As a new year is upon us, Digital Bulletin talks to five senior technology leaders about their 2023 technology predictions.
Zeki Turedi, CTO EMEA, CrowdStrike
Cybersecurity: threats proliferate but best practice still works
As 2022 recently ended, CISOs and other security personnel are likely to be feeling exhausted. The year was unrelenting on the cybersecurity front and adversaries are only becoming more sophisticated and adopting more advanced techniques and technologies to circumvent organisations’ security measures.
Ransomware remained the most dangerous, costly and prevalent cyber threat to EMEA organisations in 2022 and will continue to be the most damaging cybercrime tool of 2023. According to CrowdStrike’s 2022 Global Threat Report, there was a terrifying annual increase of 82% in ransomware related data leaks costing the companies concerned €1.72 million on average.
It’s easy to understand the enduring appeal of ransomware to cybercriminals: it is increasingly easy to use and wildly lucrative. Over the course of the last two years, obtaining and using ransomware tools has become simpler than ever, with an ecosystem of criminal suppliers offering Ransomware-as-a-Service, with other elements of the operation, from stolen credentials to payment services and money laundering, also available as third-party services from a growing range of providers. Getting started as a cybercriminal required no more than a working credit card in late 2022. This coordination of criminal service providers to provide specialisation and automation is sadly only likely to grow over the coming year. Ransomware will continue to grow until such a point that most organisations have adopted advanced tools that make other criminal tactics more profitable.
The 2023 battlefield
Over the course of 2022, we witnessed some evolution in adversaries’ ransomware tactics. The extraction of sensitive data and extortion attempts based on the threat of the sale or publication of this stolen information has seen a marked rise. Indeed, we have seen several cases over the course of the last year in which the traditional encryption of victims’ data has not been part of the attack, with the adversary moving directly to threatening exposure of the data, with all the legal, regulatory and reputational damage such leaks would entail. The extortion tactic is potentially worth millions of Euros for every attack and can be repeated without any additional effort on the part of adversaries, so long as the data retains a value for its rightful owners.
Like previous years, we continue to see the successful and most sophisticated adversaries no longer using malware-based attacks but focussing on non-malware based techniques. As companies continue to focus on malware, these interactive attacks have begun to provide a higher success rate for cyber attackers. They now account for 71% of successful breaches, up 50% on the previous year. Ever the pragmatists, cybercriminals are now focused on identity-based attacks, whereby, rather than hacking their way into a victim’s system, they can just simply log-in, using genuine but stolen credentials available on the underground markets of the dark web or through other techniques.
This continued move to malware-free attacks, growing strongly since 2019, puts identity protection at the heart of cybersecurity in 2023. Alongside established, well-understood policies around strong passwords, organisations need to adopt new technologies developed specifically to make it harder for criminals to succeed with identity-based attacks. Security departments need to establish zero-trust policies and the technologies to support them if they have not already. They need to interrogate every identity on the network and use a variety of techniques to validate whether that identity is legitimate. Their chosen technology partner must offer several ways in which this legitimacy can be established (or not). Data in the organisation needs to be split, according to the needs of different roles in their organisation. A salesperson might legitimately need access to customer records, for example. Someone working in production probably does not.
Alongside identities, APIs became a part of the cybersecurity battlefield in 2022 and is a trend we will see continue this year and beyond. Gartner® predicts this will become the most common attack vector before long. Many cloud and SaaS services are accessed and controlled through APIs that allow their functionality to be extended and the flow of data through different applications. This is key to the power and popularity of cloud and SaaS, but like any other fast-growing technology, it has attracted the attention of bad actors. We’ve seen several successful attacks in this domain, and security-conscious organisations will have already adopted solutions that can ingest and assimilate signals from many different parts of their IT estate, as well as endpoints.
The right way forward – partners not technology
Technology moves very quickly and that won’t change in 2023. Anyone who has worked in the domain knows this: the tools and processes that were best practice in 2022 may be considered dangerously antique by the end of this year. This has important implications for your choice of vendor. It doesn’t make much sense to focus entirely on a particular product or technology, since these inherently have a short shelf-life. Rather, you should choose a vendor who will become a partner through the uncertain times ahead, which will adapt and continue to support you as technologies and threats evolve. A partner organisation will have evidence of high, sustained levels of support for its customers. It will be transparent about its current capabilities and its roadmap.
Hopefully, your choice of partner will lead you to a happy and safe 2023.
Sam Attias, Director of Product Marketing, Celonis
Predicting the future with process mining
Over the next year, we will see the rising adoption of process mining as it evolves to incorporate automation capabilities. Process mining has traditionally been a data science done in isolation, helping companies identify hidden inefficiencies by extracting data and visually representing it, acting as an X-ray for businesses to see where inefficiencies exist within their operations.
However, it is now evolving to become more prescriptive than descriptive and will empower businesses to simulate new methods and processes in order to estimate success and error rates, as well as recommend actions before issues actually occur. It will fix inefficiencies in real-time through automation and execution management.
Furthermore, process mining is undergoing a major step-change in the field by incorporating a revolutionary new object-centric process mining technology. Businesses that utilise the technology will now have a multi-dimensional understanding of processes and all related business factors and dependencies. Rather than just identifying single inefficiencies, process mining will act as an intuitive and powerful way for companies to easily analyse complex interconnected processes and see where an initial inefficiency has metastasized to other parts of the business.
