Virtualization Technology News and Information
Optiv 2023 Predictions: The Good, The Bad and The Opportunities Within


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Cybersecurity Predictions for 2023: The Good, The Bad and The Opportunities Within

By Jessica Hetrick, Senior Cyber Strategy and Resilience Leader at Optiv

It's easy for predictions season to turn into a "doom and gloom" affair. At Optiv, however, we believe that while it's important to be cognizant of looming threats, we shouldn't entirely focus on the negative impacts they can have on our business - we also need to find the opportunities within each that help us better our cybersecurity and cyber resilience postures. And, we also need to focus on a few areas that we think will better our industry, our people and our world in the new year. So, with that said, here are five cybersecurity predictions for 2023, along with key takeaways for each.

1)     The integration of information technology (IT) and operational technology (OT) in attack methods will become more common.

In 2023, we'll see the threats to the OT space grow exponentially - a glaring issue that most organizations are not yet prepared to handle. We're seeing this happen already as a result of the Ukraine/Russia conflict. Bad actors are softening their targets before kinetic attacks. This has a lot to do with the impact an attack can have on the OT space -  often causing a catastrophic level of damage. The weaponization of operations against the OT space will continue, and we'll see an uptick in the number of physical attacks leading to cyber disruptions and vice versa.

Key Takeaway: Knowing IT and OT threats will continue to be on the rise in 2023 presents us with the opportunity to prepare now - before the frequency picks up. Organizations can do this through a healthy mix of physical security foundations and digital detection technologies - for example, by implementing and maintaining a thorough and proactive asset inventory and by aligning and maturing IT and OT cybersecurity strategies.

2)     Insider threats will rise to the forefront, once again.

Amid headlines of large-scale ransomware, phishing and supply chain attacks, it can be easy to forget about those already with access inside the organization. The transition to a remote workforce in the wake of the global pandemic has brought this overlooked threat vector back to the forefront. In fact, whether it's a disgruntled employee looking to inflict damage, a distracted employee trying to multi-task at home, an imposter pretending to be an employee, or an unaware employee who doesn't know how to be cyber safe, the insider threat landscape will grow bigger than ever next year.

Key Takeaway: Comprehensive security programs account for all types of security threats - external and internal. The insider threat reminds us to make sure we have a robust security plan in place that addresses both internal and external threats to the business and puts the right measures in place to defend against each of them. Make sure your security team is looking for anomalous data activities - such as activity at unusual times, unexpected changes in traffic volume and privileged access abuse - and always protect your most critical assets.  

3)     There will be increased focus on the risks introduced by artificial intelligence (AI) and automated technologies.

Adoption of AI, robotic process automation (RPA) and other automated technologies designed to decrease reliance on employees skyrocketed following the onset of the COVID-19 pandemic, but now there's rising concern that these technologies can be used for malicious activities, companies have removed humans from processes too quickly and data can be manipulated and fooled. Threat actors already are taking advantage to gain enormous scale in their activities, and it's a problem that will get worse in 2023.

Key Takeaway: To gain the benefits of these innovations without the associated risks, organizations will need to leverage AI to support and balance the cybersecurity tasks across an environment. Teams should look to AI to: 1) fill gaps in the organization, while not replacing the people who can review and validate; 2) continuously monitor for changes and anomalies reducing alert fatigue, while not being the only "eyes on" in the company; and 3) improve response times by enabling the team, without having full and unaudited control across the environment.

4)     Board-level cybersecurity awareness will continue to grow.

Cybersecurity expertise at the board of directors' level has been on the rise in recent years, but, in 2023, we expect this trend to spike as organizations have evolved to understand that cybersecurity is a business risk and must be accounted for at all levels of leadership. This has taken on new meaning following the SEC's proposed cybersecurity disclosure rules, and we expect to see more C-suites add board members with a cybersecurity background. Additionally, boards will begin to be more demanding of their companies to answer for security preparation, strategies, processes, issues, etc.

Key Takeaway: Increasing board involvement presents organizations with an opportunity to fine-tune their cybersecurity speak by translating it into a language the board can understand and by building preparedness and awareness across leadership. Cybersecurity teams should prioritize partnership and alignment across the enterprise, which almost always involves upleveling the conversation to focus on risk quantification, business impact and the financial consequences of an attack. By upleveling the language to demonstrate that cybersecurity is a business enabler, it becomes engrained in the culture and mindset of everyone at the organization.

5)     Great strides will be made to close the cybersecurity training gap.  

The cybersecurity training gap and unfilled jobs across the world is reaching crisis levels, and as a response, we may see an effort to reduce the cost of cybersecurity training, so awareness and education are prioritized and conducted continuously. We'll also see an increase in public-private partnerships designed to share products, services, people and other resources with the ultimate goal of getting qualified candidates into the field and making a difference as quickly as possible.

Key Takeaway: We've been hearing about the cybersecurity skills and training gap for quite some time, but the industry has finally learned that collaboration is needed to tackle it. Now, we just need to make strides in that direction, and we're poised to do that in 2023. Look for avenues to cross train your employees and push to drive transparency across your key vendors and partners to ensure we move in this direction.

Going into 2023, we shouldn't focus on the fear of new or existing threats and the risks they pose to the business. Instead, we need to turn our awareness of these threats into action - and we can do this by using these challenges as opportunities to enhance our security posture. When we do this, we can prepare for anything in our path - known or unknown - to enhance our cyber resilience.




Jessica Hetrick is a senior cybersecurity leader with more than a decade of experience in crisis management, incident response and security operations. Prior to joining Optiv, Hetrick worked criminal and national security cyber investigations at the FBI, supported operations for digital innovation at the CIA, and directed global incident response teams at Cisco. As a strategic leader at Optiv, she creates, manages and leads cybersecurity programs for global companies, while partnering with the business to reduce risk and achieve business objectives.

Published Monday, December 05, 2022 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<December 2022>