Cyber Defense Advisors

2023 Cybersecurity predictions

Cybersecurity is a relatively new discipline in the realm of computing. Once computing became more democratized with PCs connected via local area networks (LAN) and client/server environments, adversaries quickly saw opportunities. The more democratized computing – the more risk and the potential for cyber adversaries.

Dealing with cyber risk and adversaries is now part of a normal business plan. Gone are the days of instilling fear, uncertainty, and doubt (FUD) about the potential of a bad actor. The days of nefarious hackers in hoodies lurking in the shadows are gone.

Businesses of all types and sizes now know that cybersecurity is part of a solid business plan. Security is no longer relegated to a team of really smart experts; security is a business enabler and builder of digital trust.

As we move to 2023, we will continue to see computing more democratized. With the advent of more edge computing (according to the 2022 AT&T Cybersecurity Insights Report, 75% of organizations are on a journey to the edge, the way we interact with technology is rapidly shifting. We are moving from input/output types of functions to more seamless interactions that deliver outcomes.

With more of a focus on outcomes, security becomes the center of focus in the new democratized era of computing. We are just getting started with ideas for edge computing. And, by association, we are just getting started with what security means.

Here are my predictions for some of the trends and highlights we will see in cybersecurity landscape in the year ahead.

Move to the edge

A new paradigm of computing is upon us. This new era is underpinned by 5G and edge.

Edge is a word we have heard for quite some time, but in general conversation lacks a consistent definition. Vendors and business users alike tend to define edge in accordance with the technology stack being sold or used.

When thinking about edge, consider these three characteristics as a starting point:

A distributed model of management, intelligence, and networks
Applications, workloads, and hosting closer to users and assets that are generating or consuming the data – may be on-premise or in the cloud
Software defined

Edge use cases are largely driven by the world of the internet of things (IoT) that collect and transmit data to make logical and rational decisions to derive an outcome.

In 2023, we should expect to see an accelerated full-scale rollout of edge use cases in areas such as:

Real-time fraud detection for financial services
Automated warehousing with near real-time inventory management
Near real-time visual inspections for uses as varied as manufacturing assembly lines, passport control at border crossing, and available parking spaces

These use cases require connected systems from the network layer through to application monitoring/management, and require each component to be secure in order to derive the desired outcome.

With more democratized computing, security is no longer isolated, it is central to delivering strong business outcomes.

In 2023, expect to see more edge use cases and applications. For successful implementation and with security at the core, expect to see the erosion of decades-old siloes such as networking, IT, app development, and security begin to fade away and enable more cross-functional work and roles.

Read more about the edge ecosystem in the upcoming 2023 AT&T Cybersecurity Insights Report due out January 24, 2023. Check out our previous reports available here for: 2022 and 2021.

Disaggregation of the network

Networks are becoming more intelligent. The idea of disaggregation, the separation into component parts, means that some security tools may be able to become part of the network.

Following the theme of software-defined, disaggregated networks can bring in the security components needed at a specific time. Think about a network infected with malware. In the scenario of a disaggregated network, a new instantiation may be easily and quickly spun up and the propagation of malware across the network avoided.

Admittedly, widespread implementation and adoption of disaggregation will take more than the next 12 months. However, expect to see the start of this game-changing technology in 2023.

Data lifecycle

Edge computing is all about data – collecting, using, and enriching.

From a security perspective, expect to see solutions that focus on the data lifecycle to help organizations make sure that data governance policies are automated and enforced.

As more edge applications are deployed the sheer amount of data will multiply at a rapid scale. Data, at the heart of the edge app, needs to be protected, intact/trusted, and usable.  It is critical to make sure the data lifecycle is managed with the proper data governance policies.

In 2023, expect to have more emphasis and focus placed on data – the collection, management, use, and governance.

Application security

Security is central to a successful business, and in a software-defined world, applications or apps are the connecting point.

