Four Cybersecurity Trends in 2023 from a Digital Transformation Perspective
January is usually a dull month for most of us, including me, after the excitement and hubbub around Christmas. But this year it was different!
I was thrilled at having been invited to speak at the Cyber Future Dialogue Series - a set of events organized by the Cyber Future Foundation in Davos, Switzerland. This is where the world’s most well-known and elite cyber leaders from various industries gathered to discuss the most pressing concerns facing cybersecurity today hoping to bubble up potential solutions.
At first, I wasn’t sure how much more I could add to the already existing in-depth research, reports, and annual predictions from the Gartners and Forresters of the world. Their research outlined the major challenges that keep cybersecurity leaders awake at night, which include cyberwar, IAM and ZeroTrust, securing critical infrastructure, application security and data protection, and the proliferation of IOT devices without proper data management, among others.
However, as a cloud native professional my view of cybersecurity is always from a digital transformation perspective. True, we do face the generic cybersecurity challenges that everyone seems to have - increasing cybersecurity attacks, the need for more and better qualified security talent, shrinking budgets, etc.
But, additionally, we also face challenges unique to digital transformation. That includes the shift to a hybrid work environment, the race to collect more detailed data through digital communication channels for deeper personalization, delivering new software capabilities, and innovating at a more rapid pace than ever.
With these issues as my backdrop, here are four key emerging cybersecurity trends in 2023 that, I think, are critical to the digital transformation process. If we get them right, we are guaranteed the success of our digital transformation projects.
Securing the software supply chain
In the past three years, software supply chain attacks have increased by whopping 742% every year on average. Vulnerabilities have gone up as more open-source repositories are now being used without being properly secured. Additionally, attack methods have also become varied and evolved where threat actors push malicious code into development projects through unwitting developers.
And these attacks continue to evolve in their sophistication and accelerate in speed and extent of damage. I think 2023 is when companies are going to really put serious effort into protecting software supply chains and that includes giving more attention to SBOMs.
Plan and implement zero-trust frameworks
In the post pandemic world, a hybrid workforce is becoming the norm. This is one of the biggest driving factors behind increasing adoptions of cloud and SaaS for more agility and flexibility. In turn, it signals the rise of zero-trust thinking.
Zero-trust as an approach is going to be at the top of the minds for cybersec professionals as organizations seek more critical security transformations. We need to keep building our zero-trust implementations and build them right by involving experts from the business, and the application and data world.
Data security and privacy
With the proliferation of “dark data” - data that organizations collect but don’t really use - the exposure to risk has considerably gone up. It’s increasingly easier to capture data, but it also comes with unknown risks. In 2023, organizations will take a data and privacy-first approach and focus on building architectures and applications from a data-centric perspective.
This change will be fueled by the increasing adoption of AI, which could will help organizations implement such an approach with ease and flexibility.
Improving the cybersecurity workforce
The cybersecurity skills shortage is not going away any time soon. In the face of it, companies need to find creative ways to manage their cyber workforce. I expect organizations to foster stronger collaborations and partnerships led by cybersecurity teams across enterprises. We may not be able to hire more cybersecurity professionals but with adequate training and upskilling, it’s possible to convert existing employees into one.
Cybersecurity breaches and vulnerabilities are often associated with just faceless businesses. But it has a very real human cost. For employees, vendors, customers, and everyone else associated with the organization. I think 2023 is when more stakeholders like the Board will join the drive for tightening cybersecurity. And that’s exactly what we need.