A seismic change in economic conditions will drive cybersecurity decisions in 2023. And Cloud Native will be a big factor in strategizing by CISOs, who will look increasingly to developers for guidance.
“With economic uncertainty casting a heavy shadow across the globe, the geopolitical landscape the most unstable it’s been in decades and cloud migration marching on relentlessly, cybersecurity has never been more important. This will present unprecedented challenges for security teams in 2023,” notes Kevin Bocek, VP of security strategy and threat intelligence at Venafi.
At the nation-state level, cyberattacks stemming from the Ukraine conflict may become more aggressive as they're executed in tandem with kinetic attacks and spill over into other countries. Western economies, in particular, will be attractive targets since threat actors know they can inflict the most damage as economies become weaker in 2023.
On a positive note, we’ll see the growth of FinOps, API security and the rise of platform engineering on the back of the growth of Cloud Native.
We polled a variety of machine identity and cybersecurity experts on what to expect in the coming year. And here is a list of the 2023 predictions that we felt were most compelling:
1. The ransomware cash cow may stop mooing in 2023, forcing hackers to start looking at other revenue generators – like selling stolen machine identities
It’s not just governments, citizens and companies that will feel the sting of the economic downturn in 2023 – it’ll affect hackers as well, who’ll be forced to change their tactics. For example, with fewer companies able to afford to pay ransoms, we could see ransomware shrinking as an attack vector.
This will put a premium on other sources of income for threat actors, such as the lucrative sale of stolen machine identities like code-signing certificates. We’ve seen a high price for these in dark web markets before, and groups like Lapsus$ regularly use them to launch devastating attacks . So, their value will only increase this year, and we’ll see dark web marketplaces booming with sales of stolen machine identities.
2. Start-ups and open source will help solve supply chain security issues
As far as trends go in Cloud Native, supply chain security is one of, if not the most pertinent issue, and will continue to be so in 2023. Highly visible open source vulnerabilities like Log4Shell, or in some cases the ‘weaponisation’ of software has posed uncomfortable questions around the dependencies you are running in your business at this very moment.
Sadly this is a question that should always have been asked, but for whatever reason, it wasn’t, and there are many companies now struggling with the question of how vulnerable their code is, and where it has come from. We’re seeing many instances of vulnerable code brought inside their firewall by developers trying to go fast using unverified code from GitHub, or copypasta from Stack Overflow.
Thankfully, we’ve reached a collective sense of focus on this area and are seeing tremendous developments in how we tackle it. This is only going to increase through 2023 as we see more start-ups popping up and open source tools like cosign and sigstore designed to help it.
Biden’s SBOM initiative has helped bring attention to the requirement, and The OpenSSF is leading in this charge. Their approach is being supported by a number of companies in the space, including Jetstack who have published a Secure Supply Chain toolkit, and are proactively working with customers to help understand their issues, and solve them with a ‘low effort, high impact’ approach.
3. Russian cyberattacks will aim to disrupt Western economies
2023 will see nation state threat actors – particularly Russian APT groups – trying to disrupt rival nations’ economies. The war in Ukraine and the COVID crisis have meant economies have become Western nations’ strongest asset and highest priority. This has put a target on financial companies’ backs, as threat actors know they can cause chaos if these economies are disrupted.
These attacks are most likely to come from Russia as it becomes increasingly isolated from the global economy due to sanctions. Cyber-enabled economic warfare will be crucial to its geopolitical strategy, with the aim of either generating revenue or disrupting rival economies. We’ve already started to see this with recent attacks on the US Treasury.
4. Nation state attacks will become more frenetic as the cyber and physical worlds collide
In 2023, we’re likely to see nation state attacks become more feral. The war in Ukraine hasn’t been as successful as Russia hoped, and we’re increasingly seeing its kinetic war tactics becoming more untamed, targeting energy and water infrastructure with missile strikes. We’re also seeing North Korea flexing its muscles by flying long range weapons over borders .
With these increasingly unpredictable ground war tactics being displayed, we expect the same to apply to cyberwarfare. As the war in Ukraine continues, Russia’s cyberattacks will work in tandem with its kinetic attacks. These will have the potential to spill over into other nations as Russia becomes more daring, trying to win the war by any means, and Russia could look to use the conflict as a distraction as it targets other nations with cyberattacks. This will be replicated by North Korea as it looks to advance its economic and political goals.
