Cyberattacks are becoming more sophisticated, especially in the aftermath of the COVID-19 pandemic. Now more than ever, it’s crucial for companies to build responsive and preventive cybersecurity plans to protect them from cybercriminals.
In this article, we asked 18 IT leaders, security experts and managing directors to share their cybersecurity predictions for 2023 and highlight what businesses should be doing to protect their assets and data and be future ready.
These quotes will provide you with helpful and invaluable insights into what cybersecurity trends you should look out for to fine tune your enterprise security strategy and stay one step ahead of hacker
1. Ransomware, phishing and new attack vectors
- The continued rise of ransomware attacks: Ransomware attacks, where hackers encrypt a victim's data and demand a ransom to restore access, are expected to continue to be a major problem for businesses. It is important for businesses to regularly back up their data and to have incident response plans in place in case of an attack.
- The emergence of new attack vectors: As technology continues to evolve, new attack vectors will emerge. This may include attacks on IoT devices, 5G networks, and cloud infrastructure. Businesses should stay up to date on the latest threats and ensure that their devices and networks are properly configured and secured.
- Increasingly sophisticated phishing attacks: Phishing attacks, where hackers use email or other communication methods to trick victims into providing sensitive information, are expected to become more sophisticated. Businesses should educate their employees about how to recognize and avoid phishing attacks, and also use technology such as anti-phishing software to help protect against these attacks.
What companies should do:
Businesses should have a comprehensive cybersecurity strategy in place that includes regular security assessments, incident response plans, employee education and training and a focus on securing both internal networks and external partnerships. They should also be proactive in staying informed about the latest threats and trends, and be prepared to adapt their security measures as needed.
Learn more: Endpoint Security: Eliminate Threats and Improve Visibility and Protection
Isaac Madan, Co-Founder & CEO of Nightfall
2. New attacks involving AI, smishing, MFA, package impersonation and APIs
Every year we see some combination of new cybersecurity threats and expansion of previously successful tactics. As such, cybersecurity trends we are likely to see in 2023 include:
- Use of generative AI tools, such as ChatGPT, to further lower the skill required to produce malware and phishing lures to target companies; security awareness training coupled with protection at the edges of the network will be necessary to reduce inbound attacks and block outbound traffic related to successful infiltration
- Smishing attacks, which rose in 2022, will see continued growth with increased targeting of employees on personal devices as attacks look to exploit the remote work environment
- Expansion of MFA (multi-factor authentication) attacks, in particular, MFA push spam and man-in-the-middle attacks; in reaction, developers are likely to move towards more resilient forms of additional authentication, e.g. hardware tokens
- Increased package impersonation attacks via public repositories leading to increased supply chain attacks; companies will need to expand verification and software composition analysis to identify threats
- Increased attacks focusing on APIs. As API use increases, so are attacks focusing on insecure APIs. Strong authentication, such as OAuth, with regularly reviewed access control lists and proper encryption, will help mitigate many of these attacks
Alex Falovich, Senior Cyber Security Threat Analyst, IdentityDigital
3. Don’t ignore AI
Through past years, the number of attempted cyber-attacks has grown so rapidly that human experts can’t react to them all anymore and prevent them from happening. So, in 2023 AI will be a big trend in the cybersecurity sector, but still, we don’t talk about it enough.
Artificial Intelligence can help cybersecurity by examining the vast amount of data moving across networks in real time. This will also translate into faster detection of most cyber-attacks (those that human experts can’t detect).
Marcin Gwizdala, Head of Technology at Tidio
4. The impact of technology on people’s digital autonomy
While technology is advancing at speed for convenience, it can be said to be slowly eroding the digital autonomy of people and threatening their privacy, especially if they feel they don’t have any control over what data is collected or stored about them. A case in point is the healthcare sector. We’ve seen a rise in ransomware and spear phishing using BEC (Business email compromise) of healthcare and insurance records – data that is highly sensitive in nature, and to a cyber criminal, worth more than generic data; the information could be used for identity theft, drug theft, and insurance fraud to start with.
One difficulty in a large-scale organisation such as a hospital, is the busy environment – a spear phishing attempt is likely to get through when the employee is busy, or tired and the email is using a sense of urgency or authority as a catalyst for action. Training on how to spot these attempts isn’t a priority in a healthcare situation. Protecting digital assets in healthcare starts with staff phishing training and instilling a culture of data security. Data can be secured by keeping software and hardware up to date, backing up regularly so there isn’t a gap in service and regularly tying everything back to that culture of data security – for both the business and the individual.
