Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
Cybersecurity Remains in the Spotlight
By Mike Wilson, CTO & Co Founder Enzoic
2022
has shown once again that cybercriminals are continuing to exploit
vulnerabilities for their own gain. The arsenal of tactics deployed is vast and
spans everything from ransomware to deep fakes to passwords. As a result, every
organization must remain vigilant to the threats. And in 2023 the risk of an
attack will continue to snowball. Below are four cybersecurity predictions that
organizations need to be cognizant of in the coming months:
1.
Hackers Taking on New
Guises to Evade Security Tools
The
fact that hackers are willing to go to any length to infiltrate and exploit
organizations is not news. However, we've recently witnessed threat actors
stepping up their game when it comes to the methods behind these attacks. For
example, the FBI has issued a warning about the use of residential proxies in
credential stuffing following a spate of recent attacks, and hackers have also
found ways to bypass Microsoft's MFA. To date, the latter has been limited to
dormant accounts, but these attacks demonstrate that hackers have set their
sights on MFA.
In
2023, expect them to continue to target the underlying infrastructure
associated with the second factor in order to defeat it. Unless companies
implement additional protection around this form of authentication, I think we
may see an incident in which hackers attempt a large-scale exploitation of an
MFA mechanism-with potentially devastating consequences.
2.
Seeing Double with
Digital Twin Security Concerns
Digital twins are already being deployed
in refineries, factories and other distributed settings. Their usage will
significantly increase as private 5G networks become more widely available. But
as companies begin planning for greater digital twin adoption, it's important
that the security of these systems be given equal prioritization. After all,
while they are a virtual representation of a physical technology, digital twins
still have back-channel connections and communications with the real
environment. Unfortunately, I believe it will take a highly publicized breach
of a digital twin before most companies wake up to the inherent
vulnerabilities.
On
the flip side, savvy companies can use digital twins to test the security of
their physical systems and network. I think 2023 will bring increased awareness
to this opportunity, and also see more vendors marketing their digital twin
technology as a security offering.
3.
Threat Actors Zeroing in
on Identity Security Companies
As
threat actors continue to exploit weaknesses in corporate user authentication
systems, companies are increasingly outsourcing identity protection as a means
of ensuring greater security. As this happens, we're seeing a parallel trend of
these third-party identity security providers becoming prime targets as they
house volumes of identities that threat actors can leverage for numerous
nefarious activities. The latter isn't solely about breaches; hackers are also
targeting third-party identity services to find vulnerabilities that could be
exploited to defeat MFA or circumvent authentication as well. Expect this to
continue to play out in 2023, with identity security organizations struggling
to defend themselves as well as their customers, as they become the
targets.
4.
Passwordless Movement
Gaining Momentum-But it's Not All Blue Skies
For
years, people have predicted widespread deployment of passwordless solutions
but the promise has failed to materialize. It's possible that the tune will
change in 2023, however, with Apple's latest OS release enabling more
frictionless, multi-device, passwordless sign-in. While this primarily affects
Apple's ecosystem, it's a major development and the passwordless concept could
become a reality if Google and Microsoft follow through on expanding support
for the FIDO2 standard to better support multiple devices.
The
sticking point for adoption of this technology comes down to the user
experience, particularly when you consider the varying technical knowledge and
abilities of today's consumer. If people find passwordless confusing or
struggle to implement it successfully, then I think we'll continue to see the
password remain a chief authentication mechanism for the foreseeable
future.
##
ABOUT THE AUTHOR
Mike Wilson, CTO & Co Founder Enzoic
Mike
has spent 20 years in software development, with 12 years specifically in the
information security space, at companies like Webroot and LogicNow. At Webroot,
Mike led the development of Spy Sweeper, Webroot's industry-leading
anti-spyware product, and later the development of Webroot's first mobile
security product for smartphones. At LogicNow, he again led the development of
an anti-malware product, this time introducing enhanced antivirus and web
filtering functionality to the Managed Service Provider (MSP) space. Mike
started his career in the high-security environment at NASA, working on the
mission control center redevelopment project. Apart from his security
experience, Mike also founded several successful startups over the years.