Discover top cybersecurity predictions and priorities for 2023
Security Weekly
Find out what top tech and security leaders believe will be the biggest trends and developments in cybersecurity in 2023. Separately, Gartner analysts also share their predictions for next year.
Security leaders share 2023 priorities and predictions
VentureBeat asked 31 CISOs to outline their security priorities and predictions for next year. Securing the software supply chain and the open-source software ecosystem, implementing zero trust, and employee education on social engineering and phishing threats were among their top concerns. What exactly do security leaders, including from Google Cloud, AWS, Microsoft and IBM, say about (your) future?
VentureBeat has curated the top cybersecurity predictions for 2023 from some of Gartner's top analysts. According to the experts, security leaders should expect supply chain and geopolitical risks to dominate the cybersecurity space. They also expect the importance of zero-trust to grow within risk management, that DevSecOps will emerge as a key focal point for security teams and developers, and that human-operated ransomware will become an even bigger threat to enterprises. Consult the full article for details and other predictions.
Shifting from CTOs to CISOs: data management, disaster recover, backup
Some data management responsibilities are falling on CISOs - and expect more next year. Traditionally within the remit of CTOs and IT teams, functions such as disaster recovery and backup are moving to their cybersecurity colleagues. Blame the proliferation of hybrid cloud architectures, microservices and cloud native applications - and that securing these technologies is already the domain of CISOs and their teams. In addition, many providers of backup products and tech have repositioned their service as complementary to security solutions, which naturally attracts the attention of security execs focused on strengthening their defensive security posture.
Cybersecurity experts warn the metaverse could become a major target for criminals engaging in malware, ransomware attacks and phishing over the next year. In its newly-released Consumer cyberthreats: predictions for 2023 report, cybersecurity firm Kaspersky expects greater exploitation of the metaverse due to a lack of data protection and moderation rules. In an era where remote work and bring-your-own-device are becoming more common, enterprises should take this threat seriously. After all, even if the system is technically secure, threat actors can bypass a company's security by hacking its employees.
Security researchers have discovered several security flaws in IBM Cloud's database-as-a-service infrastructure that hackers may have used to launch a supply chain attack on cloud customers. Although a patch has been issued, the vulnerability should worry enterprises as an example of a rare supply chain attack vector within the infrastructure of a cloud service provider. Crucially, it highlights common cloud misconfiguration and security oversights that can result in supply chain compromises in cloud infrastructures. Specifically, the discovery has revealed a class of PostgreSQL vulnerabilities that impact many cloud vendors, including Microsoft Azure and Google Cloud Platform.
AWS launches cybersecurity data lake for multivendor data-sharing
Amazon Web Services has launched Amazon Security Lake, a purpose-built data lake designed to help enterprises bring together security-related data from disparate sources. The service can be used to build a data lake in a customer’s AWS account that automatically aggregates, combines and analyzes security data at scale from cloud and on-premises sources. The company says its new Amazon Security Lake will help users respond to security events faster while still using their preferred tools; the platform enables customers to gather security telemetry data from both AWS security tools as well as from more than 50 security tools from external service providers, including Cisco, CrowdStrike and Palo Alto Networks.
Gamification could help improve cybersecurity training engagement
Organizations looking to maximise employee engagement in cybersecurity training should consider gamification, especially now that new legislative requirements force enterprises to cover cyber awareness and training. This is typically done by applying game-design elements and game principles in non-game contexts. Solutions can be as simple as dividing employees into groups during their training sessions and setting them against each other. Going deeper into gamification, simulated disaster management can enhance the training experience, aided by video games that teach security concepts.
What to do when cybersecurity vendors lay off staff
Although less affected by the widespread layoffs across the tech industry, cybersecurity vendors have not been immune to the downturn. Should your cybersecurity vendor announce staff cuts, it could raise several issues, especially regarding security and risk-related factors. Here are some top considerations for CISOs facing the challenge. And asking eight key questions will help you gauge whether the vendor layoffs should be a major concern.
