Paul Baird, CTSO at Qualys reveals cybersecurity predictions for 2023.
When it comes to the cyberthreat actor, 2022 has been a year much like any other. They continued to evolve — to automate more and use more sophisticated methods. Unfortunately, when it comes to cybersecurity, this year (and the previous two) stand out. Yes, the region’s security professionals played the usual parallel game of catch-up to the threat actors’ rapid evolution, but changes to their own IT environments have tied SOCs’ hands more than usual. They no longer protect simple, on premises environments. The cloud, third-party services, shadow IT, and more plague cybersecurity professionals to an alarming degree.
And now, it’s time to see what happens next. So, as we head into the last month of 2022, here are seven predictions for 2023 that every CISO should digest.
- More accountability for CISOs
A recent survey found 44% of UAE-based CISOs still feel their organization is at risk of an incident inside the next year, and 47% believe they are ill-equipped to handle it. In 2023, we can expect CISOs’ messages to finally get through and the role to be granted more autonomy, but at a price. Organizations will expect their security leaders to justify expenditure, action, strategy, policy, and more.
Gartner reports that at least half of C-level executives will have cybersecurity risk clauses in their employment contracts by 2026. This is likely true of the UAE as well, as the government continually introduces more guidelines on cybersecurity, such as the federal Personal Data Protection Law, which came into effect in January 2022.
Just as more freedom leads to more responsibility, the reverse can occur. Because of the complexity inherent in post-pandemic IT stacks, SOCs will need more sophisticated tools to keep digital assets, and the people who use them, in check. Hence, more autonomy in spending and decision-making, but also the KPIs that go with it.
- Machine learning will combat alert fatigue and SOC burnout
Another poll of UAE cybersecurity professionals gave the impression of overwhelmed SOCs, as 57% of respondents decried out-of-date security models and 54% cited inadequate tools, both in the context of workplace frustration. Threat actors automate, and have become more effective because of it, but the security professionals tasked with stopping them are complaining that they do not have the tools to do so.
Basic endpoint detection and response (EDR) is insufficient to dial down the noise and allow SecOps teams to zero in on genuine threats and boost morale. Advanced machine-learning-powered analytics is the answer, and in 2023 it will play a bigger role as highly regulated industries try to address their cybersecurity talent shortages.
- More support for neurodiversity
The region has made some important steps in diversity and inclusion, with most having concentrated on gender and people of determination. In 2023, a significant leap can be made in closing talent gaps if organizations look to neurodiversity. Studies strongly suggest neurodivergent individuals gravitate towards more technical, insular roles, avoiding managerial positions or those that involve public speaking or customer contact.
As soft skills become increasingly important, and skills shortages persist, we must address neurodiversity by training managers to recognize it and support each team member properly. If not, recruiters will have to hire CISOs for their soft skills, but they may lack technical experience, and will also be unfamiliar with the digital environment they inherit.
- More focus on supply-chain risks
The region’s security leaders are well aware of the consequences of supply-chain attacks. Incidents like SolarWinds stand as cautionary tales of the reach and potential damage of this attack method. In the coming year, CISOs must look to the SBOM (software bill of materials) to understand all the elements of the technology stack and their dependencies. Some of these will be deployed and maintained by third parties and can be weak points even for organizations with robust security postures.
The supply chain must now be seen as integral to cybersecurity strategy, and if necessary, enterprises must support their suppliers in reaching higher levels of maturity. The SBOM will be an indispensable tool in understanding the chain, the gaps that must be plugged, and who must plug them.
- (Ineffective) Legislation against ransomware payments
Recent research suggests 62% of UAE-based ransomware victims elect to pay up. We now know that paying does not always have the desired effect. Some recoveries (from the tools provided by attackers for this purpose) are slow. Others result in missing data. Others do not work at all.
Gartner predicts that by 2025, 30% of countries will enact laws prohibiting ransomware payments. While these moves may seem like a solution, the panic of being operationally crippled may mean that companies pay out anyway, rendering the laws ineffective. Instead, governments should opt for introducing legislation to support, incentivize, and mandate anti-ransomware best practices. Legislation against payments will drive breaches underground and the industry will lose the transparency culture it is fought so hard to engender.
- 5G will give rise to more attacks on mobile endpoints
We still see more campaigns against traditional PC architectures than against mobile devices. This is because legacy applications, configurations and devices give more options to attackers than the relatively smaller world of mobile, with its highly regulated app stores and smaller collection of hardware vendors.
But as 5G’s regional adoption accelerates, faster data transfer on mobile devices will make them as attractive to threat actors as to consumers. And private 5G deployments for IoT and other use cases will introduce weak endpoints into otherwise secure ecosystems.
- More code, more vulnerabilities
We must come together to promote openness around vulnerability reporting, as bug-bounty programs cannot cover the volume of code being written for the digital experience economy. However, a worldwide bug-bounty program supported by governments could help with standardization. Additionally, frameworks like OWASP can help developers ensure their code is as secure as possible.
The Year of Living Securely
Let 2023 be the year we take the lessons learned during the pandemic years and put them to use. We know how sophisticated attackers have become and we know the ways they can be slowed and beaten. All that remains is the will and resources to act. Adapting is the only way to best the attacker, and with the right strategies, skillsets, regulation, and commitment, we can do better and ensure we all have a happier new year than the cybergangs.