An evolving landscape: Top 10 cybersecurity predictions for 2023

12 Jan 2023

Image: © Rawpixel.com/Stock.adobe.com

Experts predict AI will impact the ‘arms race’ between cyberattackers and defenders, while economic issues and a skills shortage will impact the industry.

Cybersecurity has grown into an issue that affects nearly every sector, from SMEs to large companies managing critical infrastructure.

The last year had a variety of cybersecurity developments, from cyberattacks targeting countries such as Ukraine and Costa Rica, to warnings about state-sponsored threat actors posing a threat to vital sectors.

Various companies suffered high-profile attacks and data breaches, as criminal gangs such as Lapsus$ claimed responsibility for a wave of cybercrime.

As a result of surveys toward the end of the year, experts warned that cyberattacks will continue to rise in Ireland because the shift to digital transformation opens new potential attack vectors for criminals to exploit.

With the rapidly evolving landscape, experts have shared some of their key predictions for how cybersecurity will change in 2023.

Economic issues will increase cybersecurity risks

The global economy and signs of a looming recession impacted the tech sector hard in 2022, with signs that the crunch will continue this year. The cybersecurity sector isn’t immune to these changes, as experts say these issues will spill over and increase the risk of security breaches.

Jennifer LuPiba, the director of product marketing and customer engagement at Quest, claims that soaring inflation could lead to employees assisting ransomware criminals, as financial difficulties may make staff give in to bribe offers.

“At the same time as cybercriminals are ramping up their attacks, IT teams will be struggling with their own inflation challenges,” LuPiba said. “In particular, budget cuts combined with unfunded IT mandates are likely to be a particularly vexing reality in 2023.”

The rise in inflation and supply chain costs were noted as potential issues by Simon Chassar, CRO of cybersecurity company Claroty. He said companies are working to react to these economic issues while balancing multiple projects such as digital transformation, security and IT debt.

“Decision-makers will have to prioritise these projects and implement risk and mitigation strategies to combat the current economic situation,” Chassar said.

Despite these concerns, some feel that the cybersecurity industry will thrive regardless of economic issues. The CEO of Malwarebytes, Marcin Kleczynski, said the potential threat of cyberattacks won’t lessen because of the economic crisis.

“Cyber criminals don’t retreat in the face of economic trouble – if anything, they up the ante,” Kleczynski said. “As businesses try to keep pace, in 2023 we’ll see significant growth in the endpoint protection market as a whole.”

Changes and challenges for cybersecurity leaders

As threats continue to evolve, so have the leadership positions in cybersecurity. Last year, Christian Have, CTO of computer security company LogPoint, told SiliconRepublic.com that the role of the CISO has changed from an “isolated C-suite position” to one of data-driven decision making.

In 2023, experts anticipate more changes for these security leaders. VMware’s principle cyber security strategist Rick McElroy believes the chief information security officer (CISO) role is at a “major inflection point” and that the title will become more challenging as cybersecurity leaders stay in the spotlight.

“The added legal pressure some CISOs now feel following high-profile security leader convictions and whistleblower complaints is added weight to an already stressful job,” McElroy said. “CISOs are tirelessly fighting for larger budgets in order to ensure that security becomes or remains a board-level issue and an organisation-wide responsibility.”

Last year’s criminal prosecution of former Uber CSO Joe Sullivan has also set new implications for security chiefs, with the concern that CISOs are being held personally responsible for breaches.

Critical infrastructure will be at increased risk

Cybercriminals have been known to target vital sectors to increase the chance of ransom demands being met, such as the “significant and serious” attack on Ireland’s Health Service Executive in 2021.

Chassar believes that these sectors are going to be targeted more in 2023, due to a rise in threat actors associated with nation-states.

“Their activity targeting the critical infrastructure industry, from manufacturing to water and energy, will continue to grow, fueled by ongoing global geo-political conflicts such as the Russia/Ukraine war, as well as the current economic climate,” Chassar said.

