Latest News

Cyber Security in 2023: What do the experts say?

What will 2023 bring for the cybersecurity industry? We spoke to a few cybersecurity experts about what those in the industry can expect to see next year and beyond.

John Linford, The Open Group Security and Open Trusted Technology Forum (OTTF) Director
“Zero Trust has been a high-profile topic in cybersecurity for well over a decade now, but in recent years it has suddenly bloomed from being a promising future approach to being a fundamental component in enterprises’ security toolkits. According to one report, active Zero Trust implementation more than doubled in the year to August 2022, reaching more than half of businesses.

This growth has had two major consequences. First, information security for businesses has been considerably strengthened. We know that Zero Trust can reduce data breach incidents by 50%, and so its rapid widespread adoption is something to be celebrated.

The second, less encouraging consequence has been an accompanying growth of competing definitions around what it means to comply with the Zero Trust model, whether for an organisation to implement Zero Trust or for a product or service to aid in this. While the principle of Zero Trust might seem simple enough to state in theory, applying it in a production environment demands countless subtle decisions which affect the ultimate nature of the solution. This fact adds a layer of conceptual overhead to an undertaking which can already be daunting, requiring in-depth planning and cross-company collaboration in order to succeed.

This is not a new story in technology; in fact, the origins of thinking behind Zero Trust can be traced to the Jericho Forum® Commandments. Once the idea or approach has proliferated sufficiently, a period of blossoming innovation as ideas are brought to market is often followed by a period of rationalisation as new or additional standards are created to ensure holistic benefits. So it is with Zero Trust: initiatives like NIST® 800-207 and The Open Group Zero Trust Architecture Working Group will establish the clarity Zero Trust needs in order to grow from being present at the majority of businesses, to being at the heart of most business processes.”

Allen Downs, Vice President Security and Resiliency Services, Kyndryl
“There is an easy prediction that we could make about cybersecurity this year. A few months ago, a group of major industry players announced the Open Security Schema Framework (OCSF), an initiative which aims to standardise cybersecurity information sharing around a common data standard. It’s a deeply promising move, and one that’s long overdue: the modern CISO can often be found grappling with how to transform a patchwork of hastily-implemented solutions into a cohesive security stance, and seamless data integration could be exactly what we need.

The truth is, though, that a fully-fledged standard will take longer to achieve than many enterprises have. Gaps between systems exist today and, despite economic headwinds, the drive for digital transformation is still there, creating an ongoing expansion of security needs. If we can’t wait for reinforcements to arrive to unpick this problem, we need to start now by auditing, rationalising, and streamlining what we’re buying for and how we’re using it security and resilience.

It can’t be overstated how chaotic structures across security solutions put organisations at risk. That’s why my real prediction is that, this year, we will see clearer evidence of a non-correlation between security investment and security performance. While global cybersecurity spending continues to skyrocket year-on-year, major organisations will still be caught out by mismatched systems, whereas those who achieve a holistic view of their security and resilience stance will fare far better.”

Anthony DiBello, Vice President, Strategic Development at OpenText
“Cybersecurity challenges in 2023 will be driven by global recessions, cryptocurrency risks and fluctuations, workforce and supply chain challenges, and international conflicts destabilising economic conditions in various geographies.
These conditions will lead to an uptick in financially motivated identity theft driven both by individual desperation, and isolated economies such as Russia and North Korea. With disruption in the cryptocurrency markets, expect to see a small decline in ransomware attacks as criminals pivot to more direct financial theft and fraud, such as tax and credit card fraud schemes. For organisations, expect to see investment focused on fraud and insider threat detection as a result.

As enterprises prepare for a recession, expect to see organisations look to consolidate the number of cybersecurity vendors they interact with and push to get more from the technology they already have in deployment. On the vendor side, expect to see consolidation through M&A, particularly as sigh-high valuations begin to drop to more consumable levels. As a result, there will likely be less cybersecurity startups entering the marketing in 2023 and existing vendors will focus more on practical solutions to near and present cybersecurity challenges.

Past concerns regarding fraud and insider theft, those challenges will be securing the supply chain (physical and digital), and critical infrastructure. Bolstering security in these areas will be a huge focus for security leaders within those industries in 2023. Expect to see entrenched security vendors extend existing technology to better secure and monitor manufacturing and critical infrastructure environments (IoT Security) and the software development supply chain (DevSecOps) for cyberattacks.”

Brett Beranek, General Manager, Security & Biometrics, Nuance
“Financial services organisations of all sizes have seen digital interactions and call volumes rise over the last two years. Like all brands, banks must offer great customer experiences to remain competitive. But the nature of their business means security must always be a top priority. Traditionally, adding security meant adding friction to the customer and agent experience, so financial institutions will prioritise investments in technologies that strengthen security and CX simultaneously.

“Traditional authentication methods – such as PINs and passwords – are archaic and no longer fit for purpose. Passwords are being sold on the dark web, exploited for fraudulent activity and have even cost unfortunate individuals vast sums of money in terms of recovery if lost or stolen.

“In 2023, an increasing number of banks will turn to modern technologies – such as biometrics – to robustly safeguard customers. We’re already seeing banks get immense value—including 92% reductions in fraud losses and 85% increases in customer satisfaction—from biometrics solutions that eliminate authentication effort for customers while making life very tough indeed for fraudsters. Over the next 12 months, I expect to see many more financial services organisations following in their footsteps.”

John Smith, EMEA CTO, Veracode
“Each year, software and applications are only becoming a bigger part of our lives. As this demand for better digital experiences continues to grow, it is imperative that businesses remember that the need for better security increases alongside it. To achieve success in 2023, businesses will need to set out on the right foot from the beginning and ensure their security strategy is considered from the first line of code.

If we have learnt anything from 2022, it is that no organisation is immune to cyber threats. Fortunately, however, we are seeing proactive new steps to help prevent risk, with the likes of the European Cyber Resilience Act (ECRA) and Digital Markets Act (DMA) both coming into play in the last year. This, coupled with the increased demand for better digital experiences, seems to have reenergised the investment and prioritisation of cybersecurity by businesses. Many professionals expect further laws to be introduced in the coming years and want to get ahead of anticipated mandates by investing in better security practices and emerging technologies, such as automated, machine learning-driven remediation.

While we are seeing positive steps in the right direction as we enter 2023, it would be naive to think that we can ease up and pat ourselves on the back. Security is neither a tick-box exercise nor an end goal, but rather an ever-evolving journey. Now, more than ever, we should be ensuring that security is pervasive not invasive. Then, hopefully we’ll be able to reach a place where businesses truly have an always-on understanding and active role in mitigating cyber risk before disruption can occur.”