What to expect from cybersecurity in 2023

Rising geopolitical tensions, mass digitalization, more hybrid working, and a skilled labor shortage. As we enter 2023, it goes without saying that cybersecurity teams have a lot on their plate, and you’d be forgiven for feeling we live in an age of permacrisis. While a new era of almost limitless connectivity is changing the way we live, work and produce, organizations must adapt quickly or risk significant costs.

In response, more organizations are waking up to the value of cybersecurity investment. This is reflected in global spending which Gartner estimates could be as high as $1.75 trillion by 2025. This year it was approximately $172 billion and, in some areas like data analytics, investment is paying off. Security teams are becoming increasingly effective at proactively detecting and mitigating cyber threats, with the added power of data and automation also playing more of a role.

Nonetheless, the scope of cyber breaches continues to grow, and malicious actors continue to evolve, as do their targets. Today, a car manufacturer should be just as concerned about a supplier, or its equipment, being infected with malware as a malfunctioning part. Such ever-growing complexity calls for a mindset change. As the typical size of an IT team in an enterprise of revenue between $150M and $500M is only 11 people, it is virtually impossible to monitor and analyze everything. Employees continue to be the most vulnerable targets and as a result, they need to be just as aware of causing fires as the firefighters themselves.

Here’s a look at some of the key trends in 2023:

The end of perimeter and the rise of zero trust

Traditionally, cybersecurity has been framed as an ongoing battle between hackers and criminals on the outside, and security experts on the inside. It is easy to frame organizations as closed shops and this narrative is reflected in popular culture. However, the reality is much more complex.

The pandemic changed working patterns and a hybrid approach has become the norm for many businesses; employees are just as likely to be working from another country as they are from the office. At the same time, data is flowing outside of traditional closed networks and into the cloud, while the 5G-powered Internet of Things (IoT) means that equipment is too. Hospitals, for instance, are increasingly using connected medical devices for patient care, and yet one report found that over half of internet-connected devices used in hospitals have a vulnerability that could put patient safety, confidential data, or the usability of a device at risk. This, in some cases, can be life threatening. And is why the end of perimeter security must be followed by ‘zero trust’.

Zero-trust security is exactly how it sounds like: don’t trust anyone when it comes to cybersecurity. Whether CEO or intern, every user is guilty until verified and must be granted access every time they pick up tools – eliminating any room for doubt and allowing for better monitoring of unusual behavior. Zero trust is crucial to enabling digitalization and cloud to thrive, it is no coincidence that Gartner reports that zero trust network access will remain the fastest-growing segment in network security, with growth of 36 percent in 2022 and 31 percent in 2023.

Zero trust is not an overnight tale but a multiyear journey, depending on the amount of legacy infrastructure involved as well as the requirements of the industry, which is why we anticipate that 2023 will be the year where more organizations embed it. While some industries, like finance, are already close to or at zero trust, others like automotive and healthcare are not. To stabilize and tighten security frameworks beyond network zoning, it’s imperative that every vertical moves towards it.

5G security gets hot

The introduction of 5G into the digital ecosystem means that almost anything can be connected to the internet. It adds IoT into the ecosystem alongside IT and OT, where the product itself becomes a point of vulnerability. Whether its cars, washing machines, or factories, 5G is transformative and the foundation of Intelligent Industry.

5G security will take off in 2023, boosted by businesses migrating to the cloud, and so its security architecture – with data flowing between organizations and telcos – will come under the spotlight. In tandem with leaders recognizing the benefits of 5G powered connectivity, they must make security a board-level priority. Without doing so, it will be difficult for organizations to overcome these challenges, educate their employees and vendors, and streamline communication between cybersecurity teams and decision makers.

Supply chain vulnerabilities requires DevSecOps

As more specialist connected devices are manufactured, threat actors are focusing on vulnerabilities further down the supply chain, such as the specialist manufacturer of a connected car part. With these attacks only intensifying as geopolitical aggressions on intellectual property and influence increase, we can expect – and require – security to be embedded at the stage of development.

Security by design requires the convergence of development, security, and operations teams with the goal of automating security at every phase of the software development lifecycle, which when applied end-to-end, will reduce effort, costs, and improve compliance. This is called DevSecOps and will be crucial to meeting 2023’s requirement to do more, with less. If we fail to, the serious implications of not embedding security early-on will continue to hit critical sectors such as healthcare, automotive, energy, and even agriculture more frequently.

Bank on data, not AI

There is a metaphor about waiting for a bus to arrive and suddenly all come at once. Such is the expectation drummed up about the capabilities of non-human software to resolve our woes, but don’t bank on the bus to arrive in 2023. While there’s no doubt that AI and automation technology will continue to advance in capabilities, it’s not advancing at the rate many would hope. Instead, next year, data analytics and mining will take greater prominence.

Both will be critical to relieving some of the pressure on IT teams. A study by Capgemini’s partner IBM, found that 67% of Cybersecurity Incident Responders say they experience stress and/or anxiety in their daily lives, with an alarming 65% seeking mental health assistance as a result of responding to cybersecurity incidents. Pressure has become part of the status quo in cybersecurity, and this is a global problem. By better harnessing data, teams can deliver better insights and correlation on attack trends, while forecasting future attacks.

Hyperscalers race ahead

Finally, worldwide spending on cloud is expected to reach $1.3 trillion by 2025 as more and more businesses migrate. At the same time, 79% of companies experienced at least one cloud data breach in the last 18 months which is shining a spotlight on hyperscaler security. The added values and integrations of platforms like Microsoft Azure and Amazon Web Services are significant and it puts more pressure on smaller security providers who will continue to lose their market share in the year ahead. But next year, the hyperscalers will be busy proving they are able to deliver secure cloud environments as part of the package. Businesses need to be able to move into the cloud with confidence, and for SME’s especially affordability is crucial.

Although there is little sugar coating the scale of challenges, there’s room for hope in 2023. Investment is continuing to rise, even within the context of global inflation and capabilities are advancing. The security environment can feel overwhelming, and more skilled workers are required to alleviate the tensions, but advancements in data analytics are already proving their worth. The sooner businesses can harness it while embedding a security mindset across all levels – with suppliers and employees – the more likely it is that next will be a transformative period for the security industry.

Contact Capgemini to understand how we are uniquely positioned to help you structure cybersecurity strength from the ground up. 

Geert van der Linden

EVP and Head of Global Cybersecurity Practice.