Professor Avishai Wool looks at five areas where he expects cyber security practices to develop in 2023 in response to the changing threat landscape and advances in response and protection technologies.
Application-centric approach
I think the market has matured to the point where the network security policy management (NSPM) approach has reached a tipping point and I see the shift to an application perspective becoming the de facto approach in NSPM as there are better and more robust technologies in the market that can help organisations get there faster. I see this shift becoming even more viable in 2023 based on recent market trends in which organisations are opting for downsizing and trying to do more with the smaller staff at the expense of losing tribal knowledge.
As a result, I see organisations shifting more towards adopting a holistic approach to network security that is more application-centric in which they can retain critical knowledge, such as application traffic intent and application policy rules so that the new generations can step in and pick up where the previous predecessors left off.
Containerisation will enhance layered security
Containers are seen as a cost-effective light-weight solution for deployment and deploying
I expect container security to be increasingly popular in the future, as companies understand that their existing network security mechanisms are not enough for the communication networks.
Containers are seen as a cost-effective light-weight solution for deployment and deploying them introduces another inner layer where security policies can be applied: behind the perimeter filters, the internal zoning, and the micro-segmentation, organisations can also consider nano-segmentation at the container level.
Vulnerability testing
Vulnerability testing is another dimension of the container platform especially within cloud applications and SaaS products. The common Kubernetes platform offers both opportunities and challenges for vulnerability scanners.
Beyond 2023, businesses will need to enhance both their visibility and management capabilities of security within their containerised applications.
Security driven IaaS ecosystems to improve network security
The customisability of IaaS offers great potential for productivity, but it also makes it complicated to secure
I expect the popularity of infrastructure as a service (IaaS) to continue to soar, making it difficult for security teams to keep up with the associated risks and vulnerabilities.
Pre-set security settings may not meet the needs of the organisation and customising these settings can prove to be difficult. The customisability of IaaS offers great potential for productivity, but it also makes it complicated to secure.
Always-on security approach
The bottom line is that companies can no longer depend on their network perimeter to guard sensitive data.
In response, I anticipate organisations that begin utilising an ‘always-on security’ approach such as infrastructure as code (IaC) which would permit them to construct personalised policies to control the development environments during each phase of the software development life cycle (SDLC) and recognise potential risks, security flaws, and compliance issues on a what-if basis, before deploying flawed settings into production.
Cloud-native security tools will reign supreme
Cloud-based security systems offer a wide range of abilities, such as secure access, identity and access management
I expect that cloud-based security systems will become more commonplace: these security solutions offer a wide range of abilities, such as secure access, identity and access management, data loss prevention, application security, automation of security, detection, and prevention of intrusions, security information and event management, and encryption.
With companies transitioning more workloads to the cloud, they will want to make use of many of these features. These tools make it possible for remote teams to manage a greater public cloud presence: comfortably configuring services and automating processes, to identify and pre-emptively tackle any kind of threats.
Data-safeguarding systems
To bridge the gap in cloud data security, I anticipate the emergence of data-safeguarding systems that are designed specifically for cloud usage and can link up with public cloud systems in an advanced, agentless manner. This has been classified in the market as a cloud-native application protection platform (CNAPP).
These platforms must be able to detect where the data is stored and what sorts of data are stored in the cloud so that corporations can prioritise what is most important defending their most sensitive data and cloud-based applications without interfering with their normal operations.
Expect ransomware to get even more sophisticated
Cybercriminals are getting more resourceful and savvier in their attempts to stay ahead of law enforcement
Organisations in 2022 saw no let-up from ransomware threats, some of whom were attacked multiple times and I do not see any reason why this trend will change in 2023.
Cybercriminals are getting more resourceful and savvier in their attempts to stay ahead of law enforcement, and I anticipate these attacks will only become more frequent as their perpetrators prove more capable of infiltrating many organisations’ cyber defence/defences.
Zero trust
In response, organisations will have to seek more technology solutions to protect data at the source. But that would not suffice. I think organisations will need to look beyond technological solutions and apply better preparedness strategies.
Whether it be xero trust or something less overarching but more practical for an organisation’s business needs, such as micro-segmentation, it would ensure that threat actors would not be able to access the data residing inside the security perimeter.
