Virtualization Technology News and Information
Cyolo 2023 Predictions: The Year of the Previously Unthinkable


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

The Year of the Previously Unthinkable

By Almog Apirion, CEO & Co-Founder at Cyolo

This year was full of record-setting security events. Phishing campaigns were at an all-time high, ransomware attacks devastated a chart-busting number of organizations, and major corporations - thought to be impenetrable experienced significant breaches. With each attack successfully conducted, the affected party can now expect to pay a global average of more than $4M, and there's no sign of these attacks slowing down.

As 2022 quickly comes to an end, lessons have been learned, producing a host of forecasted security trends for the coming years, including the rise of risky third parties, a surge of unlikely breaches, a lack of user trust intensifying staffing shortages, and more. So, let's take a deeper look at the anticipated cybersecurity trends for 2023 and beyond.

With third parties being so risky, companies will shift the way they approach ‘trust' 

Companies have historically relied on third parties to provide services that they cannot undertake in-house due to a lack of specific resources. However, with the rise of the connected world, the higher frequency of attacks has made many businesses hesitant to trust new service providers. With the increasing number of partners that need access to critical resources to complete their tasks, significant and evolved risks are bound to rise as well.

As we move into the new year, CISOs and company leaders will be compelled to pose more difficult questions around their strategies, mitigation processes, and next steps. In fact, we will see them pay very close attention to details within their security audits and reports, including security policies, remote connectivity, and their people's level of access - specifically to understand those potential open cracks that can let malicious actors get in. 

Businesses will also begin taking real action and implementing more secure architectures with the understanding that they can no longer rely on blind trust. Although budgets won't increase, they will consistently shift to lower-cost activities like reviewing access policies and de-duplicating user accounts, while other cyber hygiene activities will become a priority to protect companies' expanded networks.

Previously unthinkable breaches will - indeed - occur 

Not surprising, breaches will continue to happen and increase exponentially. However, in 2023 and beyond, we are going to see more significant breaches on a larger scale. The expectation is to see well-funded hacker groups go for the ‘whales' - focusing on brand recognition. Companies such as Microsoft or Amazon, which everyone leverages at a personal and corporate level will become one of the major targets.  

Future attacks will focus on the ability to exploit stolen credentials as the primary reason for breaches - taking examples from the past few years like SolarWinds, Dropbox, and Uber. In addition, the exploitation of credentials will not only come directly from the companies themselves, but from vendors that do not hold to the same security standards. Identity-based security is becoming one of the priorities for organizations, with a focus on zero-trust as the de-facto method to deal with the human-centric and device vulnerabilities we will continue to see with remote and hybrid work as well.

Regulations will have a consistent effect on security decisions 

According to Gartner, 30% of the nation states will pass legislation regulating ransomware payments, fines and negotiations, an increase of 29% since 2021. This means businesses will have to approach their security strategies very differently with their unique needs and compliance in mind.  

The pressure from governmental regulations in 2023 will be consistently greater for critical industries. We anticipate that general regulations will retain some flexibility, as they cannot be "one size fits all," given the various needs of organizations and the changing threat landscape, with new threats emerging and companies needing to adapt and respond quickly without the added burden of unnecessary oversight. 

Another result of this pressure will be security becoming part of the performance reviews for C-level executives, a requirement that is already in place but that will be further enforced in the coming year and beyond. Employment contracts may also shape some of these requirements, as the security risks have a direct impact on the business bottom line. With boards now seeing cybersecurity as a business risk rather than a mere IT problem, more leaders will have to respond to the maturity of their plans and strategies.  

Evolution is the name of the game

All in all, as threats evolve in the next year and beyond, so will the security solutions, strategies and mindset of leaders. Those falling behind will only see their competitiveness affected and become a bigger target for malicious actors across the board.



Almog Apirion, CEO & Co-Founder of Cyolo


Almog Apirion is an entrepreneur, experienced technology executive, and a former Navy Cyber Unit founder and commander with a long history of working within the cyber security and IT technologies domain. Prior to founding Cyolo, he was CISO at Orbotech where he headed the cybersecurity and IT departments and was the head of the Cybersecurity Unit in the Israeli Navy. He received his bachelor's degree in computer science and economics, and his master's degree in computer science from Haifa University.

Published Monday, December 05, 2022 7:39 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2022>