2023 EMEA LATAM Predictions by Palo alto Networks

50

Prediction 1: Cyber Risk Is a Key Criteria for Supplier Selection

With the rise and risk of supply chain attacks, factors like cyber resilience, vulnerability assessments, and level of cyber insurance will become part of the selection criteria in order to do business.

 Call to Action

Classify your suppliers based on risk posture and assess if they are cyber-insurable or not. A key part of supplier selection should focus on their dependence on open-source code – expect the vetting process to become more sophisticated.

Prediction 2: Rise of Coordinated Kinetic Attacks 

Cyberspace has been a battleground for many nation-states. In 2023, we will see an increase in coordinated activity from both the cyber and physical environments targeting critical infrastructure. In the private sector, physical user safety against coordinated attacks that abuse IoT or OT systems will be a key concern.

Call to Action

Autonomous Security Fusion Centers that combine cyber and physical elements can act as an early-warning system to detect and respond to these attacks. Similarly, combining cyber and physical security teams can help coordinate responses.

Prediction 3: Social and Environmental Responsibility Entering CISOs agendas

As digital activities are expected to reach 7% of greenhouse gas emissions by 2025, companies are turning to digital transformation as a lever to reduce their emissions.

Call to Action

Joining CIOs, CISOs will be given sustainability objectives in their roadmaps and, more generally, will have to take part in their organisation’s social (CSR) and environmental responsibility strategy. Cybersecurity is an enabler, and in addition to keeping critical infrastructure safe, it gives organisations the confidence to deploy new technologies that help achieve sustainability goals.

Prediction 4: EU Regulation Framework Is Shifting

With a revised NIS (v2) and the future Cyber Resilience Act (CRA), both critical infrastructure and digital supply chains will have to plan for an evolving regulatory framework across the European Union.

Call to Action

As more and more businesses integrate digital elements into their supply chain, CISOs must work on making the evolved regulation a future competitive advantage as boards consider implementing dedicated security committees.

Prediction 5: From Ransomware to Stealth Stealers

Threat actors are increasingly using stealthy software and techniques to steal data without victims being aware. In contrast to the ransomware business model of demanding payment, the stolen information or crypto wallets are sold or leveraged directly while the threat actor remains hidden.

Call to Action

Upskilling and up-tooling for attack surface management and detection capabilities surrounding the organisation’s digital critical assets will increase significantly.

Prediction 6: The Year of Consolidation

As budgets tighten and economic uncertainty takes centre stage, a key CISO metric for the year ahead will be to consolidate security assets away from multiple vendors, thereby reducing risk and saving costs.

Call to Action

Shifting the focus towards converging platforms for SASE, XDR, Cloud, and within the SOC will be vital. Taking things one step further, security teams should align these efforts to overall business value metrics, thereby assuring levels of protection based on their board’s risk appetite.

Prediction 7: Security in the Cloud… but not too far, please

The need for low-latency use cases (IoT, robots), optimal user experience, and regulatory concerns, such as data localisation, will require data processing capabilities to be located close to where the user is consuming the service. Cloud-based security services will have to be able to scale across an infrastructure that is increasingly dispersed and localised.

Call to Action

Secure Access Service Edge (SASE) will bring the best user experience and operational performance to enable future digital growth, thereby paving the way for viable edge computing.

Prediction 8: Too Much Employee Data will Land CxOs in Trouble

Fueled by the move to hybrid working practices, employee monitoring has turned to full volume to sustain and grow worker productivity. But where should organisations draw the line? Collecting data such as keystroke recording, desktop snapshots or even tracking employee movement can violate data protection laws such as the GDPR.

Call to Action

When it comes to collecting data, CISOs need to put themselves in the mindset of the employee and ask two questions:

1. How much is too much?

2. What if the employee wants their data back?