Timothy Liu is the CTO and cofounder of Hillstone Networks.
As we look to 2023, the year seems to be shaping up as a “rinse and repeat” of cybersecurity challenges seen during the last few years—with some notable new trends and variations that will no doubt keep security professionals on their collective toes. A few of the developments we’re watching closely in the coming year include the following.
Securing The Distributed Workforce
While the Covid-19 pandemic seems to be subsiding and employees are finally returning to offices, most companies still maintain policies allowing full-time or part-time work from home. The need to adapt infrastructures to support a hybrid workforce will continue to have a major impact on security strategies.
Rather than the wholesale rush to remote working seen in the early days of the pandemic, we expect to see across-the-board refinements ranging from secure access policies to control over—and visibility into—asset inventories. The latter should expand to include end-clients, BYOD, mobile devices, servers, applications and other elements. Asset discovery and management should further allow improved inspection of asset IDs, health checks, vulnerabilities, patch levels and other security considerations.
The hybrid workforce should also drive a number of key technology adoptions like cloud and SaaS, which can improve agility and flexibility. At the user access level, identity and access management (IAM), zero-trust network access (ZTNA) and the secure access service edge (SASE) are all likely to see increased traction. Another emergent product category, the security service edge (SSE), should coalesce and become more concrete—and, thus, more impactful as a strategy.
Overall, the transition from the traditional, edge-based security model to the new hybrid/distributed workforce model is a seismic change that will most likely occur gradually over a period of time.
OT/IoT Security Comes Into Focus
Recently, numerous attacks on operational technology (OT) and the Internet of Things (IoT) have made it abundantly clear that these areas require more security focus and attention. A case in point is the 2021 water treatment plant attack in Oldsmar, Florida, in which a hacker temporarily increased the sodium hydroxide (lye) content by more than a hundredfold. This was a serious attack that could have caused a major safety risk for consumers. Luckily, an alert plant operator detected the change and quickly restored normal settings, averting potential harm to townspeople.
OT, IoT and the industrial internet of things (IIoT) have become common across many industries as part of Industry 4.0—also called digital or smart manufacturing. The Fourth Industrial Revolution relies on the generation, analysis and intercommunication of data to automate processes and support better decision-making.
The recent attacks, however, have revealed that large swatches of many OT/IoT networks are apparently under little or no protection. Geopolitical risks further stress the importance of securing critical infrastructures to protect these elements against attack and misuse. To compound the problem, new technologies such as networked cameras, automobiles and other devices can introduce new security issues.
In 2023, security professionals will need to heighten the focus on continuously monitoring these assets through asset inventory processes, ideally with auto-discovery, given the rapidly changing nature of Industry 4.0. In addition, mechanisms need to be in place to identify and defend against anomalies that can be indicators of compromise as well as to provide accurate threat detection and protection. Perhaps above all else, a proper security incident response plan needs to be devised to assure rapid response when OT/IoT/IIoT devices are at risk.
Cloud And Security Investment
Among its many other impacts, the Covid-19 pandemic accelerated cloud adoption as organizations pivoted to maintain continuous operations in a challenging environment. Regrettably, the rise in cloud adoption has only led to an increase in cloud-related security incidents both in terms of types of attacks and in sheer numbers.
The 2022 IBM Cost of a Data Breach Report found that 45% of breaches occurred in cloud environments, with an average cost in the millions. Thus, the awareness of and demand for cloud security has also intensified, which we believe will continue into 2023 and beyond. However, the emphasis should undergo a strategic shift toward supporting hybrid cloud environments that span private data centers and public clouds.
We also expect this evolution to require a shift in management strategies; the scope of hybrid cloud deployments will make a piecemeal approach unworkable. It will become essential to be able to manage security seamlessly as part of cloud operation management.
Security Operations Trends
As noted above, data center ecosystems have changed quite a bit over the last few years, and in 2023, we believe we’ll see a renewed emphasis on better integration between security operations (SecOps) and security infrastructure. This will finally bring everything together, providing better visibility and a “single pane of glass” view into SecOps.
Like industry analysts and others, we also predict the adoption of extended detection and response (XDR) will increase. This should be driven mainly by XDR’s ability to provide better analysis that, in turn, can help security personnel understand and react appropriately to incidents. In addition, or in conjunction, we should see greater adoption of the use of the MITRE ATT&CK framework for security analysis due to its richer information and guidance.
Another trend we’re watching closely is better automation to handle certain incidents. Using automation, security professionals can set up playbooks to trigger automated mitigation and remediation actions for common security scenarios. This should relieve staff of more routine incidents and free them to handle complex or high-risk attacks and breaches.
Overall, we also believe organizations will increasingly see the value in building a response plan for various types of security incidents, which has become critical for business operations.
In sum, 2023 will bring new challenges and new opportunities for security practitioners. However, taking a reasoned and strategic approach to the many difficulties at hand can lead to a safer, saner cybersecurity environment.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?