Professor Avishai Woo looks at five areas where he expects cyber security practices to develop in 2023 in response to the changing threatscape and advances in response and protection technologies.
Application centric approach to network security will supersede basic NSPM
I think the market has matured to the point where the network security policy management (NSPM) approach has reached a tipping point and I see the shift to an application perspective becoming the de facto approach in NSPM as there are better and more robust technologies in the market that can help organizations get there faster. I see this shift becoming even more viable in 2023 based on recent market trends in which organizations are opting for downsizing and trying to do more with the smaller staff at the expense of losing tribal knowledge. As a result, I see organizations shifting more towards adopting a holistic approach to network security that are more application centric in which they can retain critical knowledge, such as application traffic intent and application policy rules, so that the new generations can step in and pick up where the previous predecessors left off.
Containerization will enhance layered security
I expect container security to be increasingly popular in the future, as companies understand that their existing network security mechanisms are not enough for the communication networks of today. Containers are seen as a cost-effective light-weight solution for deployment – and deploying them introduces another inner layer where security policies can be applied: behind the perimeter filters, the internal zoning, and the micro-segmentation, organizations can now also consider nano-segmentation at the container level. Vulnerability testing is another dimension of the container platform especially within cloud applications and SaaS products. The common Kubernetes platform offers both opportunities and challenges for vulnerability scanners. Beyond 2023, businesses will need to enhance both their visibility and management capabilities of security within their containerized applications
Security driven IaaS ecosystems to improve network security
I expect the popularity of infrastructure as a service (IaaS) to continue to soar, making it difficult for security teams to keep up with the associated risks and vulnerabilities. Pre-set security settings may not meet the needs of the organization and customizing these settings can prove to be difficult. The customizability of IaaS offers great potential for productivity, but it also makes it complicated to secure. The bottom line is that companies can no longer depend on their network perimeter to guard sensitive data. In response, I anticipate organizations that begin utilizing an ‘always-on security’ approach such as infrastructure as code (IaC) which would permit them to construct personalized policies to control the development environments during each phase of the software development life cycle (SDLC) and recognize potential risks, security flaws, and compliance issues on a what-if basis, before deploying flawed settings into production.
Cloud-native security tools will reign supreme
I expect that cloud-based security systems will become more commonplace: these security solutions offer a wide range of abilities, such as secure access, identity and access management, data loss prevention, application security, automation of security, detection and prevention of intrusions, security information and event management, and encryption. With companies transitioning more workloads to the cloud, they will want to make use of many of these features. These tools make it possible for remote teams to manage a greater public cloud presence: comfortably configuring services and automating processes, to identify and pre-emptively tackle any kind of threats.
To bridge the gap in cloud data security, I anticipate the emergence of data safeguarding systems that are designed specifically for cloud usage and are able to link up with public cloud systems in an advanced, agentless manner. This has been classified in the market as cloud native application protection platform (CNAPP). These platforms must be able to detect where the data is stored and what sorts of data are stored in the cloud, so that corporations can prioritize on what is most important – defending their most sensitive data and cloud-based applications without interfering with their normal operations.
Expect ransomware to get even more sophisticated
Organizations in 2022 saw no let-up from ransomware threats, some of whom were attacked multiple times and I do not see any reason why this trend will change in 2023. Cyber criminals are getting more resourceful and savvier in their attempts to stay ahead of law enforcement, and I anticipate these attacks will only become more frequent as their perpetrators are proving more capable of infiltrating many organizations’ cyber defenses / defences.
In response, organizations will have to seek more technology solutions to protect data at the source. But that would not suffice. I think organizations will need to look beyond technological solutions and apply better preparedness strategies. Whether it be zero trust or something less overarching but more practical for an organization’s business needs, such as micro-segmentation, it would ensure that threat-actors would not be able to access the data residing inside the security perimeter.
The author
Professor Avishai Wool, AlgoSec, Co-Founder and CTO has served on the program committee of the leading IEEE and ACM conferences on computer and network security. He has published more than 110 research papers and holds 13 US patents with more pending. He is also a professor in the School of Electrical Engineering at Tel Aviv University and deputy-director of the Interdisciplinary Cyber Research Center at TAU. He's the creator of ‘Unlocking information Security’, a successful massive open online course (MOOC). When he’s not busy evangelizing AlgoSec’s solutions, Avishai enjoys tinkering with all sorts of computer and network security technologies, most recently focusing on in-vehicle communication networks, industrial control systems, side-channel cryptanalysis.