5. The rise of Platform Engineering
In 2023, we’ll see the rise of platform engineering. The Cloud Native ecosystem has exploded. Some eight years after the open sourcing of Kubernetes, there are now thousands of companies running it in production.
However, we’re relatively early days in the enterprise adoption of Cloud Native, and we’re still learning huge amounts about how to organize, run and manage teams to take advantage of it. A common theme that is developing is the need for ‘Platform Engineering’
Even in the move to cloud, we didn’t see large-scale restructuring of the teams delivering the infrastructure. This lack of restructure is partly what led to the huge number of ‘lift and shift’ migrations we’ve seen over the years.
However, given Cloud Native reimagines how companies think about building and operating infrastructure, they require a totally new team to build and support it. This is leading to the rise of the ‘Platform Engineering’ team, which builds on the learnings of DevOps culture, and encompasses every persona needed to build and run IT infrastructure, including Dev, Security and Operations.
6. We’ll discover that attacks on the cloud have already happened
We’ve yet to see many major cloud-related breaches, but that’ll change in 2023 - we’re going to see a lot of cloud-related breaches and vulnerabilities float to the surface. The speed and scale of cloud adoption has created a knowledge gap within security teams, who don’t fully understand the risks of cloud.
As security professionals develop their knowledge of cloud security this year, they’ll find that threat actors are ahead of the curve and have already infiltrated their networks – perhaps weeks, months or even years ago. It’s only as we build our knowledge of cloud risk that we’ll start to uncover these breaches.
7. There will be more failed audits
We’ll see more failed audits in regulated companies as multi-cloud, multi-cluster grows as a strategy in 2023. The shift away from larger clusters to multiple smaller ones is popular with regulated companies, as it allows them to use private cloud alongside public cloud. This spreads risk, increases performance, and offers the control and visibility they need for compliance.
However, it also increases complexity because these environments are fragmented and require a huge number of machines – clusters, microservices, servers and applications – which all need an authenticated identity to communicate securely. Due to this increased volume of machine identities in cloud native environments, compliance with regulations on machine identity management is a real challenge. If this process isn’t automated via a control plane, failed audits will become commonplace.
8. FinOps will become vital in response to market forces
It’s impossible to ignore the market forces that are hitting the tech market in late 2022. We’ve seen valuations drop, strategies move to focus on profitability over growth, and inflation make everything more costly.
Some reports also say that cloud computing is about to become significantly more expensive in 2023, in some cases by a third ! This is against a backdrop of companies still finding it hard to find talent, and a lack of knowledge on how to efficiently run cloud and cloud native services. This leads to overprovisioning, redundant environments, and a lack of cost tracking.These forces will drive a focus on financial operations, or ‘FinOps’, a management practice to promote shared responsibility for an organization's cloud computing infrastructure and costs.
How FinOps is implemented in Cloud Native and which tools you should use to help manage it will come into sharp focus in 2023.
9. API security will rise to the top as one of the biggest concerns and priorities for enterprises
As many organizations are starting the journey or moving to the API-first development route, API adoption has multiplied and so has the proliferation of APIs. But this development coupled with a lack of API security strategy in most organizations, has also created a security nightmare as it has broadened the attack surface. This exponential adoption is another classic case of technological diversity exacerbating security concerns, where it becomes even more challenging to secure a setup / infrastructure. As APIs involve integration, they open themselves up to abuse and exploitation from various threat actors. The API attack surface is dynamic and ever-evolving so focusing on API security is going to be paramount.
Proper machine identity management is crucial to effective API security because currently one of the most commonly exploited API attack vectors is broken access control or authentication. Any compromise or abuse of machine identities can lead to API abuse and that has the potential to cause a significant security breach.
10. Recession will turn everyday people into threat actors
With an economic crisis and low bar for entering into cybercrime, we expect to see more everyday people turning to cybercrime as a source of income in 2023 as their financial situations become more desperate. Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS) will rise as it enables people that don’t have technical skills to launch attacks. Our research shows that there are a range of “packages” available on the dark web, many including customer service, implementation of campaigns and payment plans.