Spencer Starkey, channel sales EMEA VP for SonicWall, predicts that healthcare and education will be among the sectors most targeted by cyberattacks in 2023. The cybersecurity company claims the healthcare sector saw a 328pc year-on-year increase in ransomware attacks last year.

Last August, a French hospital was forced to send patients to other institutions after it was hit with a ransomware attack, with a second French hospital reportedly targeted last month.

“Furthermore, both these industries are increasing their IoT footprint which will make them more susceptible to digital attacks,” Starkey said.

Remote work will expand the attack surface

Many companies were forced to adapt to remote working in 2020, as the Covid-19 pandemic caused global lockdowns. While this has created benefits for many employees, experts have shared concerns that it creates new vulnerabilities for businesses.

Kelly Ahuja, CEO of cloud services company Versa Networks, argues that the shift to hybrid models of working will alter traditional security architecture.

“Cloud adoption and the increase in remote work has extended the enterprise perimeter expanding the attack surface,” Ahuja said. “As the traditional enterprise perimeter dissolves, protecting users, devices, data and connecting this hybrid workforce/devices to applications in hybrid cloud will drive a rethinking of the security architecture.”

VMware’s global security technologist Chad Skipper warns companies that they are only as secure as the “weakest link” in the supply chain. He said criminals will continue to utilise “island hopping” in 2023, which is when a threat actor hijacks an organisation’s infrastructure to attack its customers.

“Remote desktop protocol is regularly used by threat actors during an island hopping campaign to disguise themselves as system administrators,” Skipper said. “It’s a threat that should be top of mind for all organisations, but particularly those in the healthcare industry given the sensitive nature of personal health data and the regulations across the sector.”

Ransomware will continue to ramp up

While there are various tactics used by cybercriminals, ransomware is one of the most prevalent and damaging tools at their disposal.

Last November, US security agencies warned about the growing prevalence of Hive ransomware, with estimates that it had extorted roughly $100m from companies since June 2021.

Miri Marciano, cybersecurity expert and associate director at Boston Consulting Group, said ransomware has grown as a threat through double extortion tactics, ransomware as a service and massive DDOS attacks.

“With these increasing threats, there must be an increase in talent and businesses are having to outsource to managed security services providers as the job market is highly competitive in the cybersecurity sector,” Marciano said.

Adam Brady, director of systems engineering for Illumio’s EMEA operations, believes industry and governments will be forced to band together in order to eliminate ransomware in the future.

“Ultimately, paying ransomware simply funds the activity, so the only way to eradicate ransomware is to stop the payment of it entirely,” Brady said.

“It is unlikely that any new legislation will be introduced in the next year, but we will certainly see discussions start to materialise about what this may look like and possibly the first iteration of this developed.”

Increased supply chain attacks

The interconnected nature of many tech businesses means attacks to supply chains have become more common and disruptive.

Last year, Zoom’s head of security assurance, Sandra McLeod, said attacks such as the 2020 breach of Solarwinds acted as a “wake-up call for organisations” to consider the security of external companies they do business with.

Kev Breen, cyberthreat research director with cybersecurity company Immersive Labs, said supply chain attacks will post a “massive risk” for companies, combined with the fact that criminals are getting quicker at exploiting flaws.

“We’ve seen that once a vulnerability is announced, it’s exploited within minutes to hours, not days to weeks,” Breen said. “In 2023, the pace of the threat landscape will further quicken, and most defenders will find themselves one step behind, which is why proving cyber resilience and preparing for future risk are key.”

Last October, GitHub shared a new strategy to boost the security of open-source projects, following a wave of supply chain attacks that impacted dozens of organisations on its site.

AI will boost both attackers and defenders

AI technology has leaped in recent years, showcasing a capability to bring benefits and risks to various industries.

Cybersecurity is no exception, as experts like Marciano believe both defenders and attackers will utilise this technology to get an edge.

“Social engineering-based attacks will be strengthened by AI and machine learning,” Marciano said. “It is simpler and faster to gather data on businesses and employees using these capabilities.

