2023 Cybersecurity Predictions: From AppSec to Platform Tools
Cybersecurity Predictions for 2023 by Industry Leaders: From Ransomware to Platform Tools
In the Holiday Special episode of ArmorCode’s Let’s Talk AppSecOps, Mark Lambert, VP Products and Luis Guzman, Senior Solutions Engineer invited eight cybersecurity experts to share their cybersecurity predictions for 2023.
They talked about key takeaways from the last year—such as the abundance of security tools and the increasing adoption of cloud services—and how these will shape the security landscape in the coming year.
Here’s a quick roundup.
Brian Pitts, JCI
“Look at the entire spectrum and get a holistic view of the risk”.
Pitts emphasizes the value of application security posture management capabilities for better vulnerability management.
He says it’s necessary to look at the entire spectrum—“cloud to the edge to the gateway”—and get a holistic view of cybersecurity risks. It is especially crucial in cyber-physical spaces, where many endpoints are in customer environments.
Matthew Rose, Reversing Labs
“The term ‘shift left’ is dead”.
Matthew Rose is of the opinion that shift left—the practice of integrating security at the earliest stages of software development—is dead. “There really isn’t a left”, he argues, “there’s something happening at every step of that infinity loop bow tie”.
What’s on the right—the deployable artifact—is what attackers will target. So, software supply chain security will be a huge aspect in 2023.
Al Ghous, Snapdocs
“Move away from these point solutions…look at things more from a platform play”.
Al Ghous discusses the difficulty of navigating the cybersecurity landscape today because of the vast number of tools available. In many cases, their services overlap or are those that can be done in-house, which makes it rather difficult for CISOs to pick the right services.
But Al Ghous is hopeful that soon the market will take care of itself: only forward-thinking companies will survive and become key players. These will provide more solutions—going wider rather than deeper—and the industry itself will start to value platform play over point solutions.
Brook Schoenfield, Resilient Software Security
“AppSec budgets are going to shrink”
Brook Schoenfield points to the economic state of the world and how that will lead to cuts in AppSec teams and budgets. Optimization and automation in application security posture management will be prioritized to make teams as efficient and productive as possible.
At the same time, the need for AppSec is not decreasing at all. He adds the cyber war, which has been going on for at least the last 15 years, is also going to continue. Ransomware, whether state-sponsored or state-allowed will continue to be a threat.
Jimmie Lee, Stealth Mode
“2023 is going to be the year of context for cybersecurity.”
Jimmie Lee notes that context will be the key, across businesses, that unlocks a culture of unity between security and engineering.
“Cybersecurity is the manifestation of a weakness that we didn’t understand when we built infrastructure on the networks”, he says.
His cybersecurity prediction is that, in the coming years, cybersecurity will become a part of engineering, instead of being seen as separate. Lee adds that lately there’s been a better awareness of security and reiterates the point about the market adjusting itself.
David M’Raihi, Rivian Trucks, and Nikhil Gupta, ArmorCode
“Tons of information…don’t have the time to actualize”.
David M’Raihi, too, points to the vast number of available tools and says that there is often so much data that it paralyzes. You fail to act. This brings about an urgent need to sift through the noise. Tools that provide concise information, along with cost-saving, will emerge as leaders.
Nikhil Gupta adds to the conversation saying that the customer should always be the focus. Solving customer pain points, helping them with security, and saving them money would be key goals to focus on.
Andrew Gorecki, IBM
“Ransomware will continue to be a major threat to organizations”
Andrew Gorecki points toward applications dependent on outdated technology and how they become easy targets for ransomware, a threat likely to continue. But there is a lot of free information available on ransomware, which can help take protective measures.
Like other experts, Gorecki also mentions that tool consolidation will become significant in 2023. Finally, he says that there will be rapid adoption of the cloud, which will make things more secure, manageable, and economical.
Les Correia, The Estée Lauder Companies
“An application is no more just one application—it’s a collection of microservices”
Les Correia opines that API security will play a crucial role in 2023. Today, we are surrounded by technology, and everything is connected, giving hackers several routes to attack.
Mark mentions how someone managed to hack a car by calling its SiriusXM endpoint using the VIN. APIs are dangerous because they’re not singular but a collection of interrelated microservices. Their documentation and security will become increasingly important.
In 2023, budgets will shrink but cybersecurity issues will only grow. Ransomware will continue to be a threat, and the increasing number of API-driven programs will only increase the potential attack surface. As such, there is a need for a holistic, platform-based approach to cybersecurity. Check out the full episode of Let's Talk AppSecOps to listen to the full conversation and hear from the experts.