Damian Grace - Executive Director and Founder, Phriendly Phishing
5. Use new technologies, but don’t ignore the risks
Automation is set to become a major factor in cybersecurity. Automation tools can be used to detect and respond to potential threats quickly and effectively. This will help organizations save time, cost and resources related to security efforts. We also expect the increasing use of machine learning to automatically detect suspicious activity on networks or within applications. This allows for more accurate threat detection with fewer false positives which could potentially reduce the risk of data breaches. Companies will also work on user authentication processes improvement to make sure that only authorized personnel have access to sensitive data. It can be done by using strong user authentication processes such as multi-factor authentication or biometrics.
Enterprises must consider the potential security risks that come with using new technologies. Here are just a few cybersecurity tips:
- Automated vulnerability scanning can help organizations detect and fix vulnerabilities before they are exploited by malicious actors.
- To reduce insider threats, strengthen user access controls by restricting network access privileges only to users who require them.
- Plan security awareness training sessions: it helps ensure that employees understand best practices when it comes to keeping systems secure.
Michael Chepurnyak, CEO and Founder of Ein-des-ein
Learn more: How to Create Security Awareness Training that Staff Will Actually Pay Attention To
6. Log4j vulnerabilities
In 2023, we can expect to see daily, persistent internet-facing exploit attempts and more post-initial access internal attacks. Log4j attack payloads have become part of the new ‘background noise’ of the internet, and the exploit code has been baked into numerous kits used by adversaries of every level. It’s very low risk for attackers to look for newly-exposed or re-exposed hosts unpatched or unmitigated weaknesses—they need only persistence and luck to find that one exposed device or service.
CISA’s database of software affected by the Log4j weakness stopped receiving regular updates earlier this year. The last update showed either ‘Unknown’ or ‘Affected’ status for ~35% (~1,550) of products catalogued. Attackers know that existing products have embedded Log4j weaknesses, and have already used the exploit in ransomware campaigns.
All of this means organizations must continue to be deliberate and diligent when placing services on the internet. If you have not yet dealt with your internal Log4j patching, 2023 would be a good time to do so. We will see more headline-grabbing Log4j-centric attacks, and it is vital you do what you can to ensure your organization isn’t one of them.
Bob Rudis, VP Data Science at GreyNoise Intelligence
7. Multi-factor authentication and mobile security
Multi-factor authentication (MFA) continues to rise in importance, as businesses are ramping up their cybersecurity frameworks by adopting different authentication measures. Security has been prioritized more in recent years, therefore MFA will need to be utilized much more to fulfill security expectations.
As the world continues to move towards mobile, mobile security is the next big thing that is attracting the attention of CISOs and cybersecurity professionals. Mobile devices are increasingly becoming the agents of cyber-crimes, as hackers are infiltrating even SMS-based authentication.
Yogesh Chaudhary, CEO & Co-Founder of, Finoit Technologies
Learn more: Is It Ever Right to Remote Wipe an Employee's Work Device?
8. Focus on gathering intelligence on potential threats
Beyond strengthening cybersecurity practices, IT leaders need to think about how they can anticipate future attack vectors that malicious actors may use against them down the line.
This means having sufficient resources devoted towards gathering intelligence on potential threats as well as staying up-to-date on new developments related to existing ones so that teams can react quickly when faced with adversaries aiming to disrupt operations or steal valuable information from an organization's network environment.
Travis Lindemoen, Managing Director of Nexus IT Group
9. Stay up to date on the latest security tech
As technology advances, so does cybercrime. In fact, in the next few years, cybersecurity threats will become even more prevalent. That’s why it’s crucial for businesses to stay up to date on the latest security technologies.
Trends to keep in mind for 2023:
- Cyberattacks will become more sophisticated and fraudulently sophisticated.
- Businesses will be targeted with more ransomware and phishing attacks.
- Businesses will need to adopt more secure passwords and adopt two-factor authentication (2FA).
- Businesses will need to install robust security software and create incident response plans.
So what can businesses do to stay safe? Here are a few tips:
- Create and enforce strong passwords: Passwords should be at least 8 characters long and include alpha numerals, lowercase letters, and numbers.
- Install 2FA: 2FA can help protect your account from being hacked. To activate 2FA, you need to have a unique code that is sent to your smartphone or other device.
- Keep up to date with security software: Make sure to install the latest security software and patches to keep your business protected from cyberattacks.