“On the other hand, AI can strengthen cybersecurity–powered systems such as SIEM (security information and event management) capabilities allowing security teams to detect threats faster and respond to incidents quicker.”

There is also evidence that deepfakes – which use AI to create fake images and videos of real people – are being used to infiltrate organisations.

David Mahdi, the CSO and CISO advisor to Sectigo, believes cyberattacks will use this technology for more social engineering attacks and impersonation, which can be “difficult to prevent”.

“Those in the security business should choose biometric authentication methods with care – and with the understanding that, as deepfakes become more sophisticated, those biometric authentication methods may be rendered much less useful,” Mahdi said.

“On the other hand, everyday individuals should monitor their accounts regularly, especially for banking, loan and other financial services.”

MFA faces a reckoning

In recent years, sectors such as online banking and social media have upped their security practices using multifactor authentication (MFA), which provides more layers of security than a single password for example.

However, while MFA has grown to be a useful layer of cybersecurity, it is not unassailable for criminals, who have exploited technical and human weaknesses in these systems.

Lucia Milică, the global resident CISO of cybersecurity company Proofpoint, said a “cat-and-mouse game” has developed. As more organizations add MFA as a security layer, more cyberattackers pivot to exploit weakness and “MFA fatigue” among users.

“What makes this threat more challenging is that it exploits not just technology but also human weaknesses,” Milică said.  “Attackers often rely on notification fatigue, bombarding an employee with approval requests until they finally relent.”

This form of “notification fatigue” is believed to have been used in several high-profile attacks last year, such as the Uber data breach.

Miles Hutchinson, the CISO of identity verification company Jumio, believes the success of these criminal tactics will force businesses to leave MFA behind and search for verification alternatives.

“It’s likely that many organizations will begin to look toward passwordless authentication as the preferred method of authentication – and a sure way to avoid users falling victim to MFA fatigue,” Hutchinson said.

Skills shortage will exacerbate problems

There is evidence that Ireland managed to reduce its cybersecurity skills gap last year, though the same can’t be said for the rest of the world.

A report from (ICS)2, released last October, revealed a substantial jump in the size of the global workforce gap to 3.4m – up from 2.7m the previous year.

Marciano of Boston Consulting Group believes the labour market for cybersecurity will continue to be “highly competitive” in 2023, while companies will turn to “automation and orchestration” to address their security needs.

Kleczynski of Malwarebytes has a darker prediction for the year ahead, as he believes the skills shortage will “come to a head” and make the issue more apparent.

“I expect we’ll see a nationally significant attack in the US that can be directly tied to a shortage of cybersecurity talent – either due to a mistake made by an overburdened employee, or an attack that overwhelms an understaffed team,” Kleczynski said.

Last November, three cybersecurity experts shared insights on how companies can address the ongoing talent shortage.

A push toward cybersecurity consolidation

Similar to the prediction that government and industry will band together, some experts believe that the cybersecurity sector will consolidate to respond better to the rapidly evolving landscape.

Tying into one of the top IT predictions for the year, Illumio critical infrastructure director Trevor Dearing believes that operational technology (OT) systems will be integrated into existing IT security strategies, to improve costs and efficiency.

“As environments become increasingly connected, organisations will need a more single and structured approach to cybersecurity, with prioritisation given to improving visibility and monitoring to reduce cyber risk,” Dearing said.

“It will no longer make sense for organisations to have separate teams for IT and OT security, with the disconnect opening organisations up to even bigger security threats.”

A recent report from investment firm GP Bullhound also predicts that the increased complexity of cybersecurity services will drive a push toward consolidation, with large providers moving to offer “end-to-end solutions” for their customers.

This consolidation drive will lead to more mergers and acquisitions, according to Yaniv Vardi, CEO of cybersecurity at Claroty. He predicts that larger companies will “scoop up smaller providers” that are focused on “specific verticals or use cases”.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com