Virtualization Technology News and Information
Devolutions 2023 Predictions: 6 IT Security Challenges for the Year Ahead


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

6 IT Security Challenges for the Year Ahead

By Maxime Trottier, VP Sales & Marketing at Devolutions

At Devolutions, we have very close relationships with InfoSec organizations and specialists around the world. Based on our ongoing conversations with them, along with our own experiences in developing and delivering a roster of universal password and access management solutions, we anticipate six major IT security challenges in 2023: 

1.   Ransomware will continue to proliferate. 

The average ransomware payout has climbed to $170,704 per incident (all figures USD). And it gets even worse: only 8% of victims who pay a ransom get all of their data back. In light of this, it is not surprising that ransomware was listed as the top threat that SMBs are most concerned about in the Devolutions State of IT Security in SMBs in 2022/2023 Survey Report

To reduce the chances of being victimized, at a fundamental level we advise organizations to adopt rigorous cybersecurity hygiene and endpoint protection, and implement a backup and restore plan. And speaking of backups: organizations should ensure that they meet their recovery point objective (RPO) and recovery time objective (RTO). 

2.   Cyberwarfare will get uglier with geopolitical tensions, wars and conflicting nation's strategic interests.

Organizations do not just need to protect themselves from hackers. They must also be on guard against nation-states that engage in cyber warfare to achieve political rather than economic ends.

To address this growing threat, organizations should assess the risks of business development, support, and relationships with foreign nations. As necessary, they should act to limit or prevent potential negative impact. 

3.   Social media will continue to facilitate political interference, crime and surveillance.

These days, social media is being used-or better stated, misused-for political interference, as well as to deploy malware and spyware.  

To reduce their exposure, organizations should educate users on social media dos and don'ts (with an emphasis on don'ts!), and ensure that they have full, updated visibility across all of their social media platforms.

4.   The supply chain will become a more attractive target for adversaries.

Overall, digital products and services are getting more secure. That is the good news. But the bad news is that cyber criminals are reacting to this by targeting supply chain vulnerabilities, and infiltrating software vendors' networks to install a backdoor. This enables them to compromise newly acquired software from the start, or compromise existing software prior to the application of a hotfix or patch (this was the approach used in the notorious Solorigate/Solarwinds supply chain attack).

To dial back this vulnerability, organizations should rigorously assess vendors against their own security requirements. We recommend choosing vendors that follow best practices that include: regularly testing the strength of their cybersecurity resilience; providing evidence of the latest source code scan and/or application penetration; deploying application firewalls/network segmentation; complying with all appropriate policies and regulations (e.g., SOC 2, GDPR, etc.); and running a comprehensive employee security awareness program.  

5.   Get ready for more cloud leakage and breaches.

Many organizations (and virtually all SMBs) do not have cloud security specialists on their roster; not because they do not want them, but because they are quite hard to find-and very costly when available! Unfortunately, this growing skills shortage means that we will see many more cloud leakage and breach events in 2023.

To deal with this challenge, organizations should continuously train users, DevOps, IT, and security staff in order to ensure the proper and secure use of the fast-changing cloud space. It is also critical to establish visibility over the usage and consumption of deployed resources. In addition, organizations that do not have in-house cloud security expertise should fill this critical skills gap by working with a Managed Service Provider (MSP).

6.   Pressures from regulatory bodies and insurance providers will drive increasing privacy and security due diligence and requirements.

In response to the worsening IT security threat landscape, regulatory bodies and insurance providers are demanding that organizations meet increasingly higher IT security standards.

We expect this to intensify in 2023, which means that some organizations will need to revisit (or in some cases, create from scratch) their cybersecurity incident response plan and policies. As part of this effort, some organizations may also need to add or replace tools in their ecosystem. For example, a growing number of insurance companies are demanding that policyholders have a robust privileged access management (PAM) solution in place that supports practices such as account brokering, password rotation, role-based access control, and session recording.

The Bottom Line

Nobody has a crystal ball or magic mirror to gaze into the future and see precisely what is on the horizon. However, regardless of how the next 12 months play out, it is a very safe bet that the IT security challenges above will determine for many organizations whether 2023 is a year worth remembering-or one they cannot wait to forget!



Maxime Trottier 

As VP Sales & Marketing at Devolutions, Maxime Trottier leads the company's international market research and development efforts, along with customer relations and overall business development. He's driven to bring innovative and cutting-edge solutions to Devolutions' customers around the globe - this includes secure remote access management, secure digital vaulting, secure password management, MFA, and security automation. All of Devolutions' solutions are affordable for SMBs, and are simple to deploy, configure and use.

Published Thursday, January 19, 2023 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2023>