By Timothy Liu, CTO and Co-Founder, Hillstone Networks
While 2023 seems to be shaping up as a “rinse and repeat” of cybersecurity challenges seen during the last few years, there are a number of notable new trends and variations that will no doubt keep security professionals on their collective toes. Several developments we’re watching closely in the coming year include:
Securing the Distributed Workforce
While the world continues to recover from the pandemic and employees are finally returning to offices, the majority of companies still maintain policies that allow full- or part-time work from home. Thus, the need to adapt infrastructures to support a hybrid workforce will continue to have a major impact on security strategies.
A key difference is that instead of the wholesale rush to remote working seen in the early days of the pandemic, we expect to see across-the-board refinements ranging from secure access policies to control over, and visibility into, asset inventories. The latter will expand to include end-clients, BYOD, mobile devices, servers, applications and other elements. Asset discovery and management will further allow improved inspection of asset IDs, health checks, vulnerabilities, patch levels and other security considerations.
The hybrid workforce will also continue to drive a number of key technology adoptions like cloud and SaaS, which improve agility and flexibility. At the user access level, identity and access management (IAM), Zero-Trust Network Access (ZTNA) and the Secure Access Service Edge (SASE) are all likely to see increased traction. Another emergent product category, the Security Service Edge (SSE), will coalesce and become more concrete – and thus more impactful as a strategy.
Overall, the transition from the traditional, edge-based security model to the new hybrid/distributed workforce model is a seismic change that will most likely occur gradually over a period of time.
OT/IoT Security Comes Into Focus
Operational Technology (OT), the Internet of Things (IoT) and the Industrial Internet of Things (IIoT) have become common across many industries as part of Industry 4.0, also called digital or smart manufacturing. This fourth industrial revolution relies on the generation, analysis and intercommunication of data to automate processes and support better decision-making.
However, recent attacks have revealed that large swatches of many OT/IoT networks are apparently under little or no protection. Geopolitical risks further stress the importance of securing critical infrastructures to protect these elements against attack and misuse. To compound the problem, new technologies such as networked cameras, automobiles and other devices can introduce new security issues.
In 2023, security professionals will need to heighten the focus on continuously monitoring these assets through asset inventory processes, ideally with auto-discovery given the rapidly changing nature of Industry 4.0. In addition, mechanisms need to be in place to identify and defend against anomalies that can be Indicators Of Compromise (IOC) as well as to provide accurate threat detection and protection. Perhaps above all else, a proper security incident response plan needs to be devised to assure rapid response when OT/IoT/IIoT devices are at risk.
Cloud and Security Investment
Among the many impacts of the COVID pandemic is the accelerated cloud adoption as organisations pivoted to maintain continuous operations in a challenging environment. Regrettably, the rise in cloud adoption has only led to an increase in cloud-related security incidents, both in terms of the types and frequency of attacks.
The 2022 IBM Cost of a Data Breach Report found that 45 per cent of breaches occurred in cloud environments, with an average cost in the millions of dollars. Thus, the awareness of and demand for cloud security has also intensified, which we believe will continue into 2023 and beyond. However, the emphasis will undergo a strategic shift toward supporting hybrid cloud environments that span private data centres and public clouds.
This evolution will also require a shift in management strategies – the scope of hybrid cloud deployments will make a piecemeal approach unworkable. It will become essential to be able to manage security seamlessly as part of cloud operation management.
Security Operations Trends
As noted above, data centre ecosystems have changed quite a bit over the last few years, and in 2023, we believe we’ll see a renewed emphasis on better integration between Security Operations (SecOps) and security infrastructure. This will finally bring everything together, providing better visibility and a ‘single pane of glass’ view in SecOps.
Like industry analysts and others, we also predict the adoption of Extended Detection and Response (XDR) will increase. This will be driven mainly by XDR’s ability to provide better analysis that in turn helps security personnel understand and react appropriately to incidents. In addition, or in conjunction, we’ll see greater adoption of the use of the MITRE ATT&CK framework for security analysis due to its richer information and guidance.
Another trend we’re watching closely is better automation to handle certain incidents. Using automation, security professionals can set up playbooks to trigger automated mitigation and remediation actions for common security scenarios. This will relieve staff of more routine incidents and free them to handle complex or high-risk attacks and breaches.
Overall, we also believe organisations will increasingly see the value in building a response plan for various types of security incidents, which has become critical for business operations.
In summary, the coming year will bring new challenges and new opportunities for security practitioners. Taking a reasoned and strategic approach to the many difficulties at hand, however, can lead to a safer, saner cybersecurity environment.