The start of a new year presents an irresistible temptation: to predict what lies in store for cybersecurity. Although each year brings unexpected developments, and 2022 was no exception, I am happy to take another turn at the crystal ball.
Offering meaningful predictions is, I may say, a small act of bravery. It is easy to proclaim, for example, that ransomware will still be with us, or we will still struggle to fill cybersecurity jobs.
So, coming up: some more courageous calls from me and some of my Vectra colleagues. But first:
Here’s a brief look back at my predictions for 2022. How did I do? Not perfectly, but I give myself a passing score. This time last year I forecast:
The biggest cybersecurity development of 2022, of course, was the eruption of cyber hostilities between Russia and Ukraine, the impact of which has been wider than anyone anticipated. Much of the conflict is being waged in cyberspace. It’s pretty clear that our first full-fledged cyberwar affected civilian infrastructure, public and private assets intentionally. The course of this geopolitical crisis is that it’s providing organizations worldwide with a clear, vivid motive for adopting better, smarter, AI-driven cyber defense. We should not bank on state-operated defenses to protect our assets.
Now let’s get onto solid ground, and offer some firmer, more confident predictions for 2023.
We’ve all seen the costs of supply disruptions, and thankfully, in the wake of recent events, logistics strategists are thinking more about system resilience. But attackers are getting more inventive. In 2023 we’ll not only see continued assaults on the “usual suspects,” but innovative back-door ploys – exploiting weaknesses within a shipping company’s accounting or legal firms, for example. All interconnected companies comprising a critical supply network should be collaborating to review security policies and standards.
As Gartner’s Richard Bartley recently declared, “Supply chain and geopolitical risk will dominate cybersecurity… The pandemic, social and political polarization, digital ethics and privacy challenges, and climate change impact partners and trusted third parties.” I predict not everyone will heed this warning, and we’ll see ingenious new supply chain attacks in 2023 that joint reviews by interconnected companies might have prevented.
Our enemies are always looking for exploitable entryways into networks and workloads – and trying new offensive plays. Yesterday’s unevolved malware protection architectures may not work as well tomorrow, and the total attack surface will continue expanding in 2023. I predict more market interest in truly adaptable protection. Threat Detection and Response (TDR) platforms that adapt to an organization's evolving attack surface afford improved protection from attackers infiltrating evolving hybrid cloud infrastructure.
IaC means infrastructure as code, and it can be an efficient way to reduce organizational downtime during recovery from a ransomware attack. Traditional restoration routes can be slow and costly. IaC enables scripts an organization can use to rebuild compromised infrastructure from scratch – often a far quicker process. I think we’ll see more smart organizations turn to IaC in 2023 to automate faster recoveries.
Don’t take this, however, as a blanket, uncritical endorsement of all automation, everywhere. Gartner’s Eric Alhm underlines: “[A]utomation serves no purpose unless it makes ‘something else’ better, faster, cheaper, or otherwise measurably improved… In 2023, security operations professionals should seek gains in their program through automation, but be selective.” In 2023 I believe we’ll see more discriminating customers scrutinize candidate solutions more carefully. And if you’re a class-leading vendor, scrutiny – even skepticism – will be fine.
Believe it or not, human-operated ransomware incursions are trending – an interesting challenge to the conviction that automation and AI are the black hats’ bread and butter. This development simply underlines a hard truth: cyber defenders need a mix of tools, techniques and processes calibrated to serve their particular needs. “No single technique or control is a ‘silver bullet,’” contends Gartner senior analyst Jon Amato, “but implementing the right balance of multiple techniques assures a robust endpoint security ecosystem.” I predict 2023 will see increased recognition of Amato’s view.
Q-Day is coming – that is, the day quantum computing becomes readily available, endangering conventional security protocols and making encrypted data easier to expose. Some cyber black hats aren’t going to wait for Q-Day. I predict we’ll see more “blind grabs” of digital assets thieves expect to have value – assets they can’t crack now, but may soon be equipped to. Security leaders in 2023 have got to strategize for the new rules of the post-quantum world
Disclosure time: NIST, the U.S. National Institute of Standards and Technology, is under White House orders to coordinate the labeling of software and IoT devices – with clear statements regarding privacy and information security standards reflected in the product and observed by the organization. NIST established the criteria for label data in 2022, and in 2023 I predict we’ll grow used to assessing the security readiness of more of the devices and applications in our lives. I think this will have particular impact on the IoT world, where a plethora of diverse “smart” devices have gone on sale with too little security awareness. It’s a good thing for consumer and enterprise markets alike.
Yes, SOCs are already overworked and understaffed. It’s going to get worse in 2023. More fatigue, more resignations, more staff churn – and none of those are encouraging signs. Organizations will rely more on MSSPs (managed security service providers) as the shortage of properly skilled analysts grows more acute. Vectra supports MSSPs, we have the world’s best partners in the category, but I want organizations to cultivate and support in-house human talent as well. That calls for more creative recruitment drives – and doing more to elevate, protect, and reward SOC professionals. Flexible working arrangements, health and wellness protections, you name it. The “talent war” will only intensify. Burnout helps nobody.
Finally, some good news: I think new trends in security software architecture will enable more efficient operations. I agree with Patrick Hevesi at Gartner when he points out that “Large security vendors are building out unified cybersecurity platforms, defined by their underlying data lake-oriented capabilities, as cybersecurity mesh architectures (CSMAs)… CSMAs will help organizations simplify the complexity of managing multiple point products.” I’m not contradicting what I said above about the goodness of a mix of tools, techniques, and processes, but tool consolidation means a welcome means to manage that mix without being overwhelmed. A single-dashboard approach is a longer-term aspirational goal, but it’s no longer so wild a dream.
Vectra AI enjoyed solid success in 2022. For the third time, we appeared as a Representative Vendor in Gartner’s landmark reference guide, the 2022 Gartner Market Guide for Network Detection and Response (NDR).
We do not achieve our position in the forefront, year after year, by repeating the same things year after year – responding to tomorrow’s challenges with ideas or technology that worked yesterday. Constantly, we scan the horizon, evolve, and adapt...and we do so by working closely with our clients and partners to be on the forefront of their needs. And while that results here in a few slightly brave predictions for 2023 – we’ll meet back here in one year’s time to see how correct we were! – the real fruits of that effort are visible in our products, services, and people. Every day.
I wish you a safe and secure new year. And whatever happens, Vectra will continue working and investing to provide the best protection against modern cyber attackers.