What should we expect from cybersecurity in 2023? The question has become particularly pertinent over the past three years as the risk of digital assaults have climbed. Cyberattacks are on the rise. From the pandemic to Putin’s brutal invasion of Ukraine, laptop-wielding larcenists are making a killing in more ways that one.
Companies of high and low profiles fell victim to hacking and data breaches, with notorious criminal groups like Lapsus$ claiming to be behind some of the most high-profile attacks.
The past year proved that cybersecurity was a necessity in every sector too, as data breaches and hacks affected everything from retail to healthcare to finance.
“Data breaches seem to regularly be in the news and 2022 was no exception,” Amanda Williams, hybrid data protection & marketing consultant at boutique technology law firm Ethiqs Legal, told Verdict.
“One report estimates that 15 million records were exposed in the third quarter of 2022 alone.”
Despite the onslaught of digital assaults, the cybersecurity industry suffered many of the same problems as the rest of the tech industry. Skyrocketing interest rates, the looming threat of a recession, the after waves of the pandemic and the invasion of Ukraine have all contributed to making the markets extremely volatile. Funding dropped across the tech industry as a result of investors tightening their purse strings.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
Investors also turned off the money tap to a trickle in 2022 following a high-flying 2021.
The total value of cybersecurity deals in 2022 came to just over $34bn, a significant drop from 2021 which totalled just over $91bn.
It comes as the total number of completed deals plummeted, with 678 deals completed in the cybersecurity space in 2022, compared to 889 in 2021.
As we venture into the new year, can we expect to see more of the same threat actors attempting to find new ways to exploit companies' weak points? What else does this 2023 hold for cybersecurity?
Verdict put the question to experts to get an insight into what we can expect to see from cybersecurity in 2023.
Brett Beranek, general manager, security & biometrics, Nuance
In 2023, an increasing number of banks will turn to modern technologies – such as biometrics – to robustly safeguard customers. We’re already seeing banks get immense value – including 92% reductions in fraud losses and 85% increases in customer satisfaction – from biometrics solutions that eliminate authentication effort for customers while making life very tough indeed for fraudsters. Over the next 12 months, I expect to see many more financial services organisations following in their footsteps.
Traditional authentication methods – such as PINs and passwords – are archaic and no longer fit for purpose. Passwords are being sold on the dark web, exploited for fraudulent activity and have even cost unfortunate individuals vast sums of money in terms of recovery if lost or stolen.
Mandy Andress, Chief Information Security Officer, Elastic
The rush to the cloud will have created many more entry points for bad actors, leaving some businesses exposed in new ways. Since the pandemic, many businesses have rushed to deploy cloud environments but need to increase focus on due diligence around identity and access management. Without the proper protocols in place, these companies will leave themselves more exposed to breaches should a user’s credentials fall into the wrong hands.
Those businesses without watertight processes leave themselves open to intruders, with potentially catastrophic impact. The only way to limit exposure is to deploy more secure cloud environments where users only have access to what they need. Superusers should exist only where essential.
Ukraine-Russia is the first example of both a physical and cyber war. Sadly, we should not be surprised to see more nation-states launch coordinated and technically proficient attacks on large companies and public sector bodies. The public sector, in particular, will need to invest in ensuring that their environments are protected.
Should they fail to do so they risk large-scale breaches of sensitive data and the inaccessibility of sometimes critical public services for periods as nation-states attempt to destabilise countries they perceive as threats.
In 2022, we saw cutbacks by the biggest names in tech (Twitter, HP, Facebook), which could soon turn to cybersecurity departments. Instead of growing investment to fight off the increasing number of threats and close the cybersecurity skills gap, the reality will be the opposite in 2023 due to the current global economic outlook. Stretched cybersecurity teams will continue to do even more with less.
Passwordless solutions have become a staple of consumer tech, such as fingerprint scanners and advanced facial recognition. The security provided by these solutions goes far beyond traditional passwords, two-factor authentication, and token systems. For example, a user cannot accidentally give away their facial features or fingerprint. In 2023, we’ll see a further rollout of passwordless solutions as a means of protecting and accessing secure environments in the corporate world.
John Lingford, director, The Open Group security and Open Trusted Technology Forum
Zero trust has been a high-profile topic in cybersecurity for well over a decade now, but in recent years it has suddenly bloomed from being a promising future approach to being a fundamental component in enterprises’ security toolkits. According to one report, active zero trust implementation more than doubled in the year to August 2022, reaching more than half of businesses.
This growth has had two major consequences. First, information security for businesses has been considerably strengthened. We know that zero trust can reduce data breach incidents by 50%, and so its rapid widespread adoption is something to be celebrated.
The second, less encouraging consequence has been an accompanying growth of competing definitions around what it means to comply with the zero trust model, whether for an organization to implement zero trust or for a product or service to aid in this.
While the principle of zero trust might seem simple enough to state in theory, applying it in a production environment demands countless subtle decisions which affect the ultimate nature of the solution. This fact adds a layer of conceptual overhead to an undertaking which can already be daunting, requiring in-depth planning and cross-company collaboration in order to succeed.
