Red lock symbol surrounded by other sensitive cybersecurity symbols over a laptop.
Image: StackCommerce

2022 proved to be another year in which cybercriminals kept security professionals on their toes. Though more organizations seem to be taking the necessary steps to combat cyberattacks, the battle rages on.

With ransomware and security vulnerabilities and other hazards a seemingly never-ending threat, what can organizations and tech leaders expect this year