SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
2023 to be one of the most challenging years for cybersecurity - Venafi
Wed, 14th Dec 2022

Venafi has released its predictions for the cybersecurity landscape in 2023, indicating that this will be one the most challenging years yet for the cybersecurity industry.

Kevin Bocek, VP of Security Strategy and Threat Intelligence at Venafi, comments, "With economic uncertainty casting a heavy shadow across the globe, the geopolitical landscape the most unstable its been in decades and cloud migration marching on relentlessly, cybersecurity has never been more important. This will present unprecedented challenges for security teams in 2023."

The predictions include insights from Bocek; Matt Barker, President of Cloud Native Solutions; Yana Blachman, Threat Intelligence Specialist; Sitaram Iyer, Senior Director of Cloud Native Solutions; and Pratik Savla, Lead Security Engineer, on the year ahead.

Highlights include the following:

Kevin Bocek: The ransomware cash cow may come to a stop in 2023, forcing hackers to pivot to other revenue generators such as selling stolen machine identities. There has already been a high price for code signing machine identities on dark web markets, and groups like Lapsus$ regularly use them to launch devastating attacks. Their value will only increase this coming year.

Matt Barker: 2023 will see continued efforts to manage the risk posed by software supply chain attacks, with more start-ups and open source tools like cosign and sigstore designed to help in this area. Biden’s SBOM initiative has helped bring attention to the requirement, with The OpenSSF leading the charge. As a result, Venafi expects to see some positive movement in this space.

Yana Blachman: Russian cyber attacks will aim to disrupt the West’s greatest asset their economies as Russia is excluded from the international finance community. Cyber-enabled economic warfare will be crucial to Russia’s geopolitical strategy, with the aim of either generating revenue or disrupting rival economies. Venafi has already started to see this with recent attacks on the US Treasury.

Kevin Bocek: Nation state attacks will become more feral as ground war tactics become more untamed and unpredictable, bringing the cyber and physical worlds into a collision course. These will have the potential to spill over into other nations, as Russia becomes more daring, trying to win the war by any means and could be used as a distraction to target other nations with cyber attacks.

Matt Barker: The rise of the platform engineering team will be one of the big trends of 2023. Cloud Native reimagines how companies think about building and operating infrastructure; they require a totally new team to build and support it. Platform engineering teams will build on the learnings of DevOps culture, encompassing every persona needed to build and run IT infrastructure including Dev, Security and Operations.

Yana Blachman: As knowledge of cloud risk grows, more breaches will be uncovered. This includes finding that threat actors are ahead of the curve and have already infiltrated cloud networks perhaps weeks, months or even years ago.

Sitaram Iyer: There will be more failed audits in regulated industries as multi-cloud, multi-cluster complexity causes companies to breach compliance requirements. The increased volume of machine identities in cloud native environments will make compliance with regulations on machine identity management a real challenge. If this process isnt automated via a control plane, failed audits will become commonplace.

Matt Barker: With cloud costs predicted to rise by as much as a third in the coming year, we will see an increased focus on FinOps i.e., financial operations a management practice to promote shared responsibility for an organisation's cloud computing infrastructure and costs. How FinOps is implemented in Cloud Native and which tools you should use to help manage it, including security solutions, will come into sharp focus in 2023.

Pratik Savla: In 2023, API security will rise to the top as one of the biggest concerns and priorities for enterprises as organisations increasingly move to an API-first software development approach. This exponential adoption of APIs will exacerbate security concerns, with the potential to cause significant security breaches.

Yana Blachman: As recession bites, Venafi expects to see more everyday people turning to cybercrime as a source of income in 2023. Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS) will rise, as they enable people that dont have technical skills to launch attacks.