Watch the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiencies by upskilling and scaling citizen developers. Watch now.
Cyber risks never stand still. As the war between Russia and Ukraine continues and economic uncertainty looms on the horizon, organizations must be prepared for an increase in cyber threats.
Recently, some of Gartner’s top analysts reached out to VentureBeat to share their top cybersecurity forecasts for 2023.
Predictions include supply chain continuation and geopolitical risks, DevSecOps emerging as a critical methodology for security teams and developers, and human-operated ransomware remains a prominent threat.
Below is an edited transcript of their responses:
1. Supply chain and geopolitical risks will dominate cybersecurity
“A wide range of geopolitical risks continue to affect organizations globally and into 2023; many will emerge as supply chain exposures. The pandemic, social and political polarization, digital ethics and privacy challenges, and climate change are impacting partners and trusted third parties.
“This puts enterprises and their supply chains at greater risk from malware attacks, attacks against cloud infrastructure, attacks against system integrity and availability, such as distributed denial of service (DDoS) and data theft or loss.
“Organizations need to build in effective security controls to manage all types of supply chain risks they face. In 2023, cybersecurity risks in the supply chain must be addressed as a socio-technical challenge.
“These are not just IT security risks, but rather arise from challenges such as hardware and software sourcing, business continuity and transportation issues.”
VP Analyst at Gartner, Richard Bartley
2. Emerging architectural patterns will streamline security
“Security teams need to be able to dynamically identify gaps resulting from new IT strategies – such as the move to the cloud or increased use of container technologies – or emerging threats so that risks can be prioritized and addressed.
“Large security vendors are building out unified cybersecurity platforms, defined by their underlying data lake-oriented capabilities, as cybersecurity mesh architectures (CSMAs). These solutions focus on deploying a single console; provide integrated machine learning (ML), orchestration, and automation; and third-party integration support.
“These platforms have been built over time, [and] expand with new types of capabilities and integration as customer needs evolve. CSMAs will help organizations simplify the complexities of managing multipoint products.”
VP Analyst at Gartner, Patrick Hevesi
3. Zero trust will play a key role in risk management
“Gartner defends zero-trust architecture (ZTA) as an ‘architecture that replaces implicit trust with continuously assessed risk and trust levels based on identity and context that adapts to optimize security posture’. This means that trust must be explicit, with each request for access to a ZTA resource requiring a risk calculation.
“The risk calculation takes into account various signals such as the location of the device, the credibility of the user’s claim, the hygiene of the device, information about threats, the time of day, the day of the week, and the data sensitivity of the device. the requested application.
“Access is granted only if the calculated risk is less than the value of extending access. In 2023, enterprises will increasingly use ZTA to improve and optimize the overall security posture of the organization.”
VP Analyst at Gartner, Thomas Lintemuth
4. DevSecOps becomes business critical
“The continued growth and diversity of API and application implementations creates an extensive attack surface for malicious actors.
“Organizations must therefore view the secure development and deployment of APIs and applications as business critical. To do this effectively without impacting speed, security must be automated in application delivery processes using DevSecOps techniques.
“DevSecOps blurs the boundaries between infrastructure and applications. Security teams will find that considerations related to infrastructure security go hand in hand with those related to application and data security. A clear example is the development pipeline, a critical part of the software supply chain.
“Attackers are exploiting weaknesses in this critical component to gain access to source code, sensitive data and application components. In 2023, security teams will increasingly align security and devops practices for a holistic DevSecOps approach. Security must become an integral part of development processes and automation.”
Senior Director Analyst at Gartner, William Dupre
5. Security operations (seconds) with automation will improve proactive and detective capabilities
“Automation for security operations is in a renaissance period. We are seeing a shift from general purpose security automation platforms to target-driven automation led by domain experts in areas such as Alert Pipeline Management (SIEM), Threat Intelligence (TI), Ticketing and Workflow (ITSM), and Threat Detection Systems (XDR). /TDIR).
“It’s important to note that automation serves no purpose unless it improves ‘something else’ better, faster, cheaper, or otherwise measurably.
“Even the most technically capable automation platforms cannot achieve these goals without in-depth knowledge of the domain (problem area) and the subject-matter expertise to develop playbooks that are profitable over the non-automated approach.
“By 2023, security operations professionals should seek profit in their program through automation, but be selective. Carefully balance the impartial freedom of an independent SOAR provider with the target-specific knowledge of a domain expert as part of their core platform.”
Senior Director Analyst at Gartner, Eric Ahlm
6. Data-centric cybersecurity will be the key to a data-everywhere world
“Data proliferates, both within and beyond the organizations that collect it and take primary responsibility for protecting it. Keeping track of all this data hasn’t been a top priority for many organizations, so there’s little visibility into it.
“Stored data that the company has no visibility into is considered dark data, and estimates indicate that between 55% and more than 80% of the data a company stores is dark data. Lurking in this dark data are unknown data risks.
“Securing data and enabling privacy compliance within data warehouses and big data/advanced analytics pipelines is a growing concern, especially when regulations can directly conflict with business needs.
“Data-centric security is essential for data protection in today’s ‘always on’, ‘data anywhere’ world. In 2023, organizations should focus on overlaying their core security architecture with a data-centric vision.”
Director Analyst at Gartner, Anthony Carpino
7. Endpoints and workloads need adaptable protection against emerging and established threats
“Endpoints continue to be a major target for advanced adversaries. Rather than simply stealing sensitive information from endpoints, adversaries are now using them as a foothold to launch more commercially attractive attacks such as ransomware and corporate email compromise.
“In addition, the use of employee-owned devices outside corporate networks has accelerated and organizations are also dealing with a growing number of devices such as IoT and virtual personal assistants that need access to corporate networks, applications or data.
“As the attack surface continues to grow in 2023, security professionals should review malware protection architectures across networks, client endpoints, and server endpoints.
“Solutions such as endpoint detection and response (EDR) and managed threat detection (MTD) can provide not only prevention capabilities, but also detection and response capabilities that help reduce recovery time after a successful attack.”
Director Analyst at Gartner, Eric Grenier
8. Human-operated ransomware is becoming a bigger threat
“As sophisticated attacks continue to emerge, human-operated ransomware becomes an unavoidable threat. As these ransomware gangs use increasingly sophisticated techniques, security teams must adjust their security strategies accordingly.
“The pre- and peri-attack phases of a ransomware attack are mainly where prevention takes place.
“Once the attacker is successfully infiltrated, detection checks become necessary to identify anomalous attacker behavior.
“To provide an effective defense against advanced ransomware, organizations must have a combination of multiple detection and prevention controls and a robust backup/recovery process in place, along with a program of fundamental security techniques and processes.
“No technique or control is a silver bullet, but implementing the right balance of multiple techniques ensures a robust endpoint security ecosystem. Extended Detection and Response (XDR) is an emerging offering from endpoint protection platform (EPP) and EDR vendors.
Senior Analyst at Gartner, Jon Amato
VentureBeat’s mission is to become a digital city plaza where tech decision makers can learn about transformative business technology and execute transactions. Discover our Briefings.
