Feras Abu Aladous, Systems Engineering Sr. Manager, META – at Juniper Networks highlights the major cybersecurity trends in 2023 and shares his predictions for the year
As we began the new year and leave 2022 behind, business leaders are considering what is likely to impact their business in terms of cybersecurity next year and onward. The cybersecurity space is in a constant state of flux and is impacted by a wide range of factors such as user expectations, digital transformation, regulations, geo-politics and technological advancements.
Among so much instability, awareness and forward planning, it is essential to limit and mitigate risk and get ahead of the curve to be proactive, not reactive, in decision making. The following predictions are what Juniper anticipates will be the major cybersecurity trends in 2023.
Political Instability and State-sponsored Attacks
Political instability will have an ongoing impact on cybersecurity threats for private companies and government bodies alike. State-sponsored attackers are likely to continue to weaponise threats in order to undermine competitiveness in companies and government bodies with which a nation state disagrees. Although attacks attributed to certain countries are likely to continue in 2023, other nations may also conduct their own attacks “under the radar” to leverage or create political advantage.
These breaches will continue at all levels through planned zero-day attacks from various nation-state actors. As the cost of launching zero-day attacks has risen massively in recent years, it is likely that these events will only be executed by nation-states who see the potential for significant disruption as the worthwhile payoff. The targets will often be critical infrastructure including transport networks, healthcare and other public sector entities. If existing network vulnerabilities aren’t addressed, the blame culture around these attacks can have the power to cause greater damage than the attacks themselves, potentially destroying diplomatic relationships and severing ties with commercial partners and political allies.
IoT and Cloud
In 2023, a large number of companies will be leveraging IoT or IIoT technologies in some way. Hackers are now looking for better ways to take advantage of these technologies. Using industrial entry points, hackers will likely try to disrupt operations and strangle efficiency and productivity through the workplace or factory network. By exploiting industrial control units, the payout is higher and eventually the perpetrators can collect enough data to conduct corporate espionage.
As IoT devices are connected to a complex web of clouds, this presents increased risk. As more devices are connected to the network, IT teams must monitor the entirety of their networks with unbroken visibility to have a better understanding of what ‘normal’ is in their organisation with context to understand what is both suspicious and ‘normal’ and prevent additional risk.
Investment in network solutions that help organisations to monitor clouds and platforms, and who or what has access to them, is essential. Otherwise, companies could be leaving their critical and sensitive information within easy reach of hackers looking to monetise operational weaknesses.
Workplace Exploits
Beyond increased risk around IoT technologies, companies should not become complacent with security in relation to hybrid work models going forward. No matter what percentage of the workforce is at home or on the road, security must remain a top priority with secure cloud environments wherever an employee is working and using digital corporate resources.
An employee without proper training and an understanding of the risks is a vulnerability. As well as investing in knowledgeable IT staff, going forward all employees should receive regular training to keep up to date. As highly targeted phishing attacks will remain common into 2023, this training could help to eradicate potential entry points for hackers.
AI and ML
Machine Learning (ML) is increasingly commonplace in today’s companies. However, as there are still debates about what can be classed as ‘true AI’, Artificial Intelligence is currently still less common. Throughout 2023, using AI to inform decisions in cyberspace may become the norm as AI establishes itself as a more mature technology. This shift in technology will not eliminate the need for security analysts but will automate mundane, data-processing tasks such as pen-testing, and allow the human workforce to focus on the more innovative aspects of their role. Looking to the future, analysts should embrace technology to improve their role and efficiency. Into 2023, security analysts will remain crucial to managing the network with AI- and ML-based enhancements. AI will ultimately help these analysts perform deep analysis such as port scanning thousands of network-connected non-end user devices. This will reduce time spent analysing data by humans, but trained professionals will still be needed to execute decisions and manage strategy across any organisation.
AI and ML is likely to be deployed in a wider range of uses going forward in all aspects of the cybersecurity space and beyond. These tools have the power to help humans in their roles to tackle tasks at a large scale.
In the next year, cybersecurity will likely remain a priority as leaders look to leverage the latest transformative technologies without compromising their data. Even though technology will impact the landscape, decision-makers must not overlook investing in the workforces that run their day-to-day cybersecurity operations and who can provide invaluable insight.