Recently, we sat down with four security leaders to hear their top security predictions for 2023. They debated the likelihood and potential impacts of their top predictions in partnership with Cloud Security Alliance, finding plenty of alignment and differences along the way. Click here to watch the debate on the four top predictions for next year.
There were more than 12 additional predictions that the panel didn’t quite get to.
Here are 12 predictions you might have missed
From Fernando Montenegro, Sr. Principal Analyst at Omdia
Fernando is a Senior Principal Analyst on Omdia’s cybersecurity research team. He focuses on the Infrastructure Security Intelligence Service, which provides vendors, service providers, and enterprise clients with insights and data on network security, content security, and more.
According to Fernando, in 2023 we can expect:
- A steady stream of self-inflicted, “Oh-my-god-level” breaches. Self-inflicted security breaches, or data breaches that result because of a preventable vulnerability, are said to make up as much as 90% of data breaches. In 2022, we’ve seen a number of breaches from large, well known companies with millions of customer records, and Fernando predicts we’ll see even more in 2023.
- Increased adoption of Secure Access Service Edge. Omdia has gone on record a handful of times about the buzz around SASE, so it’s no surprise that Fernando believes this framework will continue to rise among cloud-first organizations in 2023.
- The rise of product security and the fall of overarching security budgets controlled by CISOs. As product security takes on more responsibilities previously assigned to security teams, budget is likely to shift, and Fernando predicts we’ll see this take shape in 2023.
You can find more from Fernando on Omdia’s website, here.
From Kelly Shortridge, Sr. Principal Product Technologist at Fastly
Kelly Shortridge is a Senior Principal Product Technologist at Fastly and co-author of the book on Security Chaos Engineering (O'Reilly Media). Kelly has been a successful enterprise product leader as well as an entrepreneur (with an exit to Crowdstrike) and investment banker. Kelly is best known for applying behavioral economics and resilience to information security and is a frequent advisor, author, and speaker on those topics.
According to Kelly, in 2023 we can expect:
- Security chaos will become more than a set of experiments. Though security chaos engineering relies on a kind of scientific method to run experiments, Kelly predicts that the use of security chaos engineering will become part of the culture of leading security teams in 2023.
- We’ll see the dawn of Platform Resilience Engineering. Kelly has long been talking about the marriage of DevOps and security, so it’s no surprise that Platform Resilience Engineering is on her list of what to expect next year.
- Attacker access monetization strategies will evolve. With ‘traditional’ monetization routes gaining more scrutiny, cyber criminals may become desperate. And desperation is the mother of invention…
For more from Kelly, or to get a copy of Security Chaos Engineering, you can follow her on her blog or over at Fastly.
From Claude Mandy, Chief Evangelist of Data Security at Symmetry Systems
Claude Mandy is the Chief Evangelist for Data Security at Symmetry Systems, where he focuses on innovation, industry engagement and efforts to evolve how modern data security is viewed and used in the industry. Claude brings a passionate and creative approach to modern security, privacy and risk management challenges. His 20+ years of experience include working as a Sr. Director Analyst at Gartner and CISO at QBE Insurance.
According to Claude, in 2023 we can expect:
- Cyber risk quantification finds a new friend in data breach exposure analysis. These two areas of upfront prediction or quantification and post-mortem analysis have yet to come together. Claude suggests 2023 is the year companies start aggregating the data and researching the efficacy of our quantification programs.
- Organizations, and security teams, will become more data centric and data driven. Big data meets SecOps, and decisions will need to be made based on data. Teams are too busy and the volume is too high to chase down every alert and finding. Understanding your data will be critical to taking action and securing your organizations.
- Multi-cloud becomes even more ‘multiverse’. All cloud providers are slightly different and unlikely to converge neatly. This means growing a team that understands multiple CSPs, you need some sort of broker that can communicate across those barriers.
For more from Claude, follow his work at Symmetry Systems here.
From Sounil Yu, Chief Information Security Officer at JupiterOne
Sounil Yu is the CISO and Head of Research at JupiterOne. Previously, he was CISO-in-Residence at YL Ventures and Chief Security Scientist at Bank of America. He created the Cyber Defense Matrix and the DIE Triad, which are reshaping approaches to cybersecurity. He's a Board Member of the FAIR Institute and SCVX; co-chairs Art into Science: A Conference on Defense; is a visiting fellow at GMU Scalia Law School's National Security Institute; teaches at Yeshiva University; and advises many startups.
According to Sounil, in 2023 we can expect:
- Mobile devices will no longer be a trustworthy form of 2FA. Sounil suspects a large-scale zero day attack against iOS or Android devices is on the horizon, threatening mobile device security but also rendering SMS-based multi factor authentication useless.
- Fewer pets, fewer vets, and more pet control. In Sounil’s DIE triad framework (which says cyber assets should be distributed, immutable, and ephemeral), Sounil uses the analogy of cyber assets being either ‘pets’ or ‘cattle’. We care about pets, we take them to the vet and look after them long-term. Sounil posits that in 2023, we’ll see a decline in the number ‘pet’ assets security teams are willing to care for.
- Software liability eats the software world. Legal frameworks for software liability are on the horizon in 2023, resulting in a stronger emphasis on software security, and impacting all software companies directly.
Watch the full debate, anytime
In this 2023 security predictions debate, each panelist presented and defended their #1 cybersecurity prediction for the coming year. Watch on-demand or read the transcript at the link below. Keep an eye on the JupiterOne blog for write ups on these 4 top predictions for 2023, and be sure to let Kelly, Claude, Fernando, and Sounil know what you think!