DigiCert releases cybersecurity predictions for 2023 and beyond

DigiCert, Inc., a global provider of digital trust, released its annual forecast of cybersecurity trends emerging for the new year and beyond.

These projections authored by DigiCert experts Dr. Avesta Hojjati, Dean Coclin, Mike Nelson, Srinivas Kumar, Stephen Davidson, Steve Job, and Tim Hollebeek are based on shifts in technology, threat actor habits, culture, and decades of combined experience.

2022 State of Digital Trust Survey

“These predictions come on the heels of our 2022 State of Digital Trust Survey that found that almost half of consumers (47%) have stopped doing business with a company after losing trust in that company’s digital security,” said Dr. Avesta Hojjati, VP of Research and Development at DigiCert.

Dr. Avesta Hojjati adds, “The more CISOs and other IT staff understand the security implications of evolving technologies and threats, the better prepared they are to make the right investments for their business to ensure digital trust.”

Prediction #1

Quantum Computing Will Force Crypto-Agility

Cracking 2048-bit encryption would take an unfathomable amount of time with current technology

Cracking a 2048-bit encryption would take an unfathomable amount of time with current technology. But a capable quantum computer could conceivably do it in months.

Digicert predicts an increased focus on the need to be crypto-agile as quantum computers pose a significant future threat to secure online interactions. Cryptographic agility will be a competitive advantage very shortly.

Prediction #2

Matter Will Become a Household Standard

Matter is a smart home standard and common language for smart home devices which are secure and trusted to communicate and connect seamlessly.

DigiCert predicts the Matter logo will become the symbol that consumers look for in smart home technology.

Prediction #3: 

Code Signing Will Prompt A Race to the Cloud

OV code signing certificates are changing. They will soon be issued on physical security hardware in a similar way to how EV code signing certificates are issued. In June 2023, according to the CA/B Forum, a voluntary group of certification authorities (CAs), vendors of internet browsers, and suppliers note that private keys for OV code signing certificates must be stored on devices that meet FIPS 140 Level 2, Common Criteria EAL 4+ or equivalent security standards.

Digicert predicts that these changes will mean customers move to cloud signing in large numbers, instead of dealing with replacing their hardware token. They also expect all code signing will be cloud-based in the future, as customers will prefer the cloud over having to keep track of a hardware key.

Prediction #4

Software Supply Chain Attacks Will Make 2023 the Year of the SBOM

Because of the visibility, SBOM provides into software supply chains, Digicert predicts it will be widely adopted in 2023

An SBOM is a list of every software component that comprises an application and includes every library in the application’s code, as well as services, dependencies, compositions, and extensions. Because of the information and visibility, it provides into software supply chains, Digicert predicts the SBOM will be widely adopted in 2023.

While most of the requirements are taking place at the federal level now, expect the SBOM to spread to commercial markets soon to secure software. All of this means software producers will be required to get more involved in the process of ensuring their products are secure and visibility will be key to that. 

Prediction #5

Physical SIMs Will be Replaced by eSIM and iSIM Technology

The introduction of the integrated SIM (iSIM), which does not require a separate processor, is smaller and does not take up much room on hardware such as mobile phones.

Digicert predicts the next generation of smartphones will remove traditional SIM hardware functionality and move to eSIM and iSIM as the root of trust.

Prediction #6

EU Digital Identity and European Digital Wallet Will Become the Worldwide Model

The EU Digital Identity Wallet is a European Commission initiative under the eIDAS Regulation that will create a unified digital identification system across Europe. The EU Digital ID Wallet will allow European citizens to carry eID versions of their official government ID documents in a secure mobile wallet application for online authentication and electronic signatures. 

Digicert predicts that much like Apple Pay and Google Pay have become widely adopted as a means for digital payments, the EU Digital Identity Wallet will become the model for digital identity that the rest of the world will seek to emulate. With the legal framework and policies in place for adoption on the continent, users will begin to feel more comfortable turning to a digital wallet to store and share credentials when needed.

Prediction #7

DNS Will Continue To Grow In Importance

Well-defined APIs, SDKs, and integrations will be highly vital to the success of the organisation’s efforts

Infrastructure as code will continue to grow as a best practice for organisations of all sizes. DNS services that have high uptime, fast speeds, and fast DNS propagation will be crucial for organisations to have as a toolset.

Well-defined APIs, SDKs, and integrations will be highly vital to the success of the organisation’s efforts to be productive and reliable.

Prediction #8

Criminals Will Exploit Zero Trust

Adversaries will deploy new technologies as well to increase their success rate in future attacks. A properly versed attacker could potentially deploy technologies, such as Artificial Intelligence and Adversarial Machine Learning to find weaknesses in an improperly deployed zero-trust framework.

As zero trust becomes the standard security approach for IT systems, Digicert predicts adversaries will change their attack approach to be able to overcome zero-trust frameworks.