What types of applications do you anticipate being more vulnerable to cyber incidents. In 2023 due to poor or insecure code?

Due to heightened threat activity against targets in the healthcare sector. There was a 69% year-over-year increase in the number of cyber attacks across all sectors in 2022. Unfortunately, I think it will go on mostly. Because there are so many intricate, outdated processes in place.

With healthcare institutions requiring fast-paced digital transformation and maintenance like any other industry. It is all too easy for access control errors, misconfigurations, and other known exploits to go unpatched. A threat actor needs just one window of opportunity to inflict serious damage, and for organizations who are not putting their best defensive. Security strategy forward – which includes frequent and precision training of the development cohort – it’s hard to see this changing.

In addition, we cannot ignore the fact that, globally, there is an ongoing conflict between several world superpowers, and modern warfare has an increasingly digital front. Nation-State attacks will become more prevalent to cause chaos and interference, and are likely to target enterprises. In telco, health, finance, and utilities to disrupt key economic pillars and manipulate public opinion.

What will organisations’ procurement and security teams request from technology providers in the year ahead re: proof of secure code/software security. Before purchasing/implementing that technology?

I would hope that we have all learned something from the onslaught of supply chain attacks in the past couple of years. As a result, a comprehensive and current Software Bill of Materials (SBOM) will likely become a standard ask from vendors, in addition to trust and safety audits.

Every organisation must keep front of mind the reality that a vendor may not care. About security as much as they do, and due diligence is essential. The best vendors will ensure that a lot of this information is publicly accessible, as it really should be a point of pride.

From a policy perspective, what do you think will be enforced . Next year as it relates to safer security practices for organisations?

I believe we are hearing more about security skills verification in development teams. As he recommended several times by the US government.

However, it is one thing to enforce it, and quite another to implement. A viable program that will both teach and verify code-level security and awareness skills that will make a difference. This is where the industry as a whole needs to devote the most effort.