By Geert van der Linden, EVP & Head of Global Cybersecurity Practice at Capgemini
You might feel like we live in an age of permacrisis. The past year has brought about rising geopolitical tensions, mass digitalization, more hybrid working, and a skilled labor shortage. Adding to these challenges is the new era of almost limitless connectivity, which is changing the way we live and work, all the while causing havoc for cybersecurity teams. As a result, organizations must adapt quickly or risk significant costs.
More companies are recognizing the importance of investing in cybersecurity. According to Gartner, global spending on cybersecurity could reach $1.75 trillion by 2025, with current spending at around $172 billion. In certain areas, such as data analytics, this investment is paying off with improved security capabilities, making it easier for IT teams to proactively identify and address cyber threats with data and automation.
However, the scope of cyber breaches continues to grow. Malicious actors continue to evolve, and so do their targets. Today, businesses, such as car manufacturers, must be aware of potential malware infections not just in their own systems, but also in those of their suppliers and equipment. With IT teams often being small, it can be difficult to constantly monitor and analyze everything. That’s why it’s crucial for employees – who are often the most vulnerable targets – to be better educated on cybersecurity threats and more proactive in preventing attacks and unintended vulnerabilities.
Where does that leave us for the year ahead? Here are the five challenges that will alter the industry in 2023:
Zero trust will replace perimeter security
Hybrid working has become the norm for many businesses now; employees are just as likely to be working from another country as they are from the office. Organizational data is flowing outside of traditional closed networks and into the cloud, while the 5G-powered Internet of Things (IoT) is vastly multiplying endpoints at risk from attack.
These factors spell the end of perimeter security, and in response, we need a zero-trust approach. This means that every user is suspicious until verified and must be granted access every time they pick up tools – eliminating any room for doubt and allowing for better monitoring of unusual behavior. Zero trust is essential for enabling the growth of digitalization and the cloud. In fact, Gartner reports that zero-trust network access will remain the fastest-growing segment in network security, with growth of 36 percent in 2022 and 31 percent anticipated in 2023.
Implementing a zero-trust security model cannot be done overnight but is a multiyear journey. It will depend on the amount of legacy infrastructure and will need to cater to the specific requirements of certain industries. The zero-trust model involves going beyond traditional network zoning to create a more stable and secure framework, and it’s likely that we will see more organizations fully adopting zero-trust in the coming year.
5G security hots up
Whether its cars, washing machines, or factories, 5G is transformative. It’s the foundation for Intelligent Industry. Almost everything can be connected to the internet, expanding the potential points of vulnerability. As such, 5G security and its security architecture will come under the spotlight as businesses continue to migrate to the cloud – with data flowing freely between organizations and telcos.
As adoption of 5G technology grows, it is essential to prioritize cybersecurity at the board level in order to effectively manage the challenges of the digital age. Without this focus on security, organizations will struggle to address potential threats, educate employees and vendors, and facilitate effective communication between cybersecurity teams and decision makers.
Security by design
Cybercriminals are now targeting vulnerabilities further down the supply chain as more specialized connected devices are produced. Take a specialist manufacturer of a connected car part as an example. These attacks are likely to become more prevalent as geopolitical tensions around intellectual property and influence rise.
To address this, it’s crucial to incorporate security measures during the development stage through a process called DevSecOps. This involves bringing together development, security, and operations teams to automate security throughout the software development lifecycle, which can help reduce effort, cost, and improve compliance.
Neglecting to prioritize security early on in the development process could have serious consequences for critical industries like healthcare, automotive, energy, and agriculture.
Invest in data over AI
While there’s no doubt that AI and automation technology will continue to advance, their progress is not happening as quickly as some may hope. Instead, next year, data analytics and data mining will take greater prominence.
Both will be critical to relieving some of the pressure on IT teams. A study by IBM, found that 67% of Cybersecurity Incident Responders say they experience stress and/or anxiety in their daily lives, with an alarming 65% seeking mental health assistance as a result of responding to cybersecurity incidents. By better harnessing data, teams can deliver better insights and correlation on attack trends, while forecasting future attacks. In this way, organizations can help to reduce the pressure on cybersecurity professionals.
Growing concerns in hyperscalers
As more and more businesses migrate to the cloud, worldwide spending is expected to reach $1.3 trillion by 2025. At the same time, 79% of companies experienced at least one cloud data breach in the last 18 months.
The added values and integrations of platforms like Microsoft Azure and Amazon Web Services are significant. However, such hyperscalers put more pressure on smaller security providers who will continue to lose their market share in the year ahead – they have to prove that they’re capable of delivering secure cloud environments as part of the package. Businesses need to be able to move into the cloud with confidence, and for SME’s especially, affordability is crucial.
There’s still room for hope in 2023 despite the scale of these challenges. The security environment can feel overwhelming, but investments continue to rise even within the context of global inflation.
Advancements in data analytics and capabilities are improving and showing the benefits they bring to the table, but organizations will have to invest in talent to help teams alleviate forthcoming pressure. By leveraging this technology and promoting a culture of security at all levels, including among suppliers and employees, businesses can position themselves for success in the security industry in the coming years.