What's next in 2023 for Cybersecurity?
As we find ourselves nearing the end of 2022, the question is being asked - what's coming in 2023? From regulations, digital identities and the battle of reality - we asked our experts their thoughts on what's next for cybersecurity.
Jerry Tan,
General Manager, PH & SG | Sales & Marketing VP, APAC
Neil Salcedo,
Sales Engineer, APAC
Rock Villano,
Product Marketing Manager, APAC
Lila Kee,
Chief Product Officer
Andreas Brix,
Program Manager
Arnaud Vanderroost,
Vice President of Sales, EMEA
Richard Hancock,
Data Protection Officer
Yateesh Bhardwaj,
Product Manager
Luiza Dias,
Chief Executive Officer for Brasil
Silvia Bertolotti,
Solution Sales Consultant EMEA
Grace Armano,
North America Sales Team Lead
Ashish Dhiman,
Product Manager
Self Sovereign Identities on the Rise
2023 will see the first digital identity wallet supporting trusted cross-EU border transactions where consumers will have ultimate control of where and how their electronic Identity will be used. The introduction of a wide scaled use of self-sovereign identities will be the biggest factor in driving the democratization of consumer/citizen identity globally.
- • Driven by an expansion of the 2014 eiDAS regulations, and further with the September 2022 release of the eIDAS 2.0 - Toolbox European Digital Identity Framework, innovation will rapidly advance with the promise of cross EU border digital Identity interoperability.
- • Expect transformational society impact through the introduction of wider applications and consumer adoption as emphasis around useability as well as increased privacy has been built in by design.
- • Consent will be key to increasing consumer privacy protection especially around how and where their data will be used or shared
- • Digital wallets will be the de facto method for users to Bring Their Own Identity (BT.YOI) supporting a wide range of commercial and government use cases including bank account set up, proof of adequate age (without sharing exact birthdate), accessing medical records, and interacting with government services to name a few.
- • Considering mobile device and Cloud applications will be prevalent methods for access to digital wallets, the importance around mobile and cloud cybersecurity will only increase in significance.
Messaging Tools are Gaining, but Email will Still Remain Popular in 2023 – and Beyond
In my almost 20-year career in the IT world I have been exposed to a lot of predictions. Even though some of them were wrong (inevitable), they still triggered interesting discussions and thought processes. One of these was made in Germany at the it-sa trade show by one of the collaboration platform providers in 2018. “Email will be gone in the next five years,” they stated and seemed convinced their statement would come to fruition.
Now, looking back at these last five years there have been changes in the way we communicate. Messaging services and apps are used more and more in the business world, such as Microsoft Teams, making email more reserved for internal communication.
But why is it that there are 4 billion daily email users (and climbing) ? One of the answers is hidden in the last paragraph. Its messenger´s, so the plural. Every company uses the messaging tool of their choosing. Even if the same messenger is in use, admins are afraid of opening this communication platform to external parties as they are afraid of creating a new attack surface.
So even after 50 years, going into 2023 email will remain one of the few communication standards where we can reliably exchange information worldwide. As long as it is secure and reliable, I wouldn't expect major shifts for years to come.
Virtual Reality, Augmented Reality and Mixed Reality: Who will be the Winner at the end?
Future technologies such as Virtual Reality (VR), Augmented Reality (AR) and Mixed Reality are all considered to be areas of tremendous growth. Several tech giants like Meta, Microsoft, Nvidia, Alphabet, Qualcomm and even Apple have already chosen their side and are investing workforce, time, and money in them.
Meta, the parent company of Facebook which we have seen appearing quite often in the news lately, is a firm believer that the metaverse is the ‘new big thing’ and investing billions of dollars to make Mark Zuckerberg’s dream come true. This 3D VR immersive world is the new hype and is slowly but certainly shaping up. Although, some might wonder if these platforms will ever be populated with more than marketing teams and GAFAM developers. Currently, opinions are mixed, so it is wait and see for the time being.
Apple, on the other hand, has pinned all its hopes on AR, where a user can put on some form of glasses and live in a world where his/her/their real-world is visually augmented and where data, information and other details are superimposed on it.
With the enormous investments being made by these tech firms in the different worlds/technologies, we may find that, in 2023, to see these forms of technologies being further integrated into our lives. Training, education, marketing, entertainment, and medicine (i.e. surgery); they all have huge potential – which still needs to be discovered and developed. We might still be several years away from when all of these “realities” are well established, but 2023 should give us a good view of where we are heading towards.
