Page 95 - Cyber Defense eMagazine January 2023
P. 95
3.) “In 2023, API security will drive realizations and revelations by enterprises that go beyond the threat
and risks of APIs. API security is dependent on the discovery and collection of the APIs that a company
is exposed to. Once organizations take that step, they quickly realize that the entire operational
framework of their API management is problematic. There is very little in the form of standardization and
governance for APIs in most companies, which means that there are huge amounts of inefficiency and
costly redundancy across those same APIs. API security in 2023 will create a broader understanding of
not only the risks a company is facing, but also the costly consequences of a broadly unmanaged function
within their organizations.”
4.) “The pathway to self-awareness and self-learning about API security starts with taking a simple step;
exercising intellectual honesty. API security and operations isn’t something new. It is an extension of the
best practices that have always been demanded in the digital world. If you believe you don’t have an API
security problem because you don’t use a lot of APIs or because you leverage an API gateway or web
application firewall, you’re not being intellectually honest. Every day, in highly publicized events, the
attack surface and vulnerabilities of APIs is being clearly communicated to the market. Believing that
APIs won’t be opportunistically exploited by bad actors just isn’t supported by data, evidence and the
history of technological evolution. The time to learn and move on API security is now, not two years from
now when the seriousness of the risk is fully understood.”
Tyler Farrar, CISO, Exabeam
Nation-state attacks/geo-political matters:
“Nation-state actors will continue cyber operations in 2023; whether these attacks increase, decrease, or
stay the same ultimately depends upon the strategic objectives of each campaign. Based on the current
geopolitical climate, I think we can expect these cyberattacks to increase across the major players. For
example, Russia’s failure in Ukraine exposed its weaknesses to the world, but its attacks are likely to
continue against Ukraine, including operational disruption, cyber espionage, and disinformation
campaigns. It would be unsurprising for the attacks to expand beyond Ukraine too, as Russia's leader
attempts to prove Russia is not weak. Likewise, cyber espionage is a key tactic in China’s strategy for
global influence and territorial supremacy, and I think we can expect these operations to increase,
particularly across private sector companies.
In 2023, state policies will directly influence cybercriminal and hacktivist communities to obfuscate
sources and methods, increasingly blurring the lines between nation-states, cybercriminals, and
hacktivists. Cybersecurity teams would be wise to remain flexible with respect to threat actor attribution.”
Impact of economics on security:
“The economic downturn, and in particular inflation, has - and will continue to have - a significant impact
on security spend, likely forcing reductions and leveling impacts to organizations and to threat actor
behavior. The key to defense for these organizations is doubling down on cyber talent and security tools.
Meanwhile, security organizations should aim to consolidate legacy technology platforms, decreasing
Cyber Defense eMagazine – January 2023 Edition 95
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
