DUBAI / GULF TIME
Cybersecurity teams have long feared a black swan event. It appeared in 2020 in the form of Covid-19 and the severe security risks posed by shutdowns and a dispersed workforce. Its lingering effects will continue to challenge security teams in 2023.
First, the remote/hybrid working trend that it triggered has proved resilient and employees demand a hybrid office environment going forward. The increased remote working will make a massive societal shift and impact everyone. Historically, bad actors have leveraged high-profile events to attack distracted victims. In 2023, remote workers will be the target.
The pandemic also caused supply chain challenges that have wreaked havoc across most industries worldwide, piled on by geopolitical tensions. Information technology has been affected across the board. Because of these challenges, brand loyalty will increasingly fade. Customers won’t hesitate to make purchases they can get now rather than wait for a specific brand product later – fulfillment is critical, regardless of how long customers have been brand loyal. In 2023 and beyond, this will create a shift in the market as customers learn that brand loyalty is not necessary to run their businesses successfully.
The past three years have also accelerated a shift that will define cyber defense moving forward. In recent years, cybersecurity and IT teams have been encouraged to use a layered approach to protect company data and technologies through point solutions from different vendors. This approach has inevitably led to operational complexities and siloed security stacks. Therefore, organisations looking to minimize complexity and harden their security posture will turn to single-vendor solutions that improve operational efficiency with seamless integration, fewer consoles to use, and a true single-pane-of-glass experience. The economic downturn will also drive this trend through the consolidation of cybersecurity vendors.
Another pivotal trend that will be entrenched in 2023 is the shift by technology manufacturers to the “everything aaS” (as a service) model. We have grown to expect this from software, but traditional hardware, such as switches, routers, storage, and firewalls, will be offered across the board aaS model. This will pressure partners, who will ask themselves, “How do we consume this model? Who will finance or fund this model? How will we re-sell this model? What if we don’t want to participate, and we just want to buy and re-sell the traditional way?” Significant manufacturers will invest heavily in this model, and in 2023 there will be no turning back.
The increased industrialization of cybercrime is seen in easily accessible but highly advanced attack tools available in the open market. A case in point; DALL.E, a project by OpenAI to generate works of art through natural language processing inputs, was quickly adapted to enable threat actors to create payloads to deliver malware or execute on vulnerabilities, reducing the technical expertise necessary by threat actors down to a 5-year-old level.
The sophistication of cybercriminals will not be an excuse for “allowing” breaches and authorities will increasingly pursue people seen as responsible for breaches. In 2002 United States passed the SOX (or Sarbanes–Oxley) law in response to several major corporate and accounting scandals, including Enron and WorldCom. Under title III of this law principle, officers (commonly agreed to mean CEO and CFO) of public companies must take individual responsibility for the accuracy and completeness of corporate financial reports. The law enforces specific limits on the behaviors of corporate officers and describes forfeitures of benefits and civil penalties for non-compliance. 2022 brought the first criminal prosecution of a tech company executive over the data breach. Going forward, we will see CISOs being held personally responsible for security breaches on their watch and ensuring that appropriate compliance policies are followed after breaches.
So, where do we see most vulnerabilities in the new year? While every sector remains a target, education and healthcare markets are particularly rich targets due to the valuable personal data they hold and will continue to attract the attention of hackers in 2023.
MOHAMED ABDALLAH, Regional Director META at SonicWall