Internet of Things (IoT) in APAC to continuously expand
The IoT has been a vital part of our daily lives. Home automation, wearable technology, smart business systems, and smart healthcare all use it to connect and exchange data with other devices and frameworks on the worldwide web. It’s one of the fastest growing industries not just in the APAC region, but all over the globe.
The IoT market is expected to reach US$436 billion according to the International Data Corporation. In Asia Pacific, IoT will pose a Compound Annual Growth Rate (CAGR) of 11.8% for 2021-2026. Its exponential growth in the region is mainly driven by the following factors: (1) the demand for remote operations, which started during the pandemic; (2) better network coverage in APAC; and (3) the deployment of commercial 5G testbeds.
APAC businesses are actively pursuing digital transformation – creating new ventures and closing productivity gaps in their current value chains. Consumers continue to strive for convenience with the evolving IoT innovations. Recognising the fact that IoT adoption drives economic growth and improves quality of life, many governments in the region have implemented policies and initiatives to promote the deployment of IoT technologies. They have also provided funding and further support to enterprises and interest groups working on IoT projects.
Overall, APAC is poised to play a leading role in the global IoT market and will continue to do so in the coming years.
Huge internet usage in APAC will lead to the continuous adoption of SSL and digital certificates
Internet connectivity is becoming more and more important in a mobile world. An estimate of 5.25 billion people globally has access to the internet, accounting for 66.2% of the global population. All over the world, APAC has exhibited the largest growth of internet users, with countries like the Philippines and Indonesia being at the top in terms of online presence. The huge internet usage in APAC makes the region a hotbed for cyberattacks such as malware, ransomware, and other computer viruses.
SSL certificates aim to solve this issue of unsafe internet connections. Standing for Secure Sockets Layer, SSL certificates are issued by Certificate Authorities (CAs). These digital certificates authenticate the identity of a website and enable a secured, encrypted connection. SSL certificates put the “Security” in HTTPS (versus HTTP).
The exponential increase of APAC internet users, together with the growing cybersecurity awareness of individuals and organisations are considered the main drivers of surging adoption of SSL certificates. Moreover, e-commerce is one of the fastest growing industries in APAC. All e-commerce owners and service providers rely heavily on SSL certificates to assure users that their platforms are secure, and users’ personal information is protected and encrypted.
Globally, the CA market is expected to reach the value of US$259.9 million in 2027 – double from its 2021 value of US$130 million. CAGR is registered at 12.54% from 2022 to 2028. Mordor Intelligence report confirms Asia Pacific to be the fastest growing CA market.
In recent years, organisations are also embracing and increasing adoption of digital document signing platforms for ease of remote signing that is legally binding. As a result, the rising demands for digital certificates is a trend that we will continuously see for 2023 across all industries which are looking to secure their endpoints.
People’s Perception on Security and the CA Market will Change
In year’s past, organizations would implement very basic security software that required little oversight. Today, the situation is very different. Companies now understand their future is not so secure and rogue elements are becoming smarter by the day. New cyberattacks take place constantly, and IT companies and IT departments are struggling to contain them.
In 2023, we can expect to see a two-fold increase in security awareness, as well as products utilizing Public Key Infrastructure (PKI), but also cloud security more broadly, especially in developing markets like APAC and African countries as compared to the west. For example, some commendable work that we will see is in India, where the government has already been educating its citizens about the dangers that can lurk on their computers and phones. Because of this, people are increasingly becoming better educated on digital security, so this will continue to grow in 2023 and beyond.
In addition, there will be adoption of products which are easy to use, integrate well and can suffice for many use cases – taking the approach of “killing two birds with one stone”, as companies grow weary from having to rely on a plethora of security tools (there’s just too many different products on the market, so it will be good to see a shakeout.)
Certificate Authorities like GlobalSign will see skyrocketing demand, as they are compliant and are backed via reliable certificates.
Furthermore, we will see some new entrants to this market, especially operating systems (Microsoft, Apple, Linux) as they understand the need for centralized integrations through the Cloud. Some segments like ecommerce and defence will see huge demand. According to research firm MarketsandMarkets, we are setting at around $130M in CA, and we will see this grow to $230-250M.
