It was that time of year again ... Vendors, Analysts, "thought leaders" and security leaders shared their predictions for 2023.
Here's an overview of those I read and got something from:
Lots of predictors are "talking their book," with predections aligned to their roles, companies, or investments. This is unsurprising, as the same beliefs likely influence those relationships.
Overall, some themes were:
Consensus seems to be that VCs will invest in early-stage companies, while later-stage companies will see layoffs, down rounds, and PE activity. Cyber Security services may see increased demand.
Attackers will evolve: * adopting new technologies like AI and ML * introducing cloud-native ransomware and improved exportion capabilities * leveraging new monetization vectors
Critical Infrastructure will see a continuation in the elevated volume of threat activity.
Limitations in budgets and hiring will have security leaders looking to consolidated vendors, but they may still pick tools to balance reducing headcount. Diversity, inclusivity, and cross-training will be used to help with the "talent gap." The supply chain security trend will continue, introducing a push for solutions that avoid profligation of third parties. Privacy and resiliency will be major themes.
- Continuing "trend towards Security Engineers"
- A good year for Cybersecurity Services
- Smaller budgets, but tools over headcount spend
- Vendor consolidation
- VCs will stay busy in early-stage
- More cross-platform targeting and pivoting from threat actors (cross CSP)
- Move from cryptomining to phishing or ransomware to monetize short-term attacker tenancy
- Risks from third-party dependencies, and security struggling to keep up
- Targeting of cloud services and resources to disrupt OT systems
- Increased amount of cloud-specific attack tools and malware, specifically ransomware
- Security budgets will require additional justification
- Cloud adoption will accelerate, leading to additional breaches where security teams are not cloud-aware
- SaaS misconfigurations will rise
- Companies will pursue "Platform Engineering" and manage everything as code
- Movement to solutions that reduce need for third parties
- More security products that sell to developers directly
- More early stage VC activity
- More layoffs, down rounds, and PE activity in later stage cybersecurity companies
- Product predictions: Web3, AI/ML, API Security, No-Code Security, Managed Services,Security Program Value Realization, Identity Threat Detection, Automation Integrators, VAR evolution, Consumer Protection
- Ransomware attacks, especially against organizations outside industries and regions already impacted
- Cybercrime-as-a-service boom
- ICS systems targeted by social engineering
- Increase in EDR and MFA evasion
- Implementation failures in zero trust
- Continued threats to Critical Infrastructure and Public Sector
- OT attacks will become more prevalent
- Additional attention paid to Privacy
- Cultural focus on resilience and safety
- Fundamentals (Vulnerability and patch management, risk reduction, and Managed Extended Detection and Response (MXDR)) will regain focus
- Cyber Security as a Service expansion
- Tech-savvy and business-savvy CISOs needed
- Consolidation in Zero Trust tooling
- Increased attention from the Board
- Pain points from skills shortages and product silos
- Low sophistication threat actors will cash in
- Vendor consolidation and collaboration, at customer demand
- Cost will drive security programmatics
- Deepfakes will show up in social engineering
- MacOS will see cross-platform malware
- Ransomware will stay a major concern
- Deepfakes will grow more sophisticated and widespread
- Enterprises will focus on browsing security
- Passwordless will reach the enterprise
Security issues will come from the same places:
- Memory mismanagement
- Poor password choice
- Unpatched systems
- Increase in digital supply chain attacks
- Increase in mobile-specific threats
- Continued risks in cloud security
- Ransomware-as-a-Service sticks around
- Data privacy laws will keep getting stricter
- CVEs continue to rampage and tear through the supply chain
- Kubernetes RBAC and security complexity continues to intensify
- Slow adoption of zero trust will leave passwords and credentials open to theft
- Attackers will adopt AI and ML more effectively than defenders
- Automated defensive remediation will continue to grow slowly
- Cybersecurity insurance policies will descope ransomware and negligence
Venture in Security - The 360 degrees view of cyber: notes and reflections about the state of cybersecurity after the NightDragon's 2022 year in review event
- “Best of suite” platform companies will outperform “best of breed” point solutions
- "Tourist investors" will pull back, leaving more room for specialist investors with a solid understanding of cybersecurity
- "consolidation, simplification, and automation will remain big areas of focus for security leaders"
- Security service providers will get additional opportunities as trusted advisors
- Security teams will diversify hiring by recruiting people with industry lenses
- Increased application of AI and machine learning in cybersecurity
- Increased focus on cyber literacy
- AppSec and CloudSec will converge
- ‘Shift left’ will become ‘Shift everywhere’
- The C-Suite will demand greater visibility into the risk contributions of applications and teams
- Vulnerability Exploitability Exchange (VEX) will grow in popularity due to demand for clearer prioritization data
- Software supply chain security will finally have a clearer definition
- Ransomware will have global impact
- Adversarial AI attacks could lead to real-world consequences
- Cyber insurance policy carve outs will have impact
- Energy security and cybersecurity to converge
- The industry will focus on retaining and upskilling mid-level cybersecurity employees
- The UK National Cyber Strategy will lead to an evolution in cyber capabilities
- 5G will bring attack surface
- More cyber insurance issues and assorted (big) changes coming. Many won’t qualify.
- More nation-state cyber attacks based on lessons learned from the Ukraine war.
- Growing trouble with multifactor authentication (MFA) attacks.
- New attacks against space vehicles and drones.
- Social media attacks surge, including the use of targeted deepfakes.
- Use of public cloud computing and digital transformations grows, along with cyber threats.
- More critical infrastructure attacks that impact society.
- Hacktivism grows into new areas and becomes a bigger problem.
- Enterprises veering away from endpoint solutions and moving towards platforms to reduce complexity.
- Ransomware will be back in new, more dangerous, blended forms.
- More attacks against non-traditional technology, from cars to toys to smart cities.
- Social engineering threats will continue and adapt to new technologies
- Ransomware will increase capabilities for data extortion
- Attackers will target home equiptment to account for (flawed) zero trust models
- Security issues from misconfigurations and inconsistent application of cloud
- Industrial internet of things security will struggle with the skills gap
- Application security will better understand developers
- Phishing will get worse (especially due to AI)
- Security productivity will benefit from automation (like SOAR and XDR)
- Cloud security will move beyond CSPM
- CI/CD and IaC tools for audit trails and solving other security problems
- Attacker monetization strategies will evolve
- Radical data breach transparency from CISOs
- Security will give up on the user as a line of defense
- MFA adoption will grow
- Increasingly inclusive workforce will address talent gap
- Collaboration will improve preparedness and incident response
- Training and education will be key
- IaC will make "shift left" tangible
- Business resiliency will see increased investment
- Purpose-built tools will increase visibility
- Automated reasoning will benefit cloud security
- Quantum-resistant cryptography will get serious