Application security is seemingly the last frontier of an ecosystem built with security in mind. In 2001 the Open Web Application Security Project (OWASP) was formed with the goal of identifying the most common web application security vulnerabilities. In the 21 intervening years since the founding of OWASP and their noble work in the field of application security, little has changed. The OWASP Top 10 has not seen radical shifts.

The scant change in the OWASP Top 10 over two decades is indicative of gaps in security strategies and siloed application developers. Moving to an edge compute paradigm, graphical user interface (GUI) based apps give way to headless or non-GUI applets and application programming interfaces (APIs). In fact in 2019 OWASP issued a OWASP top 10 for APIs.

APIs and applets are about computer program to computer program communication. It is critical that the software development lifecycle (SDLC) embrace security as a non-functional requirement. This need may require developers to re-assess software engineering practices and work in more systematic ways.

In 2023, expect application security to be a top priority as organizations move to the edge and understand the importance of security as a central priority for the business – including at the application level.

Threat intelligence

Threat intelligence, the gathering of information about attacks on an organization from a variety of sources, will continue to be an essential component of security.

With edge computing and the expansion of IoT devices, threat intelligence will relay more granular and refined information about the attack surface. Threat intelligence will continue to be delivered as tactical, strategic, and operational. As more machine learning enrichment is available, consumers of threat intelligence will demand more pertinent and personalized reporting.

In 2023, expect to see the need for more relevant and curated threat intelligence feeds designed to combat specific industries or use cases.

Biometric security

Using biometrics to authenticate identity is nothing new, we have been doing this with fingerprints for over 50 years and more recently with facial recognition. In fact, multi-factor authentication (MFA) is frequently framed as something you know – a passcode, something you have – a device, and something you are – a biometric indicator.

We are now seeing celebrities selling their images or digital twins. This means that your favorite actor will continue to be in new movies, at varying ages, indefinitely.

What does this mean for security? Increasingly, we are being asked to authenticate via some sort of biometric. Advancements in digital twins and deepfakes mean there is a need to secure our own physical identities. The abundance of images available of any individual via a quick internet search can yield a treasure trove for an adversary seeking to hack an identity.

In 2023, expect to see more serious discussions regarding digital twins and how to make biometrics more secure.

Cyber/physical

Cybersecurity professionals have secured our cyber world – the electronic bits and bytes that create our computing systems. Increasingly, connected computers are entering a space that was reserved for physical only devices – think internet connected medical devices, internet connected construction devices, and internet connected transportation such as cars, planes, and ships. These previously physical only devices connected to the internet now constitute convergence.

Anything connected to the internet has to be secured and this includes newly converged physical devices that are now considered endpoints.

Making sure that these new style of endpoints are protected from cyber-attacks as well as physical attacks are key.

In 2023, expect to see more solutions focused on protecting the cyber and the physical and expect to see new roles emerge in organizations focused on this new element of security.

Companies born on the edge

Disruption is essential for innovation. As new “born on the edge” companies begin to emerge, the baggage of previous iterations of computing are jettisoned. Just as we saw “born of the web” companies not have to deal with legacy computing systems and infrastructure, “born on the edge” companies will have data and application security embedded from the beginning.

“Born on the edge” companies will take advantage of networks, infrastructure, development practices, and organizational benefits available in 2023. These new types of companies, across industries of all types, will spur on innovation and increase competition. As a result, more businesses will advance edge ecosystems and edge applications to deliver business outcomes.

Expect 2023 to be a year of anticipated disruption as “born on the edge” companies boldly emerge.

Looking forward

Out of necessity, we have seen digital transformation initiatives flourish over the past two years. And, in the last year digital transformation has yielded way to operationalizing what was transformed.

In 2022, we have once again been able to convene in person to discuss, debate, and dream of what is next.

Expect 2023 to be a year where we are reminded of the seemingly endless possibilities of the power of ideas translated to computing.

Here’s to an innovative and exciting 2023!