This week’s blog features an article from our friends at Security Magazine with the top cybersecurity predictions for 2023. Information security leaders share their forecast for the year and offer cyber risk management best practices.
As you build your cybersecurity resilience planning, priorities and roadmap for the year ahead, security and risk experts offer the following cybersecurity predictions for 2023.
1.Demand for cyber insurance is going to increase, but it’s going to become harder to get, by Jon France, CISO at (ISC)
“Cybersecurity awareness has its benefits and drawbacks…one of those drawbacks is higher premiums for cyber insurance. In Q1 2022 alone, premiums for cyber insurance rose nearly 28% compared with Q4 2021. This is largely due to heightened awareness of the financial and reputational risks of cyber incidents such as ransomware attacks, data breaches, vulnerability exploitation and more. At the same time, underwriters are also making requirements for obtaining cyber insurance much more strict, requiring things like two-factor authentication and the adoption of specific technologies like EDR, XDR and more. In fact, these documents used to be two-page questionnaires…now they’re full audits and 12+ pages long. So, increasing cyber insurance premiums and stricter requirements to obtain insurance will be interesting hurdles to watch in 2023.
On the flip side, we will likely also see an increase in demand stemming from the rising incidence of supply chain issues. Because of these issues, companies will likely start requiring more and more that any vendor or third party they work with must-have cyber insurance. As we’re already starting to see, with geopolitical issues spilling out across borders, in addition to the cyber threats companies are constantly facing, companies are going to prioritize protecting their most critical assets (including their reputation). In 2023, demand for cyber insurance will continue to increase, as will prices and requirements for obtaining these policies.”
2. The recession will cause a reduction in spending on training programs
“Despite the idea that cybersecurity may be a recession-proof industry, it’s likely that personnel and quality will take a hit during the economic downturn. We’re not seeing core budgets for cybersecurity being cut as of now, but the more ‘discretionary’ areas, such as training budgets, are likely to see scalebacks. This goes for both security awareness training at companies of all sizes and training cybersecurity professionals on how to adequately protect their critical assets. The industry is already facing a skills shortage, and unfortunately, we’re likely to see that skills shortage worsen as the recession takes hold in 2023 due to the increased demand for skilled cybersecurity workers.”
3. Security leaders will increase their focus on cyber resilience, by Michael Adams, CISO, Zoom:
“While protecting organizations against cyber threats will always be a core focus area for security programs, we can expect an increased focus on cyber resilience, which expands beyond protection to include recovery and continuity in the event of a cyber incident. It’s not only investing resources in protecting against cyber threats; it’s investing in the people, processes, and technology to mitigate the impact and continue operations in the event of a cyber incident.”
4. Automation & Security Operations, by Michael Mumcuoglu, CEO and co-founder at CardinalOps:
“In 2023, we’ll see automation move into the few remaining areas of Security Operations that are still dependent on manual processes. These areas include threat exposure management, which helps holistically address questions such as “How prepared are we to detect and respond to the adversaries most likely to target our organization?” Another area that will become more automated is detection engineering, which is still highly dependent on specialized expertise and tribal knowledge. Automation will not only reduce the risk for these organizations, it will also free SOC personnel from mundane tasks so they can focus on more interesting challenges that truly require human creativity and innovation, such as threat hunting and understanding new and novel attack behaviors.”
5. A rise in cloud native breaches, by Shira Shamban, CEO at Solvo:
“Not only will we see a rise in security incidents overall, but specifically, a rise in cloud native breaches. According to 2022 research, nearly half of all data breaches occurred in the cloud. As companies continue to migrate parts or entire infrastructures to the cloud, we will see an increase in the amount of data and crown jewels stored in the cloud, leading to more opportunities for cloud-native security incidents. Applications must be built in a way where third parties can be trusted. Because this supply chain isn’t secure, hacking in the cloud holds a lot of growing value in the eyes of cyber attackers.”
6. Cybersecurity training, by Mika Aalto, Co-Founder and CEO at Hoxhunt:
“In 2023, we will see continued advances in cybersecurity training. Humans didn’t evolve to spot dangers in the digital world. The school system doesn’t teach them defense against the dark arts of cyber-attack. It’s on us. Human risk is an organizational problem. Equipping our people with the skills to stay safe from phishing attacks is our responsibility.
Automation, adaptive learning, and artificial intelligence/machine learning can help deliver personalized training at scale. Why is that important? Because people need to participate frequently with relevant training that stays at the edge of their skill level in order to improve and stay engaged. A long, dry video followed by a punishment-based phishing simulation has been proven not to work. Fixating on failure leads to failure. Rewarding people as they acquire skills in a dynamic learning environment confers measurable improvement. This approach broadly describes gamification, whose demonstrated success is grounded in established principles of behavioral science and business and will be key to protecting organizations of all sizes in the year ahead.”
7. The Professionalization of Bad Actors, by Ratan Tipirneni, President & CEO at Tigera:
“The increasing availability of Ransomware-as-a-Service, a model which offers bad actors sophisticated vulnerability distribution while simultaneously isolating them from the risks of the trade, will lead to a worsening security situation for unprepared enterprises. The combined effect of readily available threats and poorly secured deployments will surely lead to high-profile breaches. In an ideal world, these breaches will finally get enterprises to go beyond the baseline regulations and make security a foundational effort.”
8. The Cyber Basics – Cyber Hygiene and Awareness, by Joseph Carson, chief security scientist and Advisory CISO at Delinea:
“The need to become a cybersecurity society will see an increase in getting the basics right. This means that cyber hygiene and awareness will be a top priority in 2023. With more organizations looking to obtain cyber insurance as a financial safety net to protect their businesses from serious financial exposure resulting from data breaches and ransomware attacks, the need to get a solid cyber strategy in place will be mandated to get insurance. The days of “cheap and easy” are over.
