Elastic: Cybersecurity Predictions 2023
January 2023 by Mandy Andress, Chief Information Security Officer, Elastic
2022 was an interesting year, and not for the reasons I and many others would have hoped. Going into 2022, there was plenty of optimism. Most countries in the world had reopened, Covid guidelines had been shelved, and tech looked poised for growth.
However, instead of the growth, many organisations hoped for, we are leaving 2022 with much of the world on the verge of recession, in a cost of living crisis and watching intently at the ongoing war between Russia and Ukraine.
I had never expected, in my career, to be a wartime CISO, nor could I have foreseen how broadly it would have impacted my role. It has completely changed the questions that IT and cybersecurity teams typically dealt with as many companies stopped providing products and services to Russian companies.
All of these events are shaping how we need to think about cybersecurity in 2023. Here are my key predictions for the year ahead:
1. The rush to the cloud will have created many more entry points for bad actors, leaving some businesses exposed in new ways
Since the pandemic, many businesses have rushed to deploy cloud environments but need to increase focus on due diligence around identity and access management. Without the proper protocols in place, these companies will leave themselves more exposed to breaches should a user’s credentials fall into the wrong hands. Those businesses without watertight processes leave themselves open to intruders, with potentially catastrophic impact. The only way to limit exposure is to deploy more secure cloud environments where users only have access to what they need. Superusers should exist only where essential.
2. Post Ukraine-Russia, increase in organised attacks by nation states
Ukraine-Russia is the first example of both a physical and cyber war. Sadly, we should not be surprised to see more nation states launch coordinated and technically proficient attacks on large companies and public sector bodies. The public sector, in particular, will need to invest in ensuring that their environments are protected. Should they fail to do so they risk large-scale breaches of sensitive data and the inaccessibility of sometimes critical public services for periods as nation states attempt to destabilise countries they perceive as threats.
3. Slashed or stagnant cybersecurity budgets amid the recession
In 2022, we saw cutbacks by the biggest names in tech (Twitter, HP, Facebook), which could soon turn to cybersecurity departments. Instead of growing investment to fight off the increasing number of threats and close the cybersecurity skills gap, the reality will be the opposite in 2023 due to the current global economic outlook. Stretched cybersecurity teams will continue to do even more with less.
4. Further developments and deployment of passwordless solutions
Passwordless solutions have become a staple of consumer tech, such as fingerprint scanners and advanced facial recognition. The security provided by these solutions goes far beyond traditional passwords, two-factor authentication, and token systems. For example, a user cannot accidentally give away their facial features or fingerprint. In 2023, we’ll see a further rollout of passwordless solutions as a means of protecting and accessing secure environments in the corporate world.
5. We’ll stop relying on security awareness training to protect against cybersecurity threats
Human error will remain by far the most critical risk we work to mitigate to prevent successful cyberattacks. And while security awareness isn’t going away, in 2023, we need to focus on two things: 1) creatively embed best practices into the day-to-day lives of users and 2) create a learning culture around cybersecurity issues, profiling real-life examples anonymously to showcase what could go wrong and make the impact real for users of all levels.
Top 4 cybersecurity spending tips:
With the current global economic outlook showing signs of recession, businesses in all sectors are carefully assessing their spend for 2023. Cybersecurity professionals must be prepared to weather this economic storm.
With this in mind, here are my recommendations for best managing spending in 2023.
1. An 80/20 split for cybersecurity investment
A good rule of thumb for medium and large enterprises is 80/20.
Eighty percent of spend is directed to the fundamentals and what can be done with existing tools and available resources (training staff, 2FA, credential allocation, regular system updates etc.) to prevent the most common breaches.
If budget allows, conserve 20% of the budget to address niche, high-risk areas, such as investing in new technologies to combat threats, conducting external systems audits, and ensuring that the resources are in place to respond quickly to high-level breaches. With cybersecurity threats constantly evolving, this investment should not be overlooked.
2. Let go of legacy products and systems
Many businesses are holding onto legacy products and systems, which can significantly weaken an organisation’s barrier against breaches. Teams should regularly assess the usefulness of products and services and remove those that are no longer of value to the organisation to reduce entry points for criminals and protect their cloud environments.
3. Invest in platforms that support multiple functions.
When choosing to invest in new platforms or evaluating those that the organisation is already using, look for economies of scale and use a platform(s) that supports multiple functions. Limiting the number of platforms used by the business helps reduce vulnerabilities created by working across multiple platforms and reduces overall cost while simplifying user experience, who can then dedicate more of their focus to practising good online safety.
4. Ensure you are getting the most out of existing tools
It might seem easier (and often more exciting!) to invest in new technologies when addressing IT problems; however, new is not always best. Having a constant source of new tech can lead to a complex environment that is more focused on maintaining tools than achieving the team’s core objectives.
Before investing in new technologies, check if the organisation is maximising the solutions that are already in place by ensuring that operating systems are being maintained, users are regularly updating their systems, and working with account managers to ensure they are optimising the use of the services already in place.