Richard Ford, CTO, Integrity360
Which cybersecurity start-up or emerging vendor are you tipping for takeoff in 2023, and why?
It's difficult to name just one, but as customers strive for more visibility to understand their exposure, risks and attack surface to mitigate threats well before they happen - I see vendors such as XM Cyber tipping the scales in terms of being able to meet these challenges.
Adjacent to this, as prevention is far better than cure, and the cyber security industry has been too peri/post-incident detection orientated, vendors that can provide solid proven prevention at the earliest stages of the kill chain will become increasingly important. Deep Instinct are definitely one to keep an eye on this year.
More broadly, what cyber technology, service or approach are you expecting more of your customers to adopt in 2023?
MDR is now a cybersecurity essential from our perspective and we are addressing this with all existing and new customers to enable them to gain full visibility and actively respond to threats. We expect to see an increase in adoption where customers don't already have an existing SOC capability and for those that do, MDR will release the pressure on internal teams.
How do you expect the threat landscape to evolve in 2023?
I expect ransomware to remain the #1 risk/threat, but the threat from insiders will grow this year as the economic conditions and cost of living crisis bites. I expect that we will see at least one globally affecting supply chain compromise like SolarWinds/Sunburst and a new game changing vulnerability such as Log4J/Log4Shell. Whilst Log4J has driven better vulnerability detection and remediation, the risk of similar occurrences is extremely high. This is because most organisations still lack the visibility required to detect malicious activity from a compromised, trusted, third party - whether this is compromised software or a service provider.