As we bid farewell to the year 2022, there are lot of speculations and predictions in the air. The industry is clearly agog over to get a hang of the shape of things to come. Here we shall attempt to examine a couple of cybersecurity predictions that may dot 2023. Here we go:
Security leaders will increase their focus on cyber resilience
While protecting organizations against cyber threats will always be a core focus area for security programs, we can expect an increased focus on cyber resilience, which expands beyond protection to include recovery and continuity in the event of a cyber incident. It’s not only investing resources in protecting against cyber threats; it’s investing in the people, processes, and technology to mitigate impact and continue operations in the event of a cyber incident.
Security teams need to protect against increasingly sophisticated spear phishing and social engineering attacks
The sophistication of recent spear phishing and social engineering attacks make attribution of threat actors increasingly difficult, which makes it more challenging for organizations to properly defend against them. Next year, expect to see more sophisticated social engineering attacks utilizing emerging deep-fake and AI technologies.
Continuing instability across the software supply chain will provide a rich environment for large-scale attacks.
We’ve seen major supply chain attacks over the past few years and the software supply chain has only grown in importance. A recent executive order on the security of the software supply chain for government vendors is a step in the right direction. But we need to see more companies focus on strengthening their security practices, from considering a zero-trust approach to further securing infrastructure services (e.g., code signing, PKI, and hardening the release process). Increasing dependencies on third parties will also require more focus on security controls throughout the software supply chain, such as instituting third-party risk assessments, identity and access management, and timely patching.
Increasing reliance on cloud vendors could expand companies’ attack surfaces
With the flexibility offered by the cloud, more organizations are layering cloud technology into new places and enabling unique use cases with cloud technologies. However, in doing so, they’re also expanding their attack surfaces and will also need to come up with new strategies to deploy cloud security technologies and protection strategies. IT leaders will also need to have a strong process in place to evaluate these vendors and understand the technologies they use on the backend.
Michael Adams, CISO at Zoom
A highly energetic tech leader, Michael Adams brings nearly 30 years of security and leadership experience as Zoom’s Chief Information Security Officer. Michael joined Zoom in August 2020 and served as Chief Counsel to the COO and CISO while building the company’s insider risk, global intelligence, operations assurance, and security legal programs.
By Michael Adams, CISO at Zoom