This is not a new story in technology; in fact, the origins of thinking behind zero trust can be traced to the Jericho Forum Commandments. Once the idea or approach has proliferated sufficiently, a period of blossoming innovation as ideas are brought to market is often followed by a period of rationalisation as new or additional standards are created to ensure holistic benefits.
So it is with zero trust: initiatives like NIST 800-207 and The Open Group Zero Trust Architecture Working Group will establish the clarity zero trust needs to grow from being present at most businesses to being at the heart of most business processes.
Aaron Cockerill, chief strategy officer at Lookout
On the whole, we expect 2023 to be similar in terms of the volume and severity of data breaches. What will be different is how attackers will execute the attacks that lead to these breaches.
Because of the widespread adoption of cloud services – which is, no doubt, a good thing – bad actors have shifted gears from attacking unpatched systems and have opted instead to attack cloud services by executing account takeovers and exploiting cloud misconfigurations.
We’ve observed that the majority of bad actors are either purchasing credentials on the dark web or mounting social engineering campaigns to gain access to these cloud systems. This means that tools that rely on breach detection through the presence of malicious code are going to be less effective. Breach detection that relies on user and entity behavior analytics will be more effective.
If there could be a headline for 2022 it would be “The Year of Ransomware.” If you look at the successful ransomware attacks in recent years, almost every single one was oriented around data theft and double extortion. At this point, attackers don't need to go through the trouble of encrypting data. It’s more effective for them to demonstrate that they’ve stolen data and receive their payout.
While two-factor authentication is critical in the fight against data breaches, it alone is not enough at preventing them. In the future, the best of both worlds will be to move FIDO tokens to mobile devices. This technology would allow for the use of biometric sensors and many other contexts that would help to establish whether the authentication is legitimate or not.
The burning issue now is data protection. In the next year, CISOs will need to worry less about malicious code installing on systems and worry more about the potential theft of data. The two areas of focus should be on better continuous user authentication and data protection. Since attackers are primarily focused on data, CISOs need to be able to understand when data is being attacked, stolen, or misused.
Additionally, because malicious code has been used less by attackers, we need to be able to identify data breaches through things like anomalous data use. This is how we turn the tide against data breaches.
Oz Alashe MBE, CEO, CybSafe
Ransomware has dominated the threat landscape—and the headlines—for the past five years. And it’s not going anywhere. At least not in 2023. In the last few months alone, criminals realised they don’t need to steal or sell data. That just takes too much time and effort. Simply threatening to delete the data produces the same result – getting organisations to pay up.
Criminals infiltrate an organisation’s network, and demand a payout. If they don’t get one, they delete the data and move on to the next victim. This “wiper malware” has been on the rise, and we’ll likely be seeing a lot more of it in the coming year.
To be clear, ransomware, wiperware, and any other type of malware are preventable. It starts with some basic cyber hygiene: network segmentation, backups, regular patching, and vulnerability assessments.
A key part of any organisation’s cybersecurity defence is also its people. When people feel empowered to identify and report security incidents –they do. “But that kind of culture change doesn’t come from security awareness training. It’s the product of management taking time to understand security behaviours – why people do what they do, or don’t do what they’re supposed to – and how to influence them.
Torsten George, cybersecurity evangelist, Absolute Software
Ransomware attacks will likely continue to wreak havoc, while economic conditions will create more risk of insider threats with the public’s attention on the economy. These conditions will create an environment ripe for cybercriminals looking for rogue employees willing to make extra money selling data or access to corporate resources.
Work-from-home cybersecurity will become a priority for businesses, as organisations have started to switch from short-term tactics to long-term strategies that are centred around overcoming IT teams’ inconsistent visibility and control of endpoint devices and network access. This will see an increase of adoption of software-defined perimeters leveraging Zero Trust Network Access, as 51% of organisations have seen evidence of compromised endpoints being used to access company data through remote access connections – zero trust has become a critical strategic focus and this trend will continue.
Cyber resilience, as a result, will become a new KPI for organisations, and it will remain up to IT leaders and security practitioners to keep users and organisations safe. Just like in 2022, it will require a combination of comprehensive visibility, effective access controls, and a shift from defensive cybersecurity strategies to the management of disruption through resilience.
Kevin Curran, IEEE senior member and professor of cybersecurity, Ulster University
Zero trust cloud security, a security architecture built for a modern remote workforce, architectures have already become mainstream and will likely gain greater traction in 2023. Cloud is becoming integral to IT solutions, however, to date, there is commonly poor configuration of cloud-native security controls and default policies across multiple client environments. This is often cited as a lack of qualified staff and complex controls, along with weak cloud migration planning.
In 2023, we could see increased digital supply chain risk – a supply chain attack can breach otherwise strong security measures and hackers are increasingly aware of this, so we can expect to see major libraries and code bases compromised in the near future.
Another impactful 2023 development may be homomorphic encryption (HE). Although the technique has been known for about 20 years, it has only been in recent times that HE libraries have achieved near real-time speeds which enable real world applications to utilise. The rise of low-ease-of-use API’s (application programming interface) for homomorphic encryption to encrypt data at rest will become more widely adopted.
