“Identity spending will continue to rise, even as budgets tighten. In a tighter spending environment, CIOs and CISOs will de-prioritise various areas of IT spending, but security will remain at (or near) the top of their priority list. And within those security budgets, identity security will continue to rise in importance compared to other aspects of security. CXOs (especially CIOs and CISOs) now broadly recognise how critical it is to secure their enterprises through the lens of identity, and the consequences for failing to do so are increasingly clear. Moving forward, identity will be seen as a “business essential” rather than simply a security category.”
Nick Westall, CTO, CSI Ltd
“With progressively large sets of data and an ever-increasing growth in creative cyberattacks, IT teams are now dealing with operations and threats that go ‘beyond human scale’. Even moderate sized teams can no longer have the ‘eyes’, or visibility, they need to oversee all IT activity to keep their business secure. So, for 2023, as we move further into more complex IT worlds the application of AI and automation for cloud and security processes will become key to threat detection and prevention, as well as cloud optimisation and cost control. And all this at a time when businesses need to do more with less heads and while dropping into recession.
In terms of cyber security, things will only get worse before they improve. With dynamic, personalised attacks and working beyond human scale, hackers will have significantly more power to cause damage. Then there are the unknown threats. Given the pace of technological development, it’s likely we will be hit within the next few years by forms of cyber-attacks that are hardly conceivable today.
Within this scenario, I see AIOps and SecOps (and SecDevOps) becoming critical in 2023 to help protect against attack. However, despite their best efforts many businesses will still be attacked. So, having the right business continuity practices in place and cyber insurance will be critical to survival. Information Security Management Systems and Cyber Essentials Plus is no longer fit for purpose on their own. And with insurance companies stipulating that companies must have in place more rigorous technical controls, cyber security policies and toolsets before they will insure them, being able to meet these increasing demands will be key in 2023.
While CISOs have much to do in 2023 to add value and avoid risk (whilst not forgetting their ESG/CSR role or keeping their customers at the heart of what they do), they will not only need the commitment of the C-suite, they will also need their involvement.”
Tyler Moffitt, Senior Security Analyst, OpenText Security Solutions
“Small-Medium Sized Businesses (SMBs) will need to do more with less and cyber resiliency will be more important than ever. Cybercriminals will increase ransomware attacks on SMBs as prime targets in the wake of heightened geopolitical tensions, such as the War in Ukraine, and rising inflation in the UK and globally. This will force SMBs to do more with less, while already having smaller cybersecurity teams and budgets to defend against attacks, and it will make cyber resiliency more important than ever. Our recent SMB survey found that 46 percent of respondents felt more at risk of a ransomware attack due to heightened geopolitical tensions, and 53 percent were also concerned about their security budgets shrinking due to inflation.
“Search engines like Google and Bing try to make it as easy as possible for consumers to find the information they request, but it will become increasingly difficult to distinguish between safe and malicious search results. As search engines work to provide a more streamlined experience, they unintentionally open consumers to a greater possibility of being phished. Scammers will purchase top ranking search result ads and use them to drive people to malicious and fraudulent websites to steal their personal and financial information.”
Mark Molyneux, CTO of EMEA, Cohesity
“Companies in the UK will need to prepare for downtime and blackouts with solid disaster recovery plans for their data centres. The National Grid chief has warned about potential blackouts impacting major data centres amid the energy crisis, stating that it’s possible the UK may face blackouts in January and February in 2023.
Many companies will have solid Disaster Recovery plans for their data centres, but random or even structured blackouts over a prolonged period will have a very different requirement for operational resiliency compared to a typical outage.
Best practice involves organisations moving copies of their critical data to an alternative location to create more resiliency against potential blackouts. Alongside other operational challenges, and set in the context of reduced IT budgets, organisations will have to quickly develop procedures to keep services running and secure. This will mean leveraging automation and orchestration to make those procedures efficient and effective.”