In 2023, organisations will continue to digitally transform their businesses, a process accelerated due to the global covid-19 pandemic requiring workers to work from anywhere and with almost any new application hosted in the cloud, says James Karimi CIO at GTT Communications.
These initiatives will continue to drive the adoption of a software-defined wide area network approach underpinned by internet connectivity. With this proliferation of cloud and applications, the need for higher bandwidths will continue, and technologies like 5G, and eventually 6G, will provide alternatives allowing for optimum business connectivity.
With the evolution of the global workforce and hybrid cloud deployments, end users need to access business applications from anywhere at any time, while IT staffs must mitigate the exposure of cyber attacks with a new framework for their company’s security posture. Cyber criminals are monitoring updates on company websites as to which offices have closed and matching them to the LinkedIn profiles of employees in those regions now working from home to begin targeting them. This scenario is going to harm companies that have been slow to adopt a Secure Access Service Edge framework, including zero trust.
Despite these challenges, the coming year will equip IT teams with new tools and strategies to counteract the expanding threat landscape. Here are a few predictions for 2023.
Security will move to the endpoint
A ransomware attack can enter an enterprise through any small crack in your defence and laterally spread everywhere within minutes. A lot of organisations miss that, because they have implemented a Virtual Private Network or an Endpoint Detection & Response solution, and mistakenly believe that alone equates to zero-trust protection.
In response, many organisations will move the security stack up to the application layer to the endpoint – where we anticipate a 10,000% increase in attacks. Enterprises can install 5G adapters right on the laptops, giving them more granular control of the last-mile network to do source-based security policies no matter where the user resides.
The focus will extend from training employees to policing others with external access to enterprise networks
There’s been much focus on providing cybersecurity tools and awareness training to employees to better equip them to deal with cyberattacks such as phishing. But a lot of organisations are falling short on dealing with external users such as contractors and partners who generally are not governed under the enterprise’s policies and procedures. These partners often have access to some of the enterprise’s most critical information systems, especially when working with finance teams and legal departments. That increases the risk of data breaches much more than do incidents of employees inadvertently clicking a harmful link.
Over the past couple of years, mature organisations have performed security assessments on vendors or contractors storing their data. That’s a great starting point, but there must be ongoing efforts that provide security leaders with risk scores on a continuous basis.
Many organisations that thought themselves not equipped to do those evaluations in the past will be forced to rethink their approach, starting with a basic understanding of which of their business operations partners need to access, which partners and operations they should monitor, and which are less worrisome. They should do a data check on every vendor as part of the initial engagement.
AI and machine learning will become a more prominent aspect of SIEM
Next year will see a huge jump in vendors putting Artificial Intelligence (AI) and machine learning (ML) into Security Information and Event Management (SIEM) platforms. SIEM has proven adept at collecting information and allowing enterprises to filter and focus on the most relevant alerts. But there’s still a lot of noise coming in, and typically enterprises still rely on analysts to build filters. If an organisation is getting thousands of the same inconsequential alerts every day, they’re going to start ignoring them. Building more AI/ML into log systems will help security leaders to filter out the noise and prioritise the relevant alerts to address. For example, the system can know to ignore alerts created due to weekly server backups and not to tie up a high-priced security specialist to analyse those.
We’re never going to be able to fully automate using AI/ML to determine all relevant threats. But tools will begin appearing in the coming year to help limit the involvement analysts in filtering out SIEM noise, taking us to the next level of managed detection and response.
2023 will be the year of enhanced internet
Enhanced internet services gained popularity in the last few years as an offering that improves the reliability and performance of internet-based traffic. First defined by Gartner, it includes features such as telemetry-based routing and performance optimisation.
Tier 1 internet service providers, with their ability to see the IP traffic trends before anybody else, will formulate algorithms to start looking at traffic flows, providing clients with continuous reports on potentially malicious traffic from certain destinations to their IP ports that require investigation without the need of additional security functionality.
Service providers will also offer clients full vulnerability scans of their IP space on a timely basis to provide visibility into risks. As organisations grow, they often end up with shadow systems with vulnerabilities that aren’t noticed as these systems are quickly forgotten. Scans can easily reveal dozens of vulnerabilities on an organisation’s public websites in seconds, just by checking a couple of IP addresses they own.
As always, the coming year will present both an opportunity and a challenge to IT and security leaders. But by doubling down on zero-trust and leveraging the best solutions coming to the market, they can avoid falling victim to continually expanding cyberthreats.