The importance of Homomorphic encryption shouldn’t be underestimated as this is a new option for companies to prevent data leaks by using a form of fully homomorphic encryption (FHE). FHE supports computations over data in encrypted form, including searchable encryption (SSE), having said this FHE still has a long way to go. In a cloud environment, cryptography is typically utilised for two purposes – security while data is at rest and security while data is in transit.
Unfortunately, this does not guarantee the security of data during processing as the current limitations of cryptography prevent data from being processed in encrypted form.
Given the fact that data is processed in unencrypted form, it is quite common for attackers to target data in use, rather than targeting data which is encrypted during storage and transit. That is where modern techniques such as HE could be considered as data can be processed while encrypted.
It is natural that cybersecurity will be a top priority in 2023, due to the core nature of digital systems in daily life.
Chad Thunberg, CISO, Yubico
In 2023 we can expect to see a steady increase of low-effort tactics from hackers. Attackers will gravitate to the method that achieves their outcomes using the least amount of time and money. In some cases, this means buying a kit, service, or credentials from the dark web. The path of least resistance for most attackers becomes obtaining the credentials necessary to access the environment. Phishing kits, dark web marketplaces, and insiders have substantially lowered the bar for attackers to get this information while adoption of countermeasures, like phishing-resistant multi-factor authentication (MFA), has lagged behind.
The disclosure of credentials due to phishing, social engineering attacks, or a disgruntled employee should not be enough to lead to a wholesale compromise of an environment. Yet, we saw this quite a bit in 2022.
Shockingly, a recent Yubico survey found that 59% of employees still rely on username and password as their primary method to authenticate into accounts. Additionally, nearly 54% of employees admit to writing down or sharing a password. These trends simply do not set up businesses for success. Adopting modern MFA solutions is the only real solution to these credential problems. Our reliance on awareness, training, and detection methods have proven inadequate.
Zero trust architecture is still a primary objective – but more pressure on vendors will be required. Zero trust architecture (ZTA) is going to remain on the list of priorities for businesses for many years to come. Companies have moved some of their business-critical Internet-facing applications to ZTA over the last two, four years, but a large contingent of back-office applications and services either require a migration strategy or ZTA support that simply isn’t there yet. Cloud adoption provides a quick turnkey solution for some use cases but not all. We have also seen slow adoption in the traditional financial services industry where many still use mainframe technologies for their ledger.
As an industry, we’ll need to continue to apply pressure to our vendors to incentivise the adoption of the protocols and technologies that enable ZTA. At the core, these are protocols that enable federated identities, support centralised logging, encrypted communication, and expose an API to support automating operational tasks. If we don’t help drive the conversation, this “convince-the-vendor” obstacle will continue to block the way.
Cyril Noel-Tagoe, a principal security researcher at Netacea
Ransomware and cyber extortion will remain among the top cyber threats in 2023. As cybercriminals’ tactics continue to evolve, they will increasingly favour exfiltrating data over encrypting it for cyber extortion. Governments will continue to strongly advise organisations not to pay ransoms and may even introduce legislation relating to this.
Double extortion ransomware (where a copy of the data is exfiltrated before it is encrypted) has surpassed traditional ransomware as cybercriminals’ extortion tactic of choice. The threat of the exfiltrated data being leaked provides cybercriminals with a secondary lever with which to apply pressure on victims to pay up. However, as organisations adopt stronger backup and resilience measures, the primary impact is now being caused by the data exfiltration, rather than data encryption. This may lead to some cybercriminals forgoing encryption entirely and refocusing of exfiltration efforts. There have already been notable cases of ransomware which either skipped or faked data encryption.
Governments will continue advising organisations against paying ransoms to prevent financing of criminal organisations. The UK’s Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC) released a joint letter to lawyers in June 2022 clarifying that UK “law enforcement does not encourage, endorse nor condone the payment of ransoms” although “payments are not usually unlawful”. As ransomware continues to rise, governments around the world may go a step further and introduce legislation to prohibit ransomware payments.
Pieter Danhieux, co-founder and CEO, Secure Code Warrior
2022 saw significant threat activity against targets in the healthcare industry, resulting in that vertical experiencing the highest increase in the volume of cyberattacks across all sectors, at 69% year over year. Sadly, I think that will continue, largely due to the complex, legacy systems so often in place.
With healthcare institutions requiring fast-paced digital transformation and maintenance like any other industry, it is all too easy for access control errors, misconfigurations, and other known exploits to go unpatched. A threat actor needs just one window of opportunity to inflict serious damage, and for organizations who are not putting their best defensive security strategy forward - which includes frequent and precision training of the development cohort - it’s hard to see this changing.
In addition, we cannot ignore the fact that, globally, there is an ongoing conflict between several world superpowers, and modern warfare has an increasingly digital front. Nation-State attacks will become more prevalent to cause chaos and interference, and are likely to target enterprises in telco, health, finance, and utilities to disrupt key economic pillars and manipulate public opinion.
GlobalData is the parent company of Verdict and its sister publications.