It’s that time of year when I begin to look back and reflect. Then, predict and plan. It’s the way I like to do things. I beleive like Winston Churchill did that the farther backward you look, the farther forward you are likely to see. It’s why I developed the IN Focus journal and planner, which you can buy via Amazon, and works on your life as a whole, not purely you career.
So, having just written my predictions for cybersecurity for the coming year, which will be coming to you shortly, I thought I’d look back at the ones I made for this year (for the International Security Journal (ISJ)) and discover how accurate they were. They’re brief, under 600 words.
I believe my predictions were largely accurate bar those made in regard to sustainability. Regretfully, I’ve not seen as much change as I would have liked.
I’ll leave you to make up your mind.
My Predictions for Cybersecurity in 2023 were…
Technology enables opportunities as fast as it introduces threats. Unsurprisingly, cyberattacks and data breaches show no signs of slowing as companies invest in technology to fuel growth, enhance customer experiences, support remote and hybrid workforces, and meet ESG goals. Here are my predictions for 2023.
Types of attacks. Cyberattacks and data breaches will continue to arise because of credential theft, social engineering (phishing, smishing, vishing etc), vulnerabilities in third party software and supply chain processes, forged or stolen machine identities, and misconfigured cloud computing. Ransomware attacks will surge again, and adversaries will lean on behavioural science and seemingly legitimate ways to trick users. As the quality of these attacks increase, victims will find it increasingly hard to determine whether they are visiting trusted websites that have not been compromised and hold malicious ransomware code.
Digital transformation. Despite contracting world economies due to a few dynamics colliding (Russia’s invasion of Ukraine, high inflation, and shrinking economies), more companies will be investing in digital transformation solutions. However, as traditional company perimeters are replaced by an array of network infrastructures which include cloud technologies, remote machines and their users (employees and third parties), edge computing and Internet-of-Things (IoT) devices, threats will rise due to a larger attack surface. Nonetheless, cloud computing will continue to dominate digital transformation efforts, and many benefits will occur including enhanced data asset protection, fewer compliance failures, cyber resilience, and business productivity.
Sustainability. More companies will be focused on sustainability. As such there will be pressure to simplify technologies, re-architecture environments, and ditch single point products which become costly and as a result can negatively impact the planet. Companies will seek single-vendor cybersecurity solutions that will unify products and services, consolidate vendors, and provide significant operational efficiencies and risk reduction. They will want to see evidence of environmental, social and governance (ESG) commitments from their suppliers as consumers become more conscious when buying.
Approaches. Companies will embrace zero trust, the ‘never trust always verify’ approach. By swapping implicit trust for identity-and context-based risk appropriate trust (users, devices, and services), companies will realise greater safeguards. Early adopter companies will also be implementing a cybersecurity mesh architecture (CSMA) approach which Gartner defines as being a distributed architectural approach to scalable, flexible, and reliable cyber control, and something that will reduce the financial impact of security incidents by an average of 90%.
Automated technologies. As more adversaries are using modern technologies like artificial intelligence, machine learning, and automation to accelerate their attack gains, so are companies. These technologies will reduce labour intensive activities, which will help with the current skills shortage. As employees continue to be a major liability for companies, more will invest in behavioural analysis technologies to bolster their defence strategies. With analytic solutions they can leverage off machine learning, artificial intelligence, big data, and analytics to better enable risk-based authentication and authorisation, identifying uncharacteristic intended or unintended user behaviour or device activity faster, and more concisely organising incident response measures.
Skills. Competition for top talent with sought after skills will intensify. The market will still be candidate driven. Companies will have to work hard to attract and retain cybersecurity professionals especially if they want a team that includes more women. They will need a watchful eye on their mental well-being too as cyberattacks intensify and the “always on” effects of hybrid and remote working.
Now I want to hear from you…
My predictions for cybersecurity in 2024 will be released shortly. I’ll have a concise version coming to you via ISJ again, and a much longer version available here. In the meantime, drop me a message and let me know your thoughts on these.