The year 2023 will be one of the most difficult ones yet for the cybersecurity sector, according to projections made by Venafi, a supplier of machine identity management. The forecasts include insights from several Venafi executives on the year ahead.
Bocek, Matt Barker, the president of cloud native solutions, Yana Blachman, a threat intelligence specialist, Sitaram Iyer, the senior director of cloud native solutions, and Pratik Savla, a lead security engineer, are among those at Venafi who provide their forecasts for the next year. Highlights include the following:
- “The ransomware cash cow may stop mooing in 2023 – forcing hackers to switch to alternative sources of income, such as the sale of stolen machine identities. Code signing machine identities are already selling for a high price on the dark web, and organizations like Lapsus$ frequently employ them to carry out devastating attacks. The value of them will only rise in the upcoming year.” – Kevin Bocek
- “In 2023, we will see continued efforts to manage the risk posed by software supply chain attacks, with more start-ups and open source tools – created to assist in this area, such as cosign and sigstore. The OpenSSF is spearheading the push to raise awareness of the requirement through Biden’s SBOM campaign. Consequently, we anticipate some good progress in this area.” – Matt Barker
- “Russian cyberattacks will aim to disrupt the West’s greatest asset – their economies – as Russia is excluded from the international finance community – Russia’s geopolitical approach will be heavily reliant on cyber-enabled economic warfare, which aims to either generate income or destabilize competitor economies. Recent attacks on the US Treasury have given us a glimpse of this.” – Yana Blachman
- “Nation state attacks will become more feral as ground war tactics become more untamed and unpredictable, bringing the cyber and physical worlds into a collision course – As Russia gets more aggressive and tries to win the war by whatever means, these might spread to other countries and be used as a cover for cyberattacks on other countries.” – Kevin Bocek
- “The rise of the platform engineering team will be one of the big trends of 2023 – Cloud Native requires a completely new workforce to develop and maintain it, reimagining how businesses think about creating and running infrastructure. Platform engineering teams will expand on DevOps culture’s lessons by incorporating all personas required to create and maintain IT infrastructure, such as Dev, Security, and Operations.” – Matt Barker
- “As we build our knowledge of cloud risk, we’ll start to uncover breaches we knew nothing about – We’ll discover that threat actors have already infiltrated cloud networks, possibly weeks, months, or even years ago.” – Yana Blachman
- “There will be more failed audits in regulated industries as multi-cloud, multi-cluster complexity causes companies to breach compliance requirements – Compliance with machine identity management laws will be extremely difficult in cloud native systems due to the rising amount of machine IDs. Failures in audits will become prevalent if this procedure isn’t automated using a control plane.” – Sitaram Iyer
- “With cloud costs predicted to rise by as much as a third in the coming year, we will see an increased focus on FinOps – Specifically, financial operations, a management strategy to encourage shared accountability for a company’s cloud computing expenses and infrastructure. In 2023, there will be a clear focus on how FinOps is handled in Cloud Native and what tools you should use to assist manage it, including security solutions.” – Matt Barker
- “In 2023, API security will rise to the top as one of the biggest concerns and priorities for enterprises – as more and more businesses adopt an API-first strategy for software development. This rapid uptake of APIs will raise security issues and increase the risk of serious security breaches.” – Pratik Savla
- “As recession bites, we expect to see more everyday people turning to cybercrime as a source of income in 2023. Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) will become more prevalent as they make it possible for those without technical expertise to launch attacks.” – Yana Blachman
Venafi products manage and safeguard identities for all sorts of machines, including physical and IoT devices, software applications, APIs, and containers, from the ground up in the cloud. Venafi delivers all machine identity types and the security and dependability issues associated with them with global visibility, lifecycle automation, and actionable information.
Venafi, which holds more than 30 patents, provides machine identity management solutions to some of the most demanding and security-conscious businesses and government agencies in the world, including the top four credit card issuers, three of the top four accounting and consulting firms, four of the top five U.S. retailers, and the top four banks in the U.S., U.K., and Australia.
