As we enter the last few weeks of 2022, the NightDragon community is stepping back to reflect on a year filled with challenges and opportunities, as well as what trends we expect to see in the year to come.
As we did so, we heard countless great perspectives from across our network that we felt were important to share back with the industry at large. In this second part of a four-part series with insights from across the NightDragon community, a second set of our portfolio CEOs share their thoughts on what trends they are watching and technology categories they expect to grow in 2023 and beyond.
NightDragon’s portfolio includes leading companies in the cybersecurity, safety, security and privacy space. Between them, their CEOs have collective decades of experience in their sectors, as well as in building companies. Take a look at what they have to say about what trends they are watching:
Mariano Nunez, CEO and Co-founder of Onapsis – Protecting ERP and business applications will be the fastest-growing application security category
ERP systems, such as SAP and Oracle applications, run essential business functions and contain an organization’s most valuable data, from HR information to company financials. Despite their importance, security teams often lack complete visibility into their ERP threat landscape and are unable to detect hidden vulnerabilities and suspicious activity. This has become increasingly dangerous, as attacks against business-critical applications are quickly accelerating. SAP and Onapsis recently found evidence of more than 300 successful exploitation attempts against unsecured SAP applications, pointing to cybercriminals’ clear understanding of ERP applications.
In the coming year, enterprises will ramp up the deployment of business-critical application security tools as the number of attacks against these systems continues to grow exponentially. With the general application security market expected to reach $22.54 billion by 2028, up from $6.95 billion in 2021, it’s evident that organizations are already recognizing the increasing need to protect their enterprise crown jewels.
Tamer Hassan, CEO, HUMAN Security –
Purchasing highly-coveted goods and then reselling them at a higher price, also known as “inventory hoarding,” is nothing new. Legislation to protect consumers on the other hand, is still in its infancy and not widely enforced. In 2016, the FTC passed the Better Online Ticket Sales (BOTS) Act, and in 2021, we saw the Stopping Grinchbots Act, which prohibited the circumvention of security measures by bots to purchase e-commerce tickets and goods for resale at significant markup. The deployment of bots to automate the search and purchase process magnifies its effects, disenfranchising legitimate customers. In the last six months, HUMAN Security has observed a 98% increase in bot activity, resulting in credential stuffing attacks and a 15% increase (45 trillion) in Account Takeover attacks compared to the six months prior. We predict this significant increase in combination with public attention to recent bot-related events will lead to intensified scrutiny, enforcement, and calls for additional regulation in 2023. We expect to see increased public-private collaboration to apply the principles of modern defense and protect the internet and all organizations that are being impacted by digital attacks.
Tucker Callaway, CEO, Mezmo –
In today’s digital economy, organizations seek ways to control and extract more value from ever-increasing telemetry data volumes. According to a recent study, enterprises add a median of 2 sources yearly, with data flowing to three or more observability platforms. However, adding new data sources, creating one-off pipelines, and controlling the flow of data has become an overly complex process involving many different tools that don’t integrate well and provide delayed insights.
In 2023, more organizations will pursue getting control over the collection and agent explosion due to growing data sources and variety. Teams will focus on the operational improvements and cost savings generated by taking control of their data, starting with open standards on the edge.
Pipelines supporting standards such as OpenTelemetry will help eliminate the complexity of data collection and enable the free movement of data to the right people, at the right time, and with the right context to help respond to customer issues or security threats quickly.
Chris Lehman, CEO, SafeGuard Cyber –
Throughout 2022, we’ve seen devastating attacks target enterprises through social engineering employees. These attacks are low-cost for threat actors, but offer high rewards by gaining privileged access quickly. Email still plays a large part, but this year we saw a further weaponization of business communication infrastructure, like targeting employees and contractors on LinkedIn, WhatsApp, and lateral movement through Slack.
Fortunately, our work with customers has shown us that security leaders are waking up to the need for greater visibility and control across their entire communications environment. In short, our security customers now see a need to continuously measure and secure their data against business communications risk.
Read more here on this trend on the SafeGuard Cyber blog.
This blog is the second in a series of end of year blogs regarding the state of the market and what to expect in 2023 and beyond. Read our first blog with additional perspectives from our portfolio CEOs here. Keep an eye out for more insights from our advisors and team in the next few weeks.
To learn more about the state of cybersecurity, register for our second annual NightVision State of Cybersecurity event on January 3. The event will feature top leaders in government, go-to-market, analysts, CISOs, venture capital and more to talk about market trends and the state of the industry. Register here
