Virtualization Technology News and Information
Enzoic 2023 Predictions: Cybersecurity Remains in the Spotlight


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Cybersecurity Remains in the Spotlight

By Mike Wilson, CTO & Co Founder Enzoic

2022 has shown once again that cybercriminals are continuing to exploit vulnerabilities for their own gain. The arsenal of tactics deployed is vast and spans everything from ransomware to deep fakes to passwords. As a result, every organization must remain vigilant to the threats. And in 2023 the risk of an attack will continue to snowball. Below are four cybersecurity predictions that organizations need to be cognizant of in the coming months:

1.    Hackers Taking on New Guises to Evade Security Tools 

The fact that hackers are willing to go to any length to infiltrate and exploit organizations is not news. However, we've recently witnessed threat actors stepping up their game when it comes to the methods behind these attacks. For example, the FBI has issued a warning about the use of residential proxies in credential stuffing following a spate of recent attacks, and hackers have also found ways to bypass Microsoft's MFA. To date, the latter has been limited to dormant accounts, but these attacks demonstrate that hackers have set their sights on MFA. 

In 2023, expect them to continue to target the underlying infrastructure associated with the second factor in order to defeat it. Unless companies implement additional protection around this form of authentication, I think we may see an incident in which hackers attempt a large-scale exploitation of an MFA mechanism-with potentially devastating consequences. 

2.    Seeing Double with Digital Twin Security Concerns 

Digital twins are already being deployed in refineries, factories and other distributed settings. Their usage will significantly increase as private 5G networks become more widely available. But as companies begin planning for greater digital twin adoption, it's important that the security of these systems be given equal prioritization. After all, while they are a virtual representation of a physical technology, digital twins still have back-channel connections and communications with the real environment. Unfortunately, I believe it will take a highly publicized breach of a digital twin before most companies wake up to the inherent vulnerabilities. 

On the flip side, savvy companies can use digital twins to test the security of their physical systems and network. I think 2023 will bring increased awareness to this opportunity, and also see more vendors marketing their digital twin technology as a security offering. 

3.    Threat Actors Zeroing in on Identity Security Companies 

As threat actors continue to exploit weaknesses in corporate user authentication systems, companies are increasingly outsourcing identity protection as a means of ensuring greater security. As this happens, we're seeing a parallel trend of these third-party identity security providers becoming prime targets as they house volumes of identities that threat actors can leverage for numerous nefarious activities. The latter isn't solely about breaches; hackers are also targeting third-party identity services to find vulnerabilities that could be exploited to defeat MFA or circumvent authentication as well. Expect this to continue to play out in 2023, with identity security organizations struggling to defend themselves as well as their customers, as they become the targets. 

4.    Passwordless Movement Gaining Momentum-But it's Not All Blue Skies 

For years, people have predicted widespread deployment of passwordless solutions but the promise has failed to materialize. It's possible that the tune will change in 2023, however, with Apple's latest OS release enabling more frictionless, multi-device, passwordless sign-in. While this primarily affects Apple's ecosystem, it's a major development and the passwordless concept could become a reality if Google and Microsoft follow through on expanding support for the FIDO2 standard to better support multiple devices. 

The sticking point for adoption of this technology comes down to the user experience, particularly when you consider the varying technical knowledge and abilities of today's consumer. If people find passwordless confusing or struggle to implement it successfully, then I think we'll continue to see the password remain a chief authentication mechanism for the foreseeable future. 



Mike Wilson, CTO & Co Founder Enzoic


Mike has spent 20 years in software development, with 12 years specifically in the information security space, at companies like Webroot and LogicNow. At Webroot, Mike led the development of Spy Sweeper, Webroot's industry-leading anti-spyware product, and later the development of Webroot's first mobile security product for smartphones. At LogicNow, he again led the development of an anti-malware product, this time introducing enhanced antivirus and web filtering functionality to the Managed Service Provider (MSP) space. Mike started his career in the high-security environment at NASA, working on the mission control center redevelopment project. Apart from his security experience, Mike also founded several successful startups over the years.

Published Friday, October 21, 2022 7:31 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2022>