Alaa Negeda, Senior Solution Architect, Chief Technology Officer and IT expert at AlxTel
Learn more: 16 Bad Password Habits (and How to Solve Them)
10. It’s time to break the data silos!
I believe 2023 is going to be the year of data. Cybersecurity organizations have operated in siloed hierarchies for a long time and Conway's law tells us that the results will be as segmented as the teams that built them. This year, we’ll finally begin to break down the silos and bring together data so that defenders can operate with the fluidity and agility that our adversaries do. I suspect that this trend is going to make it even more important that teams understand how to better communicate with one another, how to embrace human-centered design, and how to communicate risk, all those non-technical skills that as an industry we so often neglect.
Robert Wood, technologist and Founder of Soft Side of Cyber / CIO at Centers for Medicare and Medicaid Services
11. The side effects of digital transformation
Many people talk about digital transformation, but what does it mean? In most businesses it involves some combination of moving services to the cloud, embracing modern technologies like micro-services and connecting everything with APIs. This connective tissue of APIs now contains the crown jewels of the business - its data.
Unfortunately, most companies have no idea how many APIs they expose, let alone how to protect this traffic from abuse. With estimates that over 80% of internet traffic is over APIs, this is a vast attack surface. Getting visibility into API traffic, understanding normal usage, identifying risks and preventing abuse is going to be paramount.
Edward Roberts, VP Marketing at Neosec
Learn more: 8 API Security Best Practices You Should Know
12. Increased identity theft and new cybercrime vendor models
The rise of Biometrics and advanced facial recognition in financial services will become a trend in 2023 as identity theft and hacking attacks continue to increase. As hackers become incredibly smart in getting through organizational defenses, companies will be spending more on cybersecurity, which is why we expect the rise of SECaaS (Security as a Service) as well as identity thefts and authentication attacks in the near future.
Also, newer business models will be used by cybercrime vendors, one of which will be Exploit as a service. As ransomware attacks continue to improve, the best way businesses can protect their assets and data is to have mandatory cybersecurity workshops at a pan-company level. That way, every individual can be well acquainted with cybersecurity protocols and are set to secure their company data from exploitation in case of cyberattacks.
Brian David Crane, Founder of CallerSmart
13. The use of predictive analytics in cybersecurity
By 2023, we'll likely see a big push for using predictive analytics in cybersecurity. As cyber-attacks get more advanced, it's becoming more crucial for companies to be able to predict and catch them early on. Along with that, there will be a greater emphasis on automating security measures to reduce the attack surface and take some of the manual labor out of security response.
Using AI and machine learning for security monitoring and detection will become more widespread. These technologies can help detect unusual activity, pinpoint potential threats, and make it easier to manage security systems. They can also be used to research new threats and vulnerabilities as they arise.
Abdul Rahim, IT professional and Founder and CEO of Software Test Tips
14. Organizations need cyber insurance
As the frequency and severity of cyberattacks continue to increase, organizations will increasingly turn to cyber insurance to protect against potential losses. This will include purchasing cyber insurance policies and reviewing and updating them regularly to ensure they provide adequate coverage.
Ahad Ali, CEO of Ahad&Co
15. Greater use of encryption
With the growing number of data breaches, organizations will place a greater emphasis on encryption to protect sensitive information. This will include the use of encryption for data in transit, as well as data at rest, in order to protect against potential breaches.
Steve Rose, Vice-President at MoneyTransfers
Learn more: Data at Rest vs Data in Motion: Fundamental Differences in Data Protection
16. The rise of SIEM
Cyber insurance companies are going to demand more specific technologies than pushing for outcomes. It's much easier to ask "do you have a lock on your door?" than "is your house secure?" and get a straight answer. But the most recent trend I've seen is "Do you have a SIEM?".
Passwords are one of the oldest security tools on the internet. but today, we see rising cybercrime. Passwords are hard to remember, easy to replace, guess, hack, and intercept, leading to constant attacks. They are the number one target of cybercriminals and a lot of the breaches involve weak and stolen passwords.
Michael Argast, CEO of Kobalt.io
17. Increased use of AI and ML in cybersecurity
As cyber threats become more sophisticated and frequent, organizations will turn to artificial intelligence and machine learning to help them detect and respond to threats in real-time. These technologies will be used to analyze large amounts of data, identify patterns and anomalies, and make predictions about future attacks.
Alex Armstrong-Paling, Managing Director at toolfit
Learn more: How Machine Learning Will Help in the Fight Against Ransomware
18. Business must pay more attention to social engineering
Social engineering attacks, such as phishing and spear-phishing, will continue to be a major concern for organizations. As a result, businesses will focus on educating employees about these types of attacks, and implementing security measures to detect and prevent them.
Derek Bruce, Operations Director at Skills Training Group
Access the latest business knowledge in IT
Get Access
Comments
Join the conversation...