This means getting back to the basics in 2023 to level up cybersecurity baselines. Ongoing remote work and cloud transformation mean that a strong access management strategy will be needed to be supported by multifactor authentication, password management and continuous verification to reduce the risks. In addition to implementing better access security controls, employers will need to empower workers with better cybersecurity awareness. This means ongoing training and education to ensure that as threats evolve, employees are informed and ready to be strong defenders in cyber strategies.”
9. Mobile Workplace Trends Will Create New Blind Spots for Enterprises, by Patrick Harr, CEO at SlashNext:
“Personal communication channels (gaming, LinkedIn, WhatsApp, Signal, Snapchat, etc.) will play a much bigger role in the attack paths that bad actors engineer to target businesses. Once an individual user is compromised, the bad guys can move laterally to get to the business. And because email has at least some protections in place today, cybercriminals are turning more attention to these other communications channels instead and seeing much higher success rates.
The biggest gaps in security postures come from the personal data of employees in the newly hybrid workforce. These blind spots are becoming more readily apparent as organizations adopt new channels for personal messaging, communications, and collaboration. Attackers are targeting employees through less protected personal communication channels, like WhatsApp, Signal, Gmail, and Facebook Messenger to perpetrate an attack. Then it just becomes a matter of penetrating laterally through the organization from their external foothold.
Also, more people are working on the same device for their business tasks and their personal life at the same time now, which is a significant blind spot. I only see that trend accelerating in this coming year. It all comes back to: how do I validate that you really are the person whom I am communicating with? Or is this the trusted file or corporate website link that I assumed it was?
The single biggest threat to any company is not machine security anymore – it is truly the human security factor. That is why these attacks on humans will continue to increase because humans are fallible and they get distracted, and many threats are not easily identified as malicious.”
10.Connected Devices Will Require More Robust Security, by Darren Guccione, CEO and Co-Founder at Keeper Security:
“The number of connected IoT devices has been rising for years, with no signs of slowing down. In the past three years, the number of IoT devices increased exponentially, due to accelerated digital transformation from COVID-19 and the proliferation of cloud-based computing. In 2022, the market for IoT is expected to grow by 18% to 14.4 billion active connections. As more consumers and businesses rely on connected devices, these connected solutions become more vulnerable to cyberattacks. With this, the billions of devices shipped by original equipment manufacturers (OEMs) will require greater out-of-the-box security to mitigate the risk of malware intrusions and their contribution to Distributed Denial of Service (DDoS) attacks. To prevent and mitigate devastating attacks, manufacturers, and suppliers of OEMs must design security within the devices, embedding it in every layer of a connected device.”
11. Data visibility & Compliance, by Dan Benjamin, CEO and co-founder at Dig Security:
“In 2023, CISOs will prioritize adopting solutions that provide visibility into the data their organization holds, where it lives, and the risks imposed by that data. This visibility is critical for security leaders as they build programs to meet compliance requirements in a highly regulated world, and secure data in an increasingly challenging threat landscape.”
12. The ICS/OT Skills Gap will Widen Due to Unprecedented Demand, by Edward Liebig, Global Director of Cyber-Ecosystem at Hexagon Asset Lifecycle Intelligence
“Research has shown that the vast majority of electricity, oil and gas, and manufacturing firms have experienced cyber attacks over the past year and a half or so. Research has also shown that the cybersecurity workforce gap is growing due to high demand for skilled professionals. In addition to the intense threats against critical infrastructure systems that’s been prevalent for years, the Biden Administration’s new 100-day sprints across sectors and more regulations are released, more specialized professionals are needed to keep up. Additionally, many organizations currently lack staff with the ability to successfully integrate security practices and rigor across IT and OT departments, which is gaining significance and importance with the rise of industry 4.0 in 2023.”
13. Cyber risk management will be a top priority for business leaders, by Karen Worstell, Senior Cybersecurity Strategist, VMware
“When it comes to the governance and oversight of cyber risk, our system is broken. It’s no longer what it used to be fifteen years ago – we are dealing with higher stakes and fragile corporate reputations. As a result of this, in 2023, we will see companies double down on cyber risk management. Boards will need to have a much clearer role and responsibility when it comes to the process of ensuring adequate controls and reporting cyberattacks. Cyber risk governance is not just the domain of the CISO it is now clearly a Director and Officer level concern. When it comes to cyber, plausible deniability is dead.”
As the premier Managed Service Provider (MSP) of the Midwest, it’s our duty to keep businesses like yours protected around the clock with the best cybersecurity available. As we all know, 2022 was a record-breaking year for cyber attacks, data breaches, and ransomware. And the New Year is shaping up to be even more troublesome…
The best approach to cyber security is a proactive one! We suggest all SMB’s enter 2023 on high alert, aware that hackers and scammers are only getting more creative with their criminal activities. It’s more important than ever for your business to have a robust cybersecurity system in place, ready to detect and prevent any threat that comes your way.
Computers Nationwide offers 24/7 threat monitoring, zero-trust environments, and countless innovative computer security solutions customized to fit your company’s unique needs. We partner with trusted, industry-leading cyber security service providers to protect our clients with the latest cutting-edge tools needed for success in today’s digital landscape. Interested in security awareness training for your employees? We can help with that too!
Curious how your workplace will benefit from Managed Cyber Security in 2023?
Invest in cyber resilience and business continuity with CN!