As we walk towards the end of 2022, full-scale predictions are made about the trends for cybersecurity in the upcoming year: how will cybersecurity affect us, what major cyber threats will dominate the landscape, and, where shall we allocate cybersecurity budgets? Above all, what can we do to secure our businesses and protect our tangible and intangible assets from cybercriminals’ activities?
As we are looking for what trends 2023 will hold in store for us, it is important to comprehend that cybersecurity is a perpetual battle against the cyber threats. Despite the increasing number of high-profile attacks that make the headlines, everyday businesses win fights against criminals who become more advanced. However, to win the war we need to become more innovative and stop chasing the attacker’s tail.
7 cybersecurity trends for 2023
For the next year, there is no room for cybersecurity ignorance and negligence. What needs to be done is to look at evolving cyber threats, regulatory, and cyber insurance changes, and apply our professionalism to adjust our strategy and set our defences to meet future cybersecurity requirements. That way, we can change the odds and win the game; to finally “catch the tail”.
Based on predictive intelligence assessments of research group, Intel471, the analysis of how threat tactics have affected enterprises, the changing regulatory environment, and the behaviour of threat actors, the following key factors are identified as these that will most likely drive cybersecurity trends for 2023. These need to be taken into account to face the fast-changing environment over the next year, as the need for security will only increase.
Dominant data privacy laws
At the end of 2023, data privacy legislation will govern almost the whole world. The US is about to enact federal legislation on data privacy, while in the EU, the Cyber Resilience Act will provide further security privacy requirements for all industries. Gartner predicts that, by 2023 75% of the world’s population will be covered by data privacy laws, such as GDPR.
Because of the breadth of these laws, customers will want to know what sort of data businesses gather from them and how it is used. Organizations will have to manage many data protection requirements and prioritize the automation of their data privacy management system. For example, with GDPR, one can standardize security processes and then adjust them to specific jurisdictions.
Threats will evolve
Threat actors monetized criminal services successfully in 2022. Ransomware groups profited from their crimes, and will continue to thrive by offering their illicit activities as a service. Although 2022 showed that the number of vulnerabilities has decreased, the severity has increased. Exposed vulnerabilities, such as unpatched servers, open ports in Internet-connected devices, and cloud systems misconfigurations, accounted for some of the most serious ransomware threats to corporations.
The usage of leaked critical information will continue to grow into 2023, as there has been a significant increase in offers since the beginning of 2022 when compared to 2021. Stolen credentials and compromised assets, spoofed domains, and corporate mobile apps are examples of areas that will be heavily targeted in 2023. This area of the underground ecosystem will most certainly expand as demand for these services grows in the future.
World events have complicated the threat landscape; war conflicts act catalytically for further polarization. State and non-state actors’ distributed denial of service (DDoS) attacks that we experienced in 2022, together with cyber attacks on critical infrastructures and companies, will be orchestrated even more in 2023.
The cybersecurity mesh
Organizations increasingly support a range of technologies in many locations, hence, security solutions must be flexible. As new habits like remote working are consolidated, the safety perimeter must broaden to incorporate all identities that reside outside the company’s traditional borders. For that reason, in the next two years, we are going to witness a shift to a more holistic security approach by businesses. This concept, described by Gartner as the “cybersecurity mesh” will result in the reduction of security incidents’ financial costs by an average of 90%.
Cybersecurity will drive partnerships
Investments are critical and fragile. As so, investors consider cybersecurity risks when evaluating possible projects and partnerships. Companies are increasingly researching cybersecurity risks during commercial transactions, and within vendor agreements. As a result, in 2023 we are expecting to experience strict requests about a partner's cybersecurity program via security ratings, and firms will consider cybersecurity risk as a very significant determinant for potential third-party transactions and ties.
Dealing with ransoms
While broader restrictions presently apply to ransomware payments, security professionals may face harsher payment procedures in the future. When paying the ransom, legal, moral, and ethical consequences must be considered, given the uncontrolled state of the cryptocurrency market. A cross-functional team that can handle all of these concerns and chooses whether to pay or not is needed.
Following widely publicized ransomware attacks, more firms may consider purchasing cyber insurance coverage in 2023. Furthermore, the percentage of governments that pass legislation governing ransomware payments and fines will continue its uptrend in 2023, and it is forecasted to hit 30% by the end of 2025.
SaaS will thrive
Security professionals routinely maintain dozens of security tools, but they hope to cut that number to less than ten. According to this viewpoint, as businesses focus on optimization and consolidation, SaaS will become the dominant delivery mechanism. The prediction is that by the end of 2023, almost 30% of enterprises will choose the same service provider to employ their cloud-based tools, such as Firewall as a Service (FWaaS), and Zero Trust Network Access (ZTNA).
Raj Patel at Plante Moran mentions that “cyber resources are scarce but necessary.” Inflation, and scarcity of cyber resources will be the vector for higher cybersecurity budgets in 2023. The categories that will most affect businesses’ budgeting are security team staffing, and security tools. Cyber talent is quite hard to find and costly to hire, and the cost to manage cyber risks with advanced security tools will further increase.
The need to change
The cybersecurity threat landscape is constantly changing. Contributing factors include the ongoing move to the cloud, the rapid rise in endpoint devices, the growth of the Internet of Things (IoT), the shifting workforce models, and the wish among many companies to go digital.
Digital transformation increases surface exposure to cyber criminals and creates vulnerabilities of security breaches. Apart from the internal infrastructures, private and public sector businesses must secure their environments and systems impacted by the vulnerabilities introduced by IoT and the IT/OT convergence.
The old motto “you can't teach an old dog new tricks” is now obsolete. Clinging to old habits of trying to deal with everything as we did in the past – in a world that is constantly decentralised, destabilised, and uncertain – is dangerous, to say the least. Cybersecurity professionals must evolve their positive thinking and perception, in order to harden their security practices, empower their defences, and remain resilient against new and emerging threats.
About the Author:
Christos Flessas is a Communications and Information Systems Engineer with more than 30 years of experience as an Officer of the Hellenic Air Force (HAF). He is an accredited NATO tactical evaluator in the Communication and Information Systems (CIS) area and the National Representative (NatRep) at Signal Intelligence CIS and at Navigation Warfare (NavWar) Working Groups. Christos holds an MSc in Guided Weapon Systems from Cranfield University, UK. He has also attended numerous online courses such as the Palo Alto Networks Academy Cybersecurity Foundation course. His experience covers a wide range of assignments including radar maintenance engineer, software developer for airborne radars, IT systems manager and Project Manager implementing major armament contracts.
Christos is intrigued by new challenges, open minded, and excited for exploring the impact of cybersecurity on industrial, critical infrastructure, telecommunications, financial, aviation, and maritime sectors.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.