Cyber resilience and security predictions for 2023
- Details
- Published: Friday, 18 November 2022 09:24
Quest is a leader in the data management space and IT resilience working with 95 percent of the Fortune 500 companies. Here, various members of the Quest team give their predictions for changes in the cyber resilience and security arena in 2023…
Businesses that deploy chaos engineering for data security will gain an edge
Adrian Moir, Technology Strategist & Principal Engineer
Over the next year, businesses will refine their testing process for data security, increasingly deploying chaos engineering to shore up enterprise resilience. Originally built for developer testing, chaos engineering has the power to help IT teams test not just recovery operations, but the applications and pipelines data moves through. By testing each part of the business’s data protection apparatus regularly, teams will be able to confirm that recovery techniques, from immutable data stores to replicability, work effectively. Expect businesses to make this part of their regular data protection operations as the C-Suite makes resilience and risk reduction a higher priority in light of ransomware, natural disasters and other business disruptors.
Zero trust will move from hype to reality
Bryan Patton, Principal Strategic Systems Consultant
The benefits of the cloud will only become more attractive in 2023. Faced with economic uncertainty, organizations will value its quick scalability, and their worries about IT skillsets will be mitigated by being able to reduce their on-premises footprint in favor of managed services. And, of course, the cloud enables organizations to better support the modern hybrid workforce, so they’re better able to attract and retain top talent.
But cloud adoption also erases the traditional perimeter, when everything ‘outside’ is suspect but everything ‘inside’ is assumed to be trustworthy. This change will drive zero trust from the realm of hype into widespread practical application. In a zero trust model, no user, service or other element gets authenticated once and then given a free pass. Instead, continuous verification is required: Real-time information from multiple sources is used to make access decisions and other system responses.
Success will build upon success. More mature organizations will adopt zero trust, and their success will build confidence in others. Organizations will build, refine and share best practices for implementing a zero trust model, providing practical guidance that will drive adoption and improve results.
Inflation will increase security risks
Jennifer LuPiba, Director of Product Marketing & Customer Engagement
First, we’ve already seen ransomware brokers emailing users at organizations and asking them to deploy their malware. Of course, cybercriminals looking for disgruntled employees willing to sabotage their employers is hardly a new development. But with more people hurting financially due to soaring inflation, malicious actors in 2023 will have a larger pool of potential accomplices who just might succumb to temptations like a bribe of $1 million in Bitcoin for unleashing ransomware.
Misuse of insider access is not limited to ransomware. Users feeling the pinch of inflation can also sell their credentials. And while it might seem that an ordinary user’s credentials would not provide a great deal of value to an adversary, the truth is far different. Quest security assessments often find that a huge percentage of user accounts in an IT environment - usually a staggering 70–100 percent - have rights that could be escalated in a handful of steps to give an adversary access to Tier Zero assets, including control of the entire Active Directory domain. What’s more, open-source tools will lay out these attack paths in clear detail, without the need for administrative permissions. As a result, organizations will need to implement attack path management.
At the same time as cybercriminals are ramping up their attacks, IT teams will be struggling with their own inflation challenges. In particular, budget cuts combined with unfunded IT mandates are likely to be a particularly vexing reality in 2023. With no shortage of issues to be addressed, IT teams will need to stay sharply focused. In particular, they will need to ensure that they have a robust disaster recovery strategy and automated solutions that speed the restoration process. After all, the key to becoming more cyber resilient is not magically ensuring that you’ll never suffer an attack; it’s being prepared to get the business back on its feet as soon as possible if a disaster does strike.
New data sovereignty laws will spur businesses to make data more visible and interoperable
Danny Sandwell, Senior Solutions Strategist
We expect to see businesses take a more proactive role in creating their own data governance policies amid the current wave of regulatory action. The current global patchwork of data sovereignty and privacy laws has made it more complicated than ever for businesses to create consistent policies on data sharing, integration and compliance. This will continue to have a significant impact on organizations’ ability to maximize the use of data across their IT infrastructure, unless they put together clear plans for data integration and governance. In 2023, the passing of more data sovereignty and sharing laws will spur businesses to invest in getting visibility into their data and creating clear plans for sharing and integration across their IT landscape.
Geopolitical tensions will accelerate the push toward software supply chain security standards
Jennifer LuPiba, Director of Product Marketing & Customer Engagement
In 2023, creating security standards for the software supply chain will continue to be a major priority as businesses scramble to reduce the ransomware risks associated with third-party software. We expect additional mandates and voluntary guidance from federal agencies like CISA and NIST on the best ways to prevent supply chain attacks. Additionally, rising geopolitical tensions will impact supply-chain security standards, as renewed scrutiny on software originating in certain countries will put the onus on businesses to change their software stack in order to safeguard their assets and operations.
Rising cyber insurance premiums will drive businesses to scrutinize third-parties more
Bryan Patton, Principal Strategic Systems Consultant
In 2023, cyber insurers will raise premiums and increase their standards for coverage as they look for organizations to prove they’re prioritizing cyber defense not only within their own organization, but throughout their software supply chain. Insurers are getting more discerning when handing out policies because many organizations lack the basic tools of cyber hygiene and resilience. To ensure coverage amid increased scrutiny, business leaders will be incentivized to invest additional time and resources in basic security protections, as well as to more closely evaluate their vendors’ security posture.
More scrutiny over M&A will empower boards to prioritize security in deals
Bryan Patton, Principal Strategic Systems Consultant
In 2023, security will become a board- and C-level priority when it comes to M&A planning. Because market growth has significantly slowed down, deals have also slowed, and companies have the opportunity to be more selective in their acquisition choices. We expect that business leaders will pay more attention to preventing security risk via due diligence. Deals no longer need to happen as quickly as they once did, allowing more time for businesses to mull over security risks instead of focusing on moving data and other valuables into the system quickly. This will both prevent businesses from making risky M&A moves as well as make the deals that go through easier go complete, by making IT integration efforts more secure, regulated and consistent.
