Experts forecast future threat vectors most likely to affect organizations worldwide in 2023

DigiCert experts forecast future threat vectors most likely to affect organizations worldwide in the New Year

DigiCert, Inc., a leading global provider of digital trust, recently released its annual forecast of cybersecurity trends emerging for the new year and beyond. These projections — authored by DigiCert experts Dr. Avesta Hojjati, Dean Coclin, Mike Nelson, Srinivas Kumar, Stephen Davidson, Steve Job and Tim Hollebeek — are based on shifts in technology, threat actor habits, culture and decades of combined experience.

“These predictions come on the heels of our 2022 State of Digital Trust Survey that found that almost half of consumers (47%) have stopped doing business with a company after losing trust in that company’s digital security,” said Hojjati, VP of Research and Development at DigiCert. “The more CISOs and other IT staff understand the security implications of evolving technologies and threats, the better prepared they are to make the right investments for their business to ensure digital trust.”

Prediction #1: Quantum Computing Will Force Crypto-Agility — Cracking a 2048-bit encryption would take an unfathomable amount of time with current technology. But a capable quantum computer could conceivably do it in months. We predict an increased focus on the need to be crypto-agile as quantum computers pose a significant future threat for secure online interactions. Cryptographic-agility will be a competitive advantage in the very near future.

Prediction #2: Matter Will Become a Household Standard — Matter is a smart home standard and common language for smart home devices which are secure and trusted to communicate and connect seamlessly. DigiCert predicts the Matter logo will become the symbol that consumers look for in smart home technology.

Prediction #3: Code Signing Will Prompt A Race to the Cloud — OV code signing certificates are changing. They will soon be issued on physical security hardware in a similar way to how EV code signing certificates are issued. In June 2023, according to the CA/B Forum, a voluntary group of certification authorities (CAs), vendors of internet browsers and suppliers, notes that private keys for OV code signing certificates must be stored on devices that meet FIPS 140 Level 2, Common Criteria EAL 4+ or equivalent security standards. We predict that these changes will mean customers move to cloud signing in large numbers, instead of dealing with replacing their hardware token. We also expect all code signing will be cloud-based in the future, as customers will prefer cloud over having to keep track of a hardware key.

Prediction #4: Software Supply Chain Attacks Will Make 2023 the Year of the SBOM — An SBOM is a list of every software component that comprises an application and includes every library in the application’s code, as well as services, dependencies, compositions and extensions. Because of the information and visibility it provides into software supply chains, we predict the SBOM will be widely adopted in 2023. While most of the requirements are taking place at the federal level now, expect the SBOM to spread to commercial markets soon to secure software. All of this means software producers will be required to get more involved in the process of ensuring their products are secure — and visibility will be key to that.

Prediction #5: Physical SIMs Will be Replaced by eSIM and iSIM Technology — The introduction of the integrated SIM (iSIM), which does not require a separate processor, is smaller, and does not take up much room on hardware such as mobile phones. We predict the next generation of smartphones will remove traditional SIM hardware functionality and move to eSIM and iSIM as the root of trust.

Prediction #6: EU Digital Identity and European Digital Wallet Will Become the Worldwide Model — The EU Digital Identity Wallet is a European Commission initiative under the eIDAS Regulation that will create a unified digital identification system across Europe. The EU Digital ID Wallet will allow European citizens to carry eID versions of their official government ID documents in a secure mobile wallet application for use in online authentication and electronic signatures. We predict that much like Apple Pay and Google Pay have become widely adopted as a means for digital payments, the EU Digital Identity Wallet will become the model for digital identity that the rest of the world will seek to emulate. With the legal framework and policies in place for adoption on the continent, users will begin to feel more comfortable turning to a digital wallet to store and share credentials when needed.

Prediction #7: DNS will continue to grow in importance — Infrastructure as code will continue its growth as being a best practice for organizations of all sizes. DNS services that have high uptime, fast speeds and fast DNS propagation will be crucial for organizations to have as a toolset. Well-defined APIs, SDKs and integrations will be highly vital to the success of organizations’ efforts to be productive and reliable.

Prediction #8: Criminals Will Exploit Zero Trust — Adversaries will deploy new technologies as well to increase their success rate in future attacks. Technologies such as Artificial Intelligence and Adversarial Machine Learning could potentially be deployed by a properly versed attacker to find weaknesses in an improperly deployed zero trust framework. As zero trust becomes the standard security approach for IT systems, we predict adversaries will change their attack approach to be able to overcome zero trust frameworks.