so, it will be crucial for the CISO to align his/her security strategy with the overall goals of the business, which will likely focus on improving shareholder value.
This may involve reducing cyber and data risk, minimizing IT disruptions that hinder operations, and adopting a “security by design” approach to increase the speed of the business. It will also be important for the CISO to clearly communicate to the board how these changes contribute to the growth of the organization.
In 2023, security is expected to make significant progress through the introduction of innovative approaches, methods, and technologies. However, resourcing challenges and the need to continually adapt to evolving adversarial tactics and techniques will remain a major challenge. This year may prove to be a particularly difficult test for security leaders, who will need to carefully allocate resources to secure their infrastructure, data, and people, while also supporting the growth and success of the business during potentially uncertain economic times.
BigID’s ML-based, data-centric approach to security gives you the foundation needed to protect your data from unauthorized exposure. To learn more about how we are modernizing data security, schedule a demo to speak with our security experts and see BigID in action.