11. Budget-saving cloud strategies will lead to companies putting all their eggs in one cloud basket, concentrating their risk and spoiling agility
In 2023, the smart play to protect budgets during times of economic uncertainty will be to increase agility and spread costs across multiple clouds. However, some CFOs and even CIOs will be lured into the low-cost, low-stress single-cloud option and put all their eggs in one basket. This concentrates risk and presents opportunities for attackers as security teams come up to speed with the cloud-native technologies developers have deployed since the pandemic accelerated cloud use. It also wastes the agility and speed that a multiple cloud - not just one - strategy provides.
12. Service Mesh will continue to grow, and stop disappointing
Over the next year, we’ll see service mesh grow and mature. Companies continue to adopt service mesh rapidly, however, they tend to deploy it for a few key reasons, often driven first and foremost by the need for mutual TLS. As much as these companies get value from service mesh, it can sometimes come at the expense of latency, performance, and complexity. For that reason, it’s not very easy to say that service mesh has ‘lived up to the hype’.
It does, however, look like this is changing, and we’ve seen a lot of recent innovation in the space. For example, we’ve seen some of the vendor-led Istio services improve rapidly, we’ve seen more simple technologies like LinkedD gain traction with developers, and we’ve seen completely different approaches adopted with technologies like ambient mesh. Jetstack itself has also done a lot of work with Istio-CSR to help companies to connect their service mesh to a corporate-approved CA.
Thanks to this improvement, I see big strides in service mesh in 2023 and we’ll see more features that help it become easier to adopt, easier use, and more ‘enterprise ready.’
13. Developer experience will become more important than ever
In 2023, those forward thinking CISOs that are working across business functions will help to reduce friction for developers. The shift to cloud native solutions is relentlessly marching on, and many organizations - particularly regulated ones - have shifted at least half of their environment to cloud. Developers really understand these environments, as they work in them day in day out, so their experience is becoming business critical.
So, CISOs will have to work with developers to make the cloud a success, deploying security solutions that reduce friction, and are invisible to developers. This will free up developers’ time, allowing them to innovate and ensure their businesses remain competitive.
14. Cyberattacks will be used as a smokescreen
This year, we’ve seen growing evidence of threat actors deploying attacks with a dual purpose, which will increase as a tactic in 2023. There have been examples of ransomware and DDoS attacks being used to cause chaos in security teams, which have actually been a smokescreen, enabling them to achieve nefarious secondary goals like espionage.
It’s this broader goal that we should concentrate on, questioning why these particular companies are being targeted and the motivation for attacks. Organizations must collaborate, both with each other and governments, sharing intel and really drilling down into the true purpose of attacks.
15. Critical infrastructure in the cross hairs
In 2023, the energy crisis will deepen, putting a higher premium on the security of critical infrastructure. Governments and energy companies will be doing everything they can to ensure that the lights stay on, as the impact of blackouts on citizens and the economy would be profound.
Of course, threat actors are aware of this, and the incentive to target critical infrastructure will rise. This will be the domain of nation state hackers, who’ll be looking to cause chaos in rival economies. We’ve seen examples of these damaging, state-backed attacks in the past, such as Stuxnet , downing critical infrastructure by exploiting machine identities and causing major disruption. So, energy companies must secure their machine identities in preparation for these attacks.
16. Cyber attribution of attacks involving machine identities will further improve and provide more value to incident responders and investigators
The increasing instances of cyber-attacks compromising and leveraging machine identities will only further deepen the investigation into specific TTPs involved including further mapping out the attacker profile as well as the chain of the attack. Such instances will also impact and force further cooperation between international bodies as well as public and private sector entities for knowledge sharing and exchange. This will holistically minimize ambiguity and uncertainty lead to forming a much better and a relatively more accurate picture of the attacker(s) involved in much less time than has been seen before.
17. The human identity market will consolidate
Securing human identity became more important than ever during the pandemic, but in 2023, we expect to see the market consolidate. Companies need – and generally have – human identity security, but it’s a very competitive market and major private equity firms are taking a lot of companies private.
But there are only so many seats at the human identity table, and it’s becoming a race to the bottom. I’d expect there to be some casualties over the next 12 months.