Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
The Year of the Previously Unthinkable
By
Almog Apirion, CEO & Co-Founder at Cyolo
This year was full of record-setting security events. Phishing
campaigns were at an all-time high, ransomware attacks devastated a
chart-busting number of organizations, and major corporations - thought to be impenetrable
experienced significant breaches. With each attack successfully conducted, the
affected party can now expect to pay a global average of more than $4M,
and there's no sign of these attacks slowing down.
As 2022 quickly comes to an end, lessons
have been learned, producing a host of forecasted
security trends for the coming years, including the rise of risky third
parties, a surge of unlikely breaches, a lack of user trust intensifying
staffing shortages, and more. So, let's take a deeper look at the anticipated
cybersecurity trends for 2023 and beyond.
With third parties being so risky, companies will shift
the way they approach ‘trust'
Companies have historically relied on third parties to
provide services that they cannot undertake in-house due to a lack of specific
resources. However, with the rise of the connected world, the higher frequency
of attacks has made many businesses hesitant to trust new service providers. With
the increasing number of partners that need access to critical resources to
complete their tasks, significant and evolved risks are bound to rise as well.
As we move into the new year, CISOs and company leaders
will be compelled to pose more difficult questions around their strategies, mitigation
processes, and next steps. In fact, we will see them pay very close attention
to details within their security audits and reports, including security
policies, remote connectivity, and their people's level of access - specifically
to understand those potential open cracks that can let malicious actors get in.
Businesses will also begin taking real action and implementing
more secure architectures with the understanding that they can no longer rely
on blind trust. Although budgets won't increase, they will consistently shift
to lower-cost activities like reviewing access policies and de-duplicating user
accounts, while other cyber hygiene activities will become a priority to
protect companies' expanded networks.
Previously unthinkable breaches will - indeed - occur
Not surprising, breaches will continue to happen and
increase exponentially. However, in 2023 and beyond, we are going to see more
significant breaches on a larger scale. The expectation is to see
well-funded hacker groups go for the ‘whales' - focusing on brand recognition.
Companies such as Microsoft or Amazon, which everyone leverages at a personal
and corporate level will become one of the major targets.
Future attacks will focus on the ability to exploit
stolen credentials as the primary reason for breaches - taking examples from
the past few years like SolarWinds, Dropbox, and Uber. In addition, the
exploitation of credentials will not only come directly from the companies
themselves, but from vendors that do not hold to the same security standards. Identity-based
security is becoming one of the priorities for organizations, with a focus on
zero-trust as the de-facto method to deal with the human-centric and device
vulnerabilities we will continue to see with remote and hybrid work as well.
Regulations will have a consistent effect on security
decisions
According to Gartner, 30% of the nation states will pass
legislation regulating ransomware payments, fines and negotiations, an increase
of 29% since 2021. This means businesses will have to approach their security
strategies very differently with their unique needs and compliance in
mind.
The pressure from governmental regulations in 2023 will
be consistently greater for critical industries. We anticipate that general
regulations will retain some flexibility, as they cannot be "one size fits
all," given the various needs of organizations and the changing threat
landscape, with new threats emerging and companies needing to adapt and respond
quickly without the added burden of unnecessary oversight.
Another result of this pressure will be security becoming
part of the performance reviews for C-level executives, a requirement that is
already in place but that will be further enforced in the coming year and
beyond. Employment contracts may also shape some of these requirements, as the
security risks have a direct impact on the business bottom line. With boards now seeing cybersecurity as a business risk rather than a mere IT problem,
more leaders will have to respond to the maturity of their plans and strategies.
Evolution
is the name of the game
All
in all, as threats evolve in the next year and beyond, so will the security
solutions, strategies and mindset of leaders. Those falling behind will only
see their competitiveness affected and become a bigger target for malicious
actors across the board.
##
ABOUT
THE AUTHOR
Almog Apirion, CEO & Co-Founder of Cyolo
Almog Apirion is an entrepreneur, experienced technology
executive, and a former Navy Cyber Unit founder and commander with a long
history of working within the cyber security and IT technologies domain. Prior
to founding Cyolo, he was CISO at Orbotech where he headed the cybersecurity and
IT departments and was the head of the Cybersecurity Unit in the Israeli Navy.
He received his bachelor's degree in computer science and economics, and his
master's degree in computer science from Haifa University.