GTT predicts four developments in the field of cybersecurity

In 2023, businesses will continue to transform digitally as the global COVID pandemic necessitates employees being able to work with applications in the cloud. These developments are driving the emergence of a software-defined wide area network that relies on internet connectivity. With the growth of the cloud and applications, the need for more bandwidth will continue and technologies such as 5G and eventually 6G will enable optimal enterprise connectivity as alternatives.

With the evolution of the global workforce and hybrid cloud deployments, end users must access business applications anywhere, anytime, while IT staff must protect the organization with new security measures. Cybercriminals visit organizations’ websites to determine which branches have closed and search LinkedIn for employees who work from home. These employees are then a target. This scenario has adverse consequences for companies that have been slow to implement a Secure Access Service Edge framework, including zero trust.

Despite these challenges, IT teams will have new tools and strategies at their disposal in the coming year to resist the increasing number of threats. For the year 2023 we make the following predictions.

Security will move to endpoints

A weak point in the security of the company network allows ransomware to spread rapidly in the organization within minutes. Many organizations are unaware of this because they have implemented a Virtual Private Network or an Endpoint Detection & Response solution, mistakenly believing that alone equals zero-trust protection.

In response, many organizations will move the security stack from the application layer to endpoints – where we expect a 10,000% increase in attacks. Enterprises can install 5G adapters directly on the laptops, giving them more granular control over the last-mile network to enforce resource-based security policies no matter where the user is.

The focus will not only be on training employees, but also on managing others with remote access to corporate networks.

There has been a strong focus on providing cybersecurity tools and awareness training to better protect employees against cyberattacks such as phishing. But many organizations fall short in their approach to external users such as contractors and partners, to whom corporate policies and procedures do not apply. These partners often have access to some of the company’s most critical information systems, especially when working with finance teams and legal departments. That increases the risk of a data breach much more compared to incidents where employees accidentally click on a malicious link.

In recent years, mature organizations have performed security checks on suppliers or contractors who store their data. That’s a good starting point, but organizations should make an effort to continuously provide IT managers with risk scores.

Many organizations that in the past have felt unable to carry out these evaluations will be forced to rethink their approach. They will need to start by understanding which of their business activities partners should be allowed access to, which partners and activities they should monitor and which are of lesser concern. They should conduct a data check with each supplier as part of the initial engagement.

AI and machine learning are becoming a more prominent aspect of SIEM

Next year, vendors will take a giant leap by integrating artificial intelligence (AI) and machine learning (ML) into security information and event management (SIEM) platforms. SIEM has an excellent ability to collect information and enables enterprises to filter and focus on the most relevant alerts. But there’s still a lot of noise coming in, and companies typically still rely on analysts to build filters. If an organization gets thousands of the same inconsequential alerts every day, they will start ignoring them. By building more AI/ML into logging systems, IT managers can filter out the noise and prioritize the relevant alerts. For example, the system can learn to ignore alerts from weekly server backups and not have to call in an expensive security specialist to analyze that alert.

We will never be able to fully automate the use of AI/ML to determine all relevant threats. But over the next year, tools will become available to limit analyst involvement in filtering out SIEM noise, taking us to the next level of managed detection and response.

2023 will be the year of improved internet

Enhanced internet services have become popular in recent years and these are services that improve the reliability and performance of internet traffic. First defined by Gartner, it includes features such as telemetry-based routing and performance optimization.

Tier 1 internet service providers, with their ability to see trends in IP traffic before anyone else, will formulate algorithms to start watching traffic flows, constantly informing customers of potentially malicious traffic from certain destinations to their IP ports to be examined, without the need for additional security functionality.

Service providers will also provide customers with full vulnerability scans of their IP range in a timely manner to provide insight into risks. As organizations grow, they often encounter shadow systems with vulnerabilities that go undetected because these systems are quickly forgotten. Scans can easily uncover dozens of vulnerabilities on an organization’s public websites in seconds, just by checking a few IP addresses they own.

Michel Verwaerde is Country Manager Belgium-Luxembourg GTT

Leave a Comment