In summary, Illumino cautions against rising threats to health and energy, consolidating security and technology teams at companies, as well as positive steps such as introducing new cybersecurity regulations and measuring companies and governments.
“In 2023, we will see an influx of oversight committees specifically for cybersecurity as companies look to reduce risk. Similar to legal and risk management, the committees will look at cybersecurity objectively and establish a set of baseline expectations that the business is accountable to. They will be tasked with monitoring oversights and adding direction, signifying the widespread recognition of cybersecurity as a top five strategic function. Boards will also demand more actionable data about their organizations’ cybersecurity posture to inform decision-making, with security teams leveraging new and better ways to quantify threat actors and defenses (think: testing penetration rates) to demonstrate to the board what looks like safe taste,” says Raghu Nandakumara, head of industrial solutions at Illumino.
“Preventing breaches from happening will no longer be an accurate metric of cyber success. As breaches become part of daily life, cyber resiliency will become an industry-recognized metric for all companies to achieve and measure. Given that organizations currently judge the success of their business continuity plan if they can recover within their Recovery Time Objective (RTO) to their Recovery Point Objective (RPO), in 2023 any downtime will be unacceptable. Rigorous testing and the development of industry-wide metrics to help benchmark against peers and understand what ‘success’ means will force organizations to think about their risk appetite and establish a minimum acceptable level of sustainable security to avoid fines, loss profit or loss of reputation”.
His colleague, Trevor Dearing, Director of Critical Infrastructure Solutions at Illumino, adds: “The current energy crisis, combined with economic instability and pressure to cut costs, will push energy and healthcare to the top of policymakers’ hit lists. invaders. With services more critical than ever, industries will come under attack from nation-states and criminal gangs, as well as activist groups looking to take on those who continue to profit from rising prices. The proliferation of connected devices and open Wi-Fi connections in healthcare settings will also allow attackers to launch new, more targeted attacks on individuals in healthcare facilities by compromising healthcare technologies such as monitoring equipment or pacemakers. As a result, organizations will look for new ways to prevent attacks from disrupting operations and maintain the availability of critical services.”
“With the economic climate putting pressure on budgets and resources, we will see greater momentum towards consolidating the number of security tools used and cybersecurity teams. One area where this will ring true is between IT and OT security, driven by requirements to reduce costs of expansive proprietary OT developments and integrate OT into existing IT cyber strategies. As environments become increasingly connected, organizations will need a more unique and structured approach to cybersecurity, with priority given to improving visibility and monitoring to reduce cyber risk. It will no longer make sense for organizations to have separate teams for IT and OT security, with the disconnect opening organizations up to even greater security threats.”
Illumino’s Third Expert, Adam Brady, the company’s Director of Systems Engineering, EMEA, notes, “With ransomware more pervasive than ever, industry and government will be forced to address the problem at its core. paying ransomware simply funds the activity, so the only way to eradicate ransomware is to stop paying for it entirely. It’s unlikely that any new legislation will be introduced in the next year, but we’ll certainly see discussions start to materialize about how this might look and possibly the first At the same time, cyber insurers will become increasingly reluctant to continue paying and look to tighten eligibility requirements for policies, greater measures will be needed to demonstrate resilience, such as regular stress testing of IT infrastructure and response practices to incidents.”
“By 2023, attention will shift from prevention at the perimeter and choosing the most ‘bulletproof’ IT infrastructure model to breach containment. We will see industry acceptance that breaches are here to stay and security strategies evolve to take this into account. Whether it’s on-premises, hybrid, cloud or edge, it’s important to maintain visibility across the entire property. Organizations will need to know where the vulnerabilities are in their environment and then proactively implement policies to contain breaches early on and limit the damage. Ultimately, breach containment will be the new resilience paradigm in 2023.”