Data sharing and collaboration
Today’s macroeconomic challenges have put a greater emphasis on the need for companies to share their data as well as give easy access to insights. Across departments, offices and regions, sharing data has traditionally been difficult and inaccessible for businesses, leading to lack of visibility at a time when companies can least afford it. Inflationary pressures and supply chain issues have encouraged business leaders to share and benchmark data within their own company, which is why data sharing and collaboration will be crucial to businesses over the next year.
Companies will increasingly look to harness technologies and platforms that allow data to be shared within their organisation and across their ecosystem in both a seamless and secure way. By developing broader datasets, businesses in 2023 will use process intelligence to reveal which best practices should be adopted internally, drive innovation, and create better business outcomes. As data sharing and benchmarking increases, it will also create healthy competition across internal departments and teams.
Christian Kleinerman, SVP of Product, Snowflake
Business applications will see the beginning of a rebirth in favour of their new data-powered versions.
We’re poised at the start of a renaissance in software development where developers will bring their applications to central combined sources of data, rather than the traditional approach of copying data into applications.
Every single application category, whether it’s horizontal or specific to an industry vertical, will be reinvented by the emergence of new data-powered applications — leveraging massive amounts of data to personalise their products and optimise their services.
This rise of data-powered applications will represent massive opportunities for all different types of developers, whether they’re working on a brand-new idea for an application and a business based on that app, or they’re looking for how to expand their existing software operations. Platform providers will take on much of the burden of security, governance, privacy, distribution, and monetization, leaving developers and entrepreneurs free to focus on innovation around their primary differentiators.
Gabriel Aguiar Noury, Robotics Product Manager, Canonical
The evolution of social robots
In 2023, social robots will be back. Late in 2022, we saw companies like Sony unveiling robots like Poiq. This set the stage for a new wave of social robots. Powered by natural language generation models like GPT-3, robots can create new dialogue systems. This will improve the robot’s interactivity with humans, allowing robots to answer any question.
Social robots will also build narratives and rich personalities, making interaction with users more meaningful. GPT-3 also powers Dall-E, an image generator. Combined, these types of technologies will enable robots not only to tell, but also show dynamic stories.
But this is not only about the novelty effect. Dall-E will keep pushing research to help robots define their behaviour based on their surroundings. As image detection and context generation merge, robotics scene awareness and social intelligence will take a new leap. By generating a detailed textual description of an image, robots will soon be able to understand the room they are in or what people are doing. This is another step towards real autonomy.
However, we cannot be blind to the misuse of technology. The war in Ukraine has made it clear that robots have a market. The Institute for the Study of War has signalled drones as essential as shells. Their large-scale deployment makes this the biggest “drone war” we have seen. Autonomous vehicles have also found a niche in the conflict, allowing armies to transport equipment. Underwater drones as well. Outside this war, China’s Kestrel Defense has also posted videos of a quadruple robot launching munitions or carrying a machine gun.
Unfortunately, in 2023 we may confirm that the world has started a new arms race. Gone are the days of the EU’s ban on killer robots. This war has likely set the stage for what is to come.
Adrien Treuille, Head of Streamlit, Snowflake
Application development will become a two-way conversation between producers and consumers.
The advent of easy-to-use low-code or no-code platforms are already simplifying the building and sharing of interactive applications for tech-savvy and business users. Based on that foundation, the next emerging shift will be a blurring of the lines between two previously distinct roles — the application producer and the consumer of that software.
Application development will become a collaborative workflow where consumers can weigh in on the work producers are doing in real-time, for instance, by commenting on code. Effectively, application creation will follow a similar path to other digital artefacts such as documents, diagrams and presentations where collaborative and iterative workflows enable two-way peer collaboration through tools such as Google Docs, Google Slides, and Figma. Taking this one step further, we’re heading towards a future where app development platforms have mechanisms to gather app requirements from consumers before the producer has even started creating that software.
Social media ‘influencer-coders’ will exert a greater impact on boosting the popularity of open source technologies.
We live in a time when enthusiastic and charismatic influencers can significantly shape opinions and tastes through their recommendations and activities on social media. Open source is fast becoming an ecosystem impacted by social media influencers. For instance, Data Professor, devaslife, George Hotz, and Primeagen already regularly live code on Twitch and YouTube showcasing their favourite open-source projects. I expect this trend to continue and to play a stronger role in helping to make some open-source projects rapidly popular and more widely adopted. It’s not only brand-new technologies that will benefit. Influencers will also appreciate the beauty of older open-source code and bring it to the attention of brand-new audiences. An important new success metric for open source will be not only how cool a project is, but also the coolness factor and the social media reach of its hip influencer fans.
AI pair programmers will fundamentally transform software engineering.
Machine learning technologies have changed and made the process of software development faster for some time – particularly in decreasing the number of characters needed to express an idea in code. What’s different and exciting about the new AI pair programmers such as GitHub Copilot or TabNine is that we’re witnessing the invention of a new and fundamentally more expressive language. These new tools, trained on billions of lines of code, can use that learned context to auto-generate the code a developer is writing, thereby transforming their workload. The more code available about a project, the faster it is to write in that project. We’ll see many more developers creating an entire application by writing a single line of natural-language English, and then watching the AI pair programmer complete the rest of the work. This technology offers developers one of the most profound advancements in software engineering in the last half-century.
