Virtualization Technology News and Information
Specops Software 2023 Predictions: Cyber War, Budget Cuts and more Cyber Security Predictions for 2023


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Cyber War, Budget Cuts and more Cyber Security Predictions for 2023

By Darren James, Head of Internal IT, Specops Software

Despite settling in to a new normal of hybrid and remote work culture, US organizations are still playing catch-up with regards to the cyber security challenges that a remote capable workforce brings. Threat actors are getting in front of how end-users are consuming business data and where it's being stored. With the rise of cyber-attacks, organizations must take a holistic approach towards IT security in preparation for 2023. These cyber security predictions for this coming year demonstrate the challenges of enhancing security and educating end-users while managing the foreseeable decrease in budget.

Cyber Security Budget Cuts

With the looming US economic recession, many organizations are looking reduce spending and unfortunately cyber security is on the chopping block.  For organizations looking to tighten their expenditures without sacrificing security, the good news is that many of the solutions around the most important cyber security steps don't require a lot of budget, such as improving password security and implementing multi-factor authentication. With cyber-attack costs for organizations up 80% in 2022, organizations can't afford not to take these simple and cost-effective steps toward increased security.  

Data Privacy is on the Rise

The rise of data privacy as a discipline is enforcing change worldwide. Data privacy affects all aspects of an organization, not just cyber security. Businesses will need to begin managing numerous data protection laws and focus more on their data privacy approach. Gartner states that the organization's focus should be on data localization, privacy-enhancing computation techniques, artificial intelligence governance, centralized personal user experience, and a human-centric approach to data privacy. Security solutions to help with data privacy should include access control, multi-factor authentication, and external assessments to identify areas of security improvements.

The Cold War to Cyber War 

Nation-state cyber-criminal activity is nothing new, but the ongoing conflict from the Russian attack on Ukraine has brought with it increased nation-state activity, particularly aimed at Ukraine and its allies. The increasing pressures from the war and economic downturn are likely just foresights into the beginnings of the new Cold Cyber War as state-sponsored hackers look for new ways to make money and disrupt critical infrastructures in government and businesses.

Based on 2022's cyber-criminal activity, organizations can likely expect increased social engineering attacks in 2023. Preparing employees with training to recognize phishing attacks along with setting them up with stronger password policy requirements, and switching on a strong form of MFA can go a long way in preventing attacks - as evidenced by last year's nation-state attack on Colonial Pipeline.

GEO and Industry Targeted Cyber Attacks

With the current global and geopolitical climate, it is predicted to see a large uptick in cyber-attacks of all forms. These can range from individuals to terror groups, militant activists, and state-sponsored attacks across all areas of life. This could be attacks against governments, critical infrastructure, financials as well as trends pointing to other leading industries. 


Healthcare organizations have been paying considerable attention to their digital security requirements in the past few years. However, the healthcare market is growing, increasing the risk of cyber-attack. In 2020 alone, 75% of healthcare facilities in the United States were infected with malicious software at some point during the year.

With the growing market and large number of personal records and sensitive information, including credit card information, social security numbers, and computer passwords in their digital files; healthcare organizations remain a top target of cybercriminals.


The manufacturing and distribution industry is an opportunistic market for hackers as their operations are supported by a worldwide network of vendors, third-party services, and supply chains. In 2021, supply chain attacks increased 100% year over year and we do not predict a decrease in 2023.

The vast network dependency of the manufacturing industry increases the distribution attack surface and gives hackers more entry points for exploitation. Manufacturing businesses should continue to invest in cybersecurity in 2023.

Higher Education:

With the continual rise of onlinecyber criminals are targeting higher education and the number of attacks will only continue to grow. A recent survey by global cybersecurity company Sophos found 60% of both higher and lower education providers suffered attacks in 2021 compared to 44% in 2020.

Cyber-attacks come in many forms to schools from social engineering to obtain credentials and ransomware threats. The education market has a challenge to choose the right security solutions for both students and staff whether on campus or at home; before and after school, combined with the ability to recognize suspicious behavior. Cyber security prevention includes post-perimeter security on endpoint protection, identity information, access to the cloud and password security. 

Improvements with AI

AI in cyber security has been around for a while, but set to start taking major strides. The global market for AI-based cybersecurity products is estimated to reach $133.8 billion by 2030, up from $14.9 billion last year. This growth projection is partially due the rising cyber-attacks creating the demand.

On the flip side, these improvements to AI also means that cracking passwords is becoming faster and allows hackers to improve the quality and believability of deepfake video and voice impersonation; making it harder for IT service desk employees to trust who is on the other end.

Preparing Your Frontline Defense

The cyber security landscape is continuously evolving and forcing changes to be made to IT security protocols to combat these new challenges. To safeguard your organization effectively IT leaders should start with their end-users. Start safeguarding the organization from the frontline and adopt a zero-trust policy. As remote end-users are more isolated, they're more susceptible to social engineering attacks.

Here are three quick ways to improve your IT security starting with end-users:

1.      Educate your end-users.

  • Keep the Cyber Security Profile high by providing regular IT security training that helps them identify potential social engineering and phishing attacks

2.      Put a secure password policy in place.

  • We have seen a substantial increase in the number of breached/leaked passwords -the Specops complete database of unique passwords has nearly doubled in size 2.7 billion to nearly 4 billion in 2022. Specops Password Policy enforces password compliance requirements, can block billions of known breached passwords, and helps end-users create stronger passwords in Active Directorywith dynamic, informative feedback.

3.      Utilize true MFA.

  • Stolen credentials are still a valued commodity on the black market and even when used alongside poor verification practices they still prove to be a major vulnerability. For advanced protection against MFA-related cyber-attacks, Specops provides self-service password reset software that allows businesses to eliminate password reset calls to the IT service desk by enabling end-users to securely reset their Active Directory passwords regardless of location or device, it uses an innovative flexible MFA approach which allows you guide the users into making the right choices when authenticating.



Darren James, Head of Internal IT, Specops Software 

Darren James 

Darren James is a Product Specialist and cyber security expert at Specops Software. He works as a lead IT engineer to help customers reduce costs, improve security and increase productivity. He holds Microsoft certifications within IT Service Management, O365, Enterprise Administrator, Server Administrator and Security. Darren has more than 25 years' experience working in technical IT roles, centering around Active Directory, IT security, cloud, larger-scale migrations, integrations and identity and success management.  

Published Tuesday, November 15, 2022 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2022>