2023 Data Laws: Where Are we Headed?
Before we can consider what the next 12 months could have in store for us, it is important to recap on the last year. So, what happened in 2022? Of course, we saw many cases, judgements and some enforcements. However, what really stood out were the changes and adaptions to the global legislative landscape. On the back of the very serious Medibank and Optus breaches, Australia is proposing a sweeping overhaul of data laws, in response to a widely misunderstood cookie requirements implementation by web developers the UK is considering ripping up parts of the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) has triggered a snowball of other states reviewing their own rules and many other nations are scrutinising their legal frameworks regarding data.
It is almost certain that 2023 will see both a continuation and growth of these activities. We are already witnessing data breaches featured on mainstream news and this will be a common place feature in the next year. As public awareness builds so will the demand and expectation of privacy and protection of information.
As much as it is hoped that even with its changes to local law (if they go ahead), the United Kingdom (UK) will retain its European Union (EU) adequacy decision. Should it lose that status then it will very quickly become clear how difficult it is to trade, communicate and interact with other nations and it is for this reason that we will see countries whose data laws are outdated begin to review and update them to meet, at least at the conceptual level, the high bar set by the GDPR.
The areas where expectations of the most, relatively speaking, seismic shift in data laws occurring is the United States. Here, the changes are multi-pronged and include the case for data protection laws at the federal level gathering pace. Historically, and to this day, there has been no unity or centralisation of a common set of principles in this area, outside of specific industry verticals (think FTC, HIPAA etc here). The actions taking place in the spaces of open banking will almost certainly mandate the move to this central, managed and aligned legislative cohesion resulting in the bi-product bonus of a privacy model which can span all states, all industries and be the vehicle for efficient and frictionless data transfers throughout the nation.
One of the biggest headlines for next year will surely be the new framework agreement between the US and the EU. Long awaited since the invalidation of Privacy Shield back in 2020, a replacement is hotly anticipated for the early part of 2023. It will, of course, take time for this to settle in and to be able to rely on it as a legal basis for transfer, but the hope for it to replace the current Transfer Impact Assessments (TIA) is high.
There are questions which are impossible to predict. Will the UK scrap GDPR and start again? Will Max Schrems instantly challenge the Privacy Shield replacement? Will political instabilities in certain regions derail policy in this area? Will more countries adopt data localisation requirements? There are some absolute certainties though – the importance of data protection will grow, awareness of data uses will heighten and data will become even more invaluable to fraudsters prompting organisations worldwide to continually monitor and improve their own infrastructure protection.
2023 will be a year to watch and hold onto your seats.
Automated Certificate Management will be an emerging driver in the DevSecOps
In 2023 and beyond, security will no longer be a second thought in DevOps pipelines. It is only in the past several years that DevSecOps has emerged as an important segment of the overall DevOps industry. But given the massive increase in data breaches, phishing attacks and more, it’s abundantly clear that developers have to increasingly relying on tools such as automated certificate management for ensuring security into their systems.
I say this because, to have a DevSecOps-centric approach, developers need to ensure that security is injected into every development life cycle layer, which is not possible without automated certificate management. Automating certificate management helps to ensure tight security in their development pipeline.
1. Visibility of Certificates - A centralised PKI infrastructure will help organizations track and manage their certificates from committing the code on version control systems to the deployment
2. Automation & Integration in CI/CD - With the help of the ACME protocol, it’s easy to configure and install certificates into the vicinity of the CI/CD pipeline
3. Security Awareness & Enforcement - Automated Certificate Management infrastructure helps Developers understanding of the security Protocols and they will be able to enforce certificate in their automated workflows to secure their end-to-end infrastructure
So, organizations who want to ensure security into their systems, must focus and invest more in the Automated Certificate Management.
Latin America’s Automation Industry Will Have to Implement More Cybersecurity Solutions Next Year
In 2023, Latin America's economies will begin recovering from a combination of impacts: the pandemic, economic disrupation and cyberattacks. Taken altogether, the result is the region, which comprises 33 countries, will require greater productivity. Automation is the key, as it will optimize production in various industries such as automotive, agrifood and mining, which are the region's top sectors. Therefore, having access to computer security systems that allow for these technologies to be implemented efficiently is critical, but also a challenge for our region.
Fortunately, large corporations plan on investing in automation in the next year. According to the third edition of the Futurum Research’s Now and Next Report, 77% of companies intend to enhance their investments in automation. Likewise, Gartner predicts that 85 % of infrastructure and operations (I&O) leaders envision automating their enterprises within three years.
The automation processes utilize software and connectivity systems that are susceptible to attacks and, because of this, they demand implementations that solve these vulnerabilities, so the production systems can be improved. In that sense, the investments should be destined not solely for the automation process, but companies should also take into consideration the security processes required to avoid any attack in order to not jeopardize a company’s productivity.
eIDAS 2: New horizons for the European digital identity
In June 2021, the European Commission presented a proposal aimed at reviewing the current directive no. 910/2014 (eIDAS Regulation) with the introduction of new changes to the electronic identification, authentication and trust services scheme (eIDAS 2).
These changes establish a new legal framework for the European digital identity and for the eIDAS regulation, aiming at the acceleration of the digitalization process for public and private services within a cross-border context.
The current directive did not contain a specific indication for "electronic identification" tools, consequently each state implemented one or more solutions without any interoperability or precise rules for mutual recognition.
By September 2023 the new EU digital ID must be made available to every EU citizen (or resident) and business; it will be used for both online and offline services across Europe and also for storing sensitive personal data (i.e. health related data) within a document.
The most relevant news and the key element of the new proposal is the introduction of the European digital identity wallet, a biometrically-secured identification and authentication tool.
The wallet will contain a PID (Person Identification Data) which stores the identification data and credentials linked to its identity. Through this wallet users will be able to prove their identity and share information across Europe.
This tool will certainly simplify and unify the identification procedure in Europe whenever a citizen will need to use a public administration service, i.e.: enrolling in a university, filing tax returns, opening a bank account, requesting a birth certificate, accessing to different medical systems etc.
The offer of digital identity wallets from mobile app providers is already increasing and at a certain point the European Commission will need to regulate the market offer.
The majority of citizens, as well as many private businesses, seem to be ready to adopt digital identification across the EU states for most of their services. But will the Public Administration be also ready to implement and adapt their systems? This is a question we may not find answers for quite a while.
2023 will bring changes for remote working, cloud infrastructure and data security, and global collaboration
Every year we think we have a handle on what and how improvements and, advancements in technology bring us. In the last couple of years, we have seen huge wrenches, such as the pandemic and now the war in Ukraine, which have catapulted those changes and made us re-evaluate how we work, live and play.
The pandemic brought changes that have now stuck with us or still learning to deal with, namely remote work and digital communication. This year the war in Ukraine has brought more change and concern particularly about cyber warfare.
Remote Work - Phishing attacks are a pervasive security threat to the IT sector, with many people still becoming the victims of phishing emails. Not to mention, employees are using their personal devices for two-factor authentication, and they may well have mobile app versions of instant messaging clients.
Cloud Infrastructure and data security – Data breaches are costing more than ever and ransomware is more prolific every day in all areas of business, most notably the healthcare, finance and education industries. It’s not enough anymore to simply secure your website. Hackers are savvier than ever!
Global collaboration and digital signing - The global digital signature market is growing at a staggering pace. Most notable will be the launch of the EU Digital Identity Wallet (and eIDAS 2). In a nutshell a digital signature creates electronic trust between individuals, companies, and government entities by standardizing electronic identification and signatures across the world. The faster you can get business conducted domestically or worldwide securely and within compliance guidelines will determine your competitiveness in the marketplace.
We will see the rise of multifactor authentication
Nowadays, processes are digitally interconnected. While authentication may be effective in verifying the identity of the user and provide security in the organisation, cyberattacks are getting stronger day by day. With this, it is necessary for organisations to add another layer of security to their systems through multifactor authentication.
The top focus area for 40% of responding organisations is identity security, according to IDC’s 2022 State of Identity in APAC. This prioritisation is driven by the adoption of remote systems and complexity of processes conducted through digital systems. Similarly, the banking and finance industry has established a bigger demand for strengthened security measures in their systems with the goal to positively impact market growth in APAC. Combined with smarter identity theft mechanisms by hackers, correctly proving one’s identity is more needed than ever.
Given this need, multifactor authentication is expected to rise in the Asia Pacific. Multifactor authentication can provide extra levels of security to validate user identity, preventing possible attackers from gaining access to systems if a password breach happens.
Predicted growth of multifactor authentication in APAC is consistent with the regional trend of remote work brought by the pandemic. With worker mobility becoming a focus area for organisations, BYOD usage is expected to be higher and given the sensitivity of information inside organisation systems combined with the stricter requirements brought by data security regulations, the MFA market is forecasted to expand.