It’s the time of year when the industry begins making its top cybersecurity predictions for the year ahead. Gartner, among others, recently released their top 8 cybersecurity predictions for 2023, writing that supply chain and geopolitical issues will continue to dominate cybersecurity.
In this article, our team looks into the proverbial crystal ball to share their top cybersecurity predictions and what initiatives security leaders should prioritize for 2023.
What Cybersecurity Lessons Did We Learn in 2022?
The breaches, hacks, and cyber breakdowns in 2022 taught us many cybersecurity lessons that we can use to improve security in the new year. Lessons learned include:
- You can’t rely on MFA.
- Company stakeholders, including VCs and board members, must have insight into their company’s security stance.
- Don’t sacrifice security for a 1% improvement of your product. Constant re-architecting creates numerous security holes.
- Continuous security is mandatory for blockchain. Instead of one-time assessments at launch, teams should strive for continuous validation throughout the project lifecycle.
What Are the Top Cybersecurity Predictions for 2023?
The top cybersecurity predictions for 2023 identified by the team of experts at Kudelski security are:
- Basic, human-targeted attacks will be the biggest risk to cyber defenses.
- Zero trust will replace VPN.
- Insider and third-party risk will rise.
- Reliance on passwords will decline.
- Skepticism around blockchain security and availability will continue.
- Quantum-interested companies will need to start assessing risks.
Prediction #1: Basic, human-targeted attacks, like ransomware, phishing, and email attacks will be the biggest risk to cyber defenses.
In 2023, we will see the most basic security attacks — email compromise, active directory attacks, ransomware, phishing, and multi-factor authentication attacks — continue to be the most effective and lucrative for cybercriminals.
Whenever humans are introduced into the security equation, they immediately create holes in the corporate cyber defense system. Phishing and emerging MFA bombing schemes are more sophisticated than ever and will render cybersecurity training ineffective.
“Whenever humans are introduced into the security equation, they immediately create holes in the corporate cyber defense system.”
To combat these attacks, corporate security teams should not trust human factors. Instead, they should adopt an offensive security posture. Detection and response initiatives should focus on preventative features instead of reactive quick fixes.
Will your threat detection and response strategies stand up to advanced threats? Watch our webinar to learn how to improve program maturity.
Prediction #2: Zero trust will replace VPN to secure a distributed workforce.
In 2023, zero trust will replace virtual private networks completely as security teams adjust to a more dispersed workforce. With work-from-home here to stay, company network borders won’t look anything like they used to. Employees are accessing most work applications via SaaS, and IT teams are hesitant to inherit the risk of home networks. Mistrusting every device is the key to supporting and securing remote workforces.
Can zero trust be a business enabler? Read our take on this blog from Vincent Whaart.
Prediction #3: Insider and third-party risk will rise as attackers take advantage of vulnerable parties in the economic downturn.
The impending recession will loom even closer in 2023, and cybercriminals will take advantage of the dire economic situation to bribe their way into corporate systems. We predict that software hacking will decline in 2023 in favor of “insider risk.”
Attackers will set aside their hacking skills and instead single out vulnerable employees at third-party vendors, such as shipping authorities, supply chain companies, internet service providers, and software vendors.
Companies must remain vigilant to not only secure their own network perimeters but also build a strong vendor risk management program.
Prediction #4: Reliance on passwords will decline as the flimsiness of MFA is exposed.
While it’s unlikely that passwords will completely disappear in 2023, MFA fatigue could usher in a passwordless future in years to come. The recent Uber breach highlighted the flimsiness of MFA and left security teams searching for a better alternative. In 2023, we’ll see an emphasis on securing accounts with as many other safeguards as possible, including stronger passwords and password managers.
Prediction #5: Skepticism around blockchain security and availability will continue without more caution.
2023 will be another tumultuous year for blockchain technologies unless it shifts away from “point in time” security measures. Currently, too much trust is put into code to be perfect.
Blockchain security teams must layer in more robust controls, including detection and response capabilities, to deter threat actors. The billions of dollars of bridge hacks that occurred in 2022 put a huge dent in users’ confidence in blockchain security.
Luckily, blockchain enterprises and projects are aware that customers are just as concerned about their chosen blockchain’s security as its features. This will lead blockchains to apportion the appropriate resources to improve security in 2023.
In addition to cryptocurrency theft, blockchain availability and stability should be a priority in 2023. If outages and slowdowns continue, blockchains face user decline or even complete collapse.
Learn more about Kudelski Security’s portfolio of blockchain security services.
Prediction #6: Companies concerned about quantum computing should begin assessing risks now.
Controls to prepare for quantum computing are unlikely to see mass adoption in 2023, but keep an eye on it for 2024. The current risks of quantum computing don’t quite outweigh the incredible investment required yet. That said, companies that stand the most to lose from future quantum attacks — e.g., financial services, defense contractors, and companies that transmit extremely sensitive data especially — should begin assessing their risks now.
Are you ready for the era of quantum computing? Watch our webinar to know how to be better prepared.
What Impact Will the Recession Have on Security Teams in 2023?
The recession should have relatively little impact on security teams in 2023. We predict security teams are going to remain mostly untouched even as companies across industries are forced to make cuts to their budgets and workforce in response to the upcoming recession.
American privacy laws will likely elevate to reach current European standards, putting a renewed focus on security and compliance in boardrooms and C-suites.
Additionally, cybersecurity labeling for consumer products, especially on hardware, will further the importance of corporate security teams. Economic hardships will necessitate that security teams work smarter and consolidate to meet the evolving economic and tech landscape.
What Should Security Leaders Prioritize in 2023?
In response to these top cybersecurity predictions for 2023, security leaders should prioritize the following initiatives:
- Adopting an offensive security posture rather than a defensive one.
- Focusing detection and response initiatives on preventive features instead of reactive fixes.
- Phasing out VPN in favor of zero trust strategies for the remote workforce.
- Building out a strong vendor risk management program to protect against third-party risk.
- Looking for alternatives to MFA while implementing stronger password requirements and account protections.
- Working smarter and consolidating to meet the evolving economic and tech landscape.
- Bolstering availability and security of blockchain-related services.
- Assessing risks related to quantum computing, especially for those in financial services, defense, or other industries that deal with highly sensitive data.
Get in Touch
Kudelski Security can help you prepare for 2023 and beyond with a comprehensive suite of security advisory services. From MDR and zero trust to blockchain and quantum, our experts can assess, design, implement and manage a resilient cybersecurity strategy. Get in touch with our team here.
- What You Can’t See: Visualizing and Addressing MITRE ATT&CK Coverage Gaps with Threat Navigator - April 11, 2023
- “I’m a New Security Leader and My Business Has Been Breached. What Next?” An Eight-Step Guide to Managing a Cyber-Attack for the First Time. - February 7, 2023
- Our top cybersecurity predictions for 2023 - January 10, 2023