Check out all the on-demand sessions from the Intelligent Security Summit here.
Cyber risks never stand still. With the Russia-Ukraine war continuing and economic uncertainty looming over the horizon, organizations need to be prepared for an increase in cyberthreats.
Recently, some of Gartner’s top analysts connected with VentureBeat to share their top cybersecurity predictions for 2023.
Predictions included a continuation of supply chain and geopolitical risk, DevSecOps emerging as a critical methodology for security teams and developers, and human-operated ransomware remaining a prominent threat.
Below is an edited transcript of their responses:
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
- Supply chain and geopolitical risk will dominate cybersecurity
“A broad array of geopolitical risks continue to affect organizations worldwide and in 2023; many will emerge as supply chain exposures. The pandemic, social and political polarization, digital ethics and privacy challenges, and climate change impact partners and trusted third parties.
“This puts enterprises and their supply chains at increased risk for malware attacks, attacks on cloud infrastructure, attacks on system integrity and availability, such as distributed denial of service (DDoS), and data theft or loss.
“Organizations must build in effective security controls to manage all types of supply chain risks that they face. In 2023, supply chain cybersecurity risks must be addressed as a socio-technical challenge.
“These are not solely IT security risks, but rather they emerge from challenges such as hardware and software sourcing, business continuity and transportation problems.”
VP Analyst at Gartner, Richard Bartley
- Emerging architectural patterns will streamline security
“Security teams must be able to dynamically identify gaps resulting from either new IT strategies — such as moving to the cloud or increasing use of container technologies — or emerging threats, so that risks can be prioritized and addressed.
“Large security vendors are building out unified cybersecurity platforms, defined by their underlying data lake-oriented capabilities, as cybersecurity mesh architectures (CSMAs). These solutions aim to implement a single console; provide integrated machine learning (ML), orchestration and automation; and support third-party integration.
“These platforms are built over time, [and] expand with new types of capabilities and integration as client needs arise. CSMAs will help organizations simplify the complexity of managing multiple point products.”
VP Analyst at Gartner, Patrick Hevesi
- Zero trust will play a key role in risk management
“Gartner defines zero-trust architecture (ZTA) as an ‘architecture that replaces implicit trust with continuously assessed risk and trust levels based on identity and context that adapts to risk-optimize the security posture.’ This means that trust must be explicit, with any request to access a ZTA resource requiring a risk calculation.
“The risk calculation takes into consideration various signals such as device location, believability of user assertion, device hygiene, threat intelligence, time of day, day of week, and the data sensitivity of the application being requested.
“Access is granted only when the calculated risk is less than the value of extending the access. In 2023, enterprises will increasingly use ZTA to enhance and risk-optimize the organization’s overall security posture.”
VP Analyst at Gartner, Thomas Lintemuth
- DevSecOps will become business-critical
“The continuous growth and diversity of API and application deployments is creating an extensive attack surface for malicious actors.
“Organizations must therefore treat the secure development and deployment of APIs and applications as business critical. To do this effectively without impacting velocity, security must be automated into application delivery processes using DevSecOps techniques.
“DevSecOps blurs the boundaries between infrastructure and applications. Security teams will find that considerations relating to infrastructure security go hand in hand with those relating to application and data security. A clear example is the development pipeline, which is a critical piece of the software supply chain.
“Attackers are exploiting weaknesses in this critical component to gain access to source code, sensitive data and application components. In 2023, security teams will increasingly align security and devops practices for a holistic DevSecOps approach. Security must become an integral part of development processes and automation.”
Senior Director Analyst at Gartner, William Dupre
- Security operations (secops) with automation will enhance proactive and detective capabilities
“Automation for security operations is in a renaissance period. We are seeing a move from general purpose security automation platforms to objective-driven automation led by domain experts in areas such as alert pipeline management (SIEM), threat intelligence (TI), ticketing and workflow (ITSM), and threat detection systems (XDR/TDIR).
“It is important to note automation serves no purpose unless it makes ‘something else’ better, faster, cheaper or otherwise measurably improved.
“Even the most technically capable automation platforms can’t achieve these goals without intimate knowledge of the domain (problem area) and the subject matter expertise to develop playbooks that produce gains over the non-automated approach.
“In 2023, security operations professionals should seek gains in their program through automation, but be selective. Carefully weigh the unbiased freedom of an independent SOAR vendor with the objective-specific knowledge provided by a domain expert, as part of their core platform.”
Senior Director Analyst at Gartner, Eric Ahlm
- Data-centric cybersecurity will be key to a ‘data everywhere’ world
“Data is proliferating, both within and outside the organizations that collect and take initial responsibility for protecting it. Keeping track of all this data has not been a top priority for many organizations, so there is very little visibility into it.
“Stored data that the business has zero visibility into is considered dark data, and estimates point to anywhere from 55% to over 80% of the data that a business stores as being dark. Lurking in this dark data are unknown data risks.
“Securing data and enabling privacy compliance within data warehouses and big data/advanced analytics pipelines is of increasing concern, especially where regulations may conflict directly with the needs of the business.
“Data-centric security is essential for data protection in today’s ‘always on,’ ‘data everywhere’ world. In 2023, organizations must focus on overlaying their core security architecture with a data-centric view.”
Director Analyst at Gartner, Anthony Carpino
- Endpoints and workloads will need adaptable protection against emerging and established threats
“Endpoints remain a big target for advanced adversaries. Instead of just stealing sensitive information from endpoints, adversaries are now using them as a foothold to launch more commercially attractive attacks, such as ransomware and business email compromise.
“Furthermore, the use of employee-owned devices outside of corporate networks has accelerated, and organizations must also deal with a growing number of devices such as IoT and virtual personal assistants that need access to corporate networks, applications or data.
“As the attack surface continues to expand in 2023, security professionals should review malware protection architectures across networks, client endpoints and server endpoints.
“Solutions such as endpoint detection and response (EDR) and managed threat detection (MTD) can provide not only prevention capabilities, but also detection and response capabilities that help reduce the time to recover from a successful attack.”
Director Analyst at Gartner, Eric Grenier
- Human-operated ransomware will become a bigger threat
“As advanced attacks continue to emerge, human-operated ransomware is becoming an inevitable threat. As these ransomware gangs use increasingly sophisticated techniques, security teams must adapt their protection strategies accordingly.
“The preattack and peri-attack stages of a ransomware attack are predominantly where prevention happens.
“Once the attacker has successfully infiltrated, detection controls become imperative to identify anomalous attacker behaviors.
“To provide effective defenses against sophisticated ransomware, organizations must have a mix of multiple detection and prevention controls and a solid backup/recovery process, alongside a program of foundational security techniques and processes.
“No single technique or control is a ‘silver bullet,’ but implementing the right balance of multiple techniques assures a robust endpoint security ecosystem. Extended detection and response (XDR) is an emerging offering from endpoint protection platform (EPP) and EDR vendors.
https://venturebeat.com/security/cybersecurity-predictions-gartner/
https://venturebeat.com/security/cybersecurity-predictions-gartner/