The
new
year
brings
for
many
a
sense
of
cautious
optimism
as
the
lockdowns
and
restrictions
imposed
to
constrain
the
coronavirus
recede
into
history.
However,
to
remain
secure,
businesses
and
individuals
need
to
respond
effectively
to
a
range
of
trends
that
gained
momentum
last
year.
These
include:
-
Worsening
geopolitical,
social,
and
economic
instability. -
Adoption
by
businesses
of
a
range
of
solutions–some
used
successfully,
some
not–to
enable
productive
remote
and
agile
workforces. -
Industrialisation
of
and
continued
success
of
phishing
and
credential-based
attacks. -
Growing
targeting
of
supply
chains
as
a
weak
point
in
larger
organisations’
ecosystems,
despite
increased
security
and
governance
applied
to
suppliers. -
Businesses
leveraging
the
deepening
and
increasingly
intricate
interdependencies
between
SaaS
platforms
to
drive
better
customer
experiences–with
attackers
aiming
to
locate
the
weakest
entry
point
through
which
they
can
compromise
these
systems. -
An
explosion
of
AI-powered
ideas,
use
cases
and
proofs
of
concept–some
of
which
are
concerning
and
fascinating
in
equal
measure.
In
this
context,
here
are
my
cybersecurity
predictions
for
2023:
The
ubiquitous
importance
of
Identity
Confidence
in
identity,
whether
an
individual,
a
device,
software
or
a
business
or
government
organisation,
is
key
to
everything
we
do.
This
confidence
is
increasingly
important
in
an
environment
of
growing
risk.
We
see
the
role
of
identity
in
social,
work,
education,
and
healthcare
contexts,
as
well
as
across
a
wide
range
of
citizen
and
government
use
cases.
Identity
is
equally
important
across
the
supply
chain–often
the
weak
underbelly
and
entry
point
for
attacks.
In
2023,
I
expect
to
see
greater
reference
to
the
Software
Bill
of
Materials
(SBOM),
described
by
the
Cybersecurity
&
Infrastructure
Security
Agency
in
the
United
States
as
a
list
of
the
ingredients
that
make
up
software
components.
The
SBOM
will
clarify
identity
and
material
inputs
across
supply
chains.
Zero
Trust
Security–about
which
so
much
has
been
written
recently–starts
and
ends
with
secure
identity.
Mass
adoption
of
passwordless,
phishing-resistant
authentication
Over
the
past
year,
we
have
seen
huge
growth
in
multifactor
authentication
(MFA)
as
a
core
requirement
of
identity
and
access
security.
This
growth
is
being
driven
by
initiatives
from
major
corporates
and
industry
groups,
and
intervention
and
enforcement
from
regulatory
bodies.
The
increasing
use
of
MFA
to
protect
sensitive
data
and
systems
has
prompted
attackers
to
improve
their
ability
to
circumvent
MFA
protection.
Their
measures
range
from
novel
Adversary-in-the-Middle
attacks
(in
which
an
attacker
inserts
themselves
between
two
parties,
such
as
users
or
systems,
to
capture
their
communications)
that
target
authenticated
sessions
to
less
sophisticated
MFA
Push
Fatigue
attacks
(in
which
attackers
send
a
flood
of
unsolicited
push
notifications
to
users)
that
aim
to
fatigue
a
user
into
accepting
a
notification
that
will
give
the
attacker
access
to
systems
or
data.
Solutions
to
these
attacks
exist
in
the
form
of
passwordless
and
phishing-resistant
authentication,
and
I
expect
to
see
a
rapid
ramp-up
of
passwordless
authentication
in
2023.
Organisations’
own
initiatives,
as
well
as
increased
expectations
from
both
regulators
and
consumers,
will
each
independently
influence
this
trend.
Escalation
of
AI
concepts
and
use
cases
AI-enabled
applications
will
escalate
to
impact
all
areas
of
our
work
and
social
lives
as
synthetic
identities
and
deepfake
audio-visuals
become
easier
to
generate
and
improve
in
quality.
In
2023,
we
see
these
applications
becoming
more
common
in
social
and
corporate
fraud.
Automated
learning
machines
designed
to
probe
and
attack
vulnerabilities
will
become
common
and
prompt
businesses
and
government
organisations
to
adopt
defensive
automation
and
machine
learning.
Expect
an
explosion
of
applications
and
a
more
gradual
evolution,
consolidation,
adaptation,
and
survival
of
the
fittest
over
2023
and
beyond.
The
importance
of
trust
Whether
it’s
building
confidence
in
identity
and
security
capability
or
underpinning
a
commitment
to
privacy
and
customer
wellbeing,
trust
is
fast
becoming
an
organisation’s
most
critical
resource.
Trust
is
often
the
most
compelling
differentiator
for
digital
entities
operating
online.
To
establish
trust,
a
business
or
organisation
needs
the
capability
to
achieve
an
outcome
and
the
ability
to
generate
confidence
among
observers
that
expected
actions
occur
when
a
situation
moves
from
the
‘known’
to
the
‘unknown’.
Trust
must
also
be
communicated
effectively
and
consistently
to
maintain
or
generate
value.
In
2023,
corporates,
individuals
and
governments
will
all
take
steps
to
build
and
demonstrate
trust
to
operate
effectively
in
the
digital
world.
Unfortunately,
criminals
will
also
aim
to
create
or
erode
trust
to
achieve
their
own
nefarious
ends.
Trust
will
be
difficult
to
generate,
challenging
to
demonstrate
and
increasingly
easy
to
lose–making
it
an
extremely
valuable
commodity.
For
businesses
and
government
organisations,
investing
time
and
resources
into
these
areas
in
2023
and
beyond
is
key
to
managing
many
of
the
trends
that
gained
momentum
in
2022
and
new,
unexpected
developments
this
year.
About Author
