According to Infosecurity Europe’s community of cybersecurity leaders, global political unrest from this year will permeate into 2023, severely impacting the security industry. However, with tighter regulation and advances in artificial intelligence (AI) and machine learning (ML), CISOs may be in a stronger position to minimize threats next year.
Organizers of the Infosecurity Europe event asked a network of CISOs and analysts to comment on the main trends they expect to shape cybersecurity over the next 12 months, grouped by theme. The human element, threat vectors, laws and regulations, and the current news agenda.
On how one of the hottest issues of 2022 will affect cybersecurity next year, Maxine Holt, senior research director at Omdia, said: New cyberweapons are being developed and used by governments. Especially now that most organizations host most of their infrastructure with third parties, increasing the risk of cyberattacks, increasing the chances of being accidentally affected by Crossfire. Nation-state cyberweapons can wreak havoc on national infrastructure and critical third-party suppliers, but CISOs can only monitor and take sensible precautions. ”
Taking a closer look at the technology within the industry, conversations about AI and ML to combat cybersecurity are rife and divisive within the industry, but Trainline CISO Munawar Valiji said: Human weaknesses in the cyber kill chain. ”
Steve Wright, Partner at Privacy Culture and former interim DPO of the Bank of England, said: [cybersecurity] AI can make it difficult to understand when and how an individual’s privacy and security rights apply to this data. It is more difficult for individuals to implement effective access and other control mechanisms for exercising these rights, so when data is being utilized by AI, appropriate Protection and governance are essential. AI also raises ethical and moral considerations. For example, AI/machine learning systems must be used in a responsible and ethical manner worthy of the trust of users and society. ”
laws and regulations
Looking at the legal side of AI, Wright thinks CISOs should be concerned. A risk-based approach should be adopted (this is normal practice for all he CISOs). Some AI uses are banned, others are subject to strict requirements, and others are not regulated at all. So data security and he needs to focus on the fundamental rights of EU citizens. AI regulations impose even higher fines than GDPR. As such, it naturally shapes the way AI systems are developed and deployed. Therefore, every CISO should be ready to read the text, conduct a risk assessment, and justify why and how AI will be used in 2023 and beyond. ”
Quentyn Taylor, senior director of product, infosecurity and global response at Canon EMEA, predicts a major change in legislation. The amount of pending legislation on the Internet of Things. ”
Holt believes security will be built in at a more basic level. Security He’s Fabric, Security He’s Mesh You hear a lot about this basically means that security is part of everything an organization has to do and think about . The geopolitical situation remains volatile and must always be taken into account at the individual organizational level. However, the larger issue of pervasive security concerns resilience and maintaining continuous organizational operations. Without considering security in all its dimensions, including innovation, compliance, the evolving threat landscape, and risk, organizations cannot achieve the resilience they need. ”
Maria Bada, a behavioral science expert at AwareGo, believes the industry is making regulatory efforts on a global scale. At the international level, too, significant progress has been made, not only in relation to cybersecurity, but especially in relation to cybercrime. We are now seeing countries actually committing to specific ransomware-related policies, which is a big step forward. ”
threat vector
ZeroDay360 CEO David Edwards predicts that “the adoption of Zero Trust systems will be one of the biggest advances in 2023,” but the continued threat of ransomware is widely accepted within networks. I’m here.
Holt predicts that ransomware threats will become more aggressive and organized than ever before. Year. ”
human element
According to Edwards, The next year will see a move to target employees individually to take advantage of insider fraud. He elaborates: Getting employees to click on phishing emails, install programs, or enable compromise of business emails will become an increasingly common trend. ”
Wright also shared this sentiment, stating: “Work time” and “personal time” are becoming more and more blurred.
Valiji believes that “organizations will invest heavily in user awareness and offer customized awareness programs for themes.”
What lies ahead?
With the short-term future in mind, Troy Hunt, founder and CEO of Have I Been Pwned, predicts the evolution of passwords: Old passwords don’t die, so in five years there will probably be more passwords than there are now, but I think password strength is going well. For example, use face ID and fingerprint to break into your phone. Of course, it’s a very gradual process, but the undeniable trend of more devices, more online services, more people and more data exchange will inevitably lead to more data breaches. . Evolve yourself.”
From a talent perspective, Holt believes the future of cybersecurity is bright. Holt is pleased to see an increase in the number of women in the industry. Gender equality in the workplace is still a long way from a security perspective, but it is improving. It also shows that
Nicole Mills, Director of Exhibits at Infosecurity Group, said: These events have definitely impacted the cybersecurity industry, but it remains to be seen whether they will have a significant impact in 2023. , and in some cases the adoption of AI and ML, CISOs maintain a unique position.
“These discussions we are having now will help shape the content of Infosecurity Europe 2023, about growing trends in the industry and how organizations can once again overcome the many challenges that will inevitably arise. , and we look forward to creating thought-provoking conversations, coming in 2023.”
Infosecurity Europe 2023’s conference program will cover topics where CISOs and analysts provided their thoughts, and explore themes in presentations, talks and workshops in various theaters. Infosecurity Europe will take place from Tuesday 20th June to Thursday 22nd June 2023 at ExCeL London. Details about the exhibition and conference program will be published on the website in the coming months.
