Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
The Top Five Cybersecurity Predictions for 2023
By James Mignacca, CEO at Cavelo
Changing workforce and
business operations are shifting the cybersecurity landscape, and the
technologies we use on a daily basis.
Prediction #1: Risk tolerance will impact security controls - and
apply pressure to make sure they're enforced. An ever-increasing volume of
data breaches is forcing companies to understand their digital footprint and
the importance of ensuring good cybersecurity hygiene and best practices.
However, there is still a lack of understanding when it comes to mapping out
digital assets and the sensitive data they contain, which makes it hard for
teams to grasp their level of risk tolerance. This will continue to be a
problem in 2023, as companies grapple with the amount of data they have and how
to protect it all across an ever-expanding attack surface.
Prediction #2: Cyber insurance policy requirements will focus on
third party risk in the policy holder's supply chain. The supply chain is
only as strong as its weakest link and our move to distributed infrastructure
means there are a lot of weak links. As a result, insurance companies will put
pressure on policy holders to demonstrate controls in place that cover third
party risk - which will include cloud service providers.
Prediction #3: Technology consolidation WILL happen and be driven
by companies recognizing that they don't have adequate staff to run enterprise
tools. The number of enterprise tools in play continues to grow at an
alarming rate, and many companies are struggling to keep up. In 2023, expect to
see a consolidation of these tools across the security stack as companies
realize they can't staff enough people to run them all effectively. Many
businesses purchased tools due to regulatory pressure, so they could "tick the
box". But enterprise tools are complex and need specialized skillsets to run
them (think identity management, asset management and vulnerability management
tools). Companies will realize that they can't carry tools simply to have their
investments gathering dust.
Prediction #4: Recession implications on staffing limitations
will heighten the gap in protecting the supply chain, especially in regulated
industries like financial services. The economic downturn has had (and will
continue to have) far-reaching implications, one of which is a decrease in
staffing levels at many companies. This staffing shortage is especially
prevalent in industries like financial services where there are already
stringent regulations around cybersecurity controls. Opportunistic attackers
will take advantage and a lack of staff will only heighten the gap in guarding
against attacks.
Prediction #5: Moving large primary data sets (which include
valuable data) to cloud services will expand the attack surface. As more
companies migrate data to the cloud, they are exposed to new risks. These risks
include exposed APIs, misconfigured servers, and weak authentication practices.
In 2023 expect to see an increase in attacks on cloud-based systems as hackers
look for easy targets.
##
ABOUT THE AUTHOR
James Mignacca - Founder & CEO at Cavelo
James is a serial entrepreneur and life-long technology enthusiast with more than 20 years’ experience in the cybersecurity industry. He’s a champion of data protection and data privacy, and supports businesses as they navigate digital transformation, cybersecurity and regulatory compliance requirements.