Global digital trust solutions provider DigiCert has published its annual prediction of emerging cybersecurity trends for the coming year and beyond. These predictions, made by DigiCert specialists Dr. Avesta Hojjati, Dean Coclin, Mike Nelson, Srinivas Kumar, Stephen Davidson, Steve Job, and Tim Hollebeek, are based on shifts in technology, the behavior of threat actors, cultural norms, and decades of collective experience.
“These predictions come on the heels of our 2022 State of Digital Trust Survey that found that almost half of consumers (47%) have stopped doing business with a company after losing trust in that company’s digital security,” said Avesta Hojjati, Vice President of Research and Development at DigiCert. “The more CISOs and other IT staff understand the security implications of evolving technologies and threats, the better prepared they are to make the right investments for their business to ensure digital trust.”
- Prediction: Quantum Computing Will Force Crypto-Agility – With the state of technology today, breaking a 2048-bit encryption would take an immeasurable amount of time. However, a powerful quantum computer could be able to finish it in a few months. Since quantum computers represent a significant future threat to the security of online interactions, DigiCert anticipates a greater emphasis on the need to be crypto-agile. In the very near future, cryptographic agility will be a competitive advantage.
- Prediction: Code Signing Will Prompt a Race to the Cloud – It is changing for OV code signing certificates. They will soon be issued in a manner akin to that of EV code signing certificates on physical security gear. The private keys for OV code signing certificates must be stored on devices that comply with FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent security standards, notes the CA/B Forum, a voluntary group of certification authorities (CAs), manufacturers of internet browsers, and suppliers. This requirement is set to take effect in June 2023. DigiCert believes that as a result of these adjustments, many customers will switch to cloud signing rather than dealing with the hassle of getting a new hardware token. Additionally, DigiCert anticipates that all code signing will eventually take place in the cloud since users would prefer it to having to maintain hold of hardware keys.
- Prediction: Software Supply Chain Attacks Will Make 2023 the Year of the SBOM – An SBOM is a list of all the software parts that make up a program, including all of the libraries used in its code as well as any dependencies, compositions, and extensions. DigiCert believes the SBOM will be widely used in 2023 due to the knowledge and visibility it offers into software supply chains. Expect the SBOM to soon expand to commercial markets to protect software, even if the majority of the requirements are now being implemented at the federal level. All of this means that software developers will need to become more actively involved in the process of maintaining the security of their products, and visibility will be essential to that process.
- Prediction: DNS will continue to grow in importance – As a best practice for businesses of all sizes, infrastructure as code will keep expanding. Businesses must have as part of their toolkit DNS services with high uptime, quick speeds, and quick DNS propagation. The success of organizations’ efforts to be reliable and productive depends heavily on well-defined APIs, SDKs, and integrations.
- Prediction: Criminals Will Exploit Zero Trust – In order to boost the likelihood of their attacks succeeding in the future, adversaries will also use new technology. A skilled attacker may use technologies like artificial intelligence and adversarial machine learning to uncover flaws in a poorly implemented zero trust architecture. DigiCert forecasts that when zero trust frameworks become the de facto security norm for IT systems, attackers will alter their strategy for attack.
