3 minute read
Timeline
TIMELINE 4
TRENDS SET TO DEFINE CYBER SECURITY IN
Advertisement
THE EXTINCTION OF MAINFRAMES WILL ACCELERATE
There’s no denying mainframe use has been declining for years. Mainframes are expensive, they require specialist IT skills to use and maintain, and in most use cases have been outclassed by open platforms for a very long time. However, they have remained a cornerstone of many IT systems as organisations have not been brave enough to move critical functions to modern environments or have relied on the fact that data on mainframes is air gapped from other systems to protect it.
In 2023, pressures to make core business data more readily available to third parties for analytics’ purposes and to drive faster real-time experiences will accelerate mainframes’ extinction. The air gap that traditionally protected mainframe data from public-facing access will disappear as businesses push for greater availability. A lack of appropriate controls will put that data at increased risk of being compromised. At this point, this reduced security will mean mainframes aren’t worth the extra cost and complexity for many organisations.
ORGANISATIONS WILL RECEIVE RECORD FINES
Too many organisations still tackle data security with a patchwork of technology, leaving most data unmonitored and unprotected. At the same time, regulations continue to expound on the need for specific types of monitoring as well as protection for different types of data, further exacerbating the risks of siloed security practices. 2023 will see a huge wake-up call, as at least one organisation will receive a record fine because of its lack of unified security.
On average, organisations are juggling more than 75 security solutions across network, application and data security. Trying to manage these tools increases both the risk of burn-out and the chance that security teams will miss threats. With new threats to data, applications and networks emerging all the time – from increasingly sophisticated API attacks to fresh bot exploits – organisations will need a unified approach to stand a chance of tackling these new dangers, avoiding hefty fines, and protecting their most sensitive assets.
2022 was a challenging year for enterprise security, with consumers losing trust in organisations' ability to keep their data safe. APIs have have come under increased assault. As data security becomes more of a priority, cybersecurity company Imperva shares its predictions for 2023.
2023
BOTS WILL TAKE OVER THE INTERNET
By the end of 2023, only half of all internet traffic will come from a human. What’s more, two-thirds of all bad-bot traffic will be considered moderate or advanced, making these automated threats harder to detect and stop. In 2023, APIs will become the prime target for bad bots. Seen as signposts to sensitive data, 2022 saw vulnerable APIs cost businesses $75bn a year. This problem is only going to worsen next year because API defences often overlook automated threats.
Bots will become a persistent threat that organisations need to look out for or else risk data leakage. The challenge is that tried-and-tested methods of defeating bots may not work. For instance, returning a CAPTCHA challenge to an API request breaks the calling application. Businesses need to use machine learning to differentiate normal API behaviour from malicious traffic and to understand what data should be transmitted through the API. Organisations will face an uphill battle mitigating automated attacks targeting their API libraries until bot management and API security are used in concert.
CLOUD SECURITY TOOLS WON’T BE FIT FOR PURPOSE
2023 will be the year we see organisations begin to question whether they are being too trusting of cloud security. They will increasingly realise that the cloud is not secure-by-design and that bundled security tools from cloud providers simply don’t cut it. Despite initially appearing to be easy to use, enterprises are finding – to their cost – that the one-size-fits-all approach of many cloud services’ security offerings simply cannot fully protect data in the cloud. There will always be differences in circumstances that leave a gaping hole for attackers.
Without putting in proper controls to secure the cloud, vulnerabilities and misconfigurations of cloud environments will be one of the biggest risks to data. Enterprises will see a thorough security audit as one of the essential steps to adopting any cloud service and ensuring that they have the right security and tools in place to meet their exact needs, instead of blindly trusting their provider. After all, it doesn’t matter how much money you save migrating to the cloud if you increase the risk of a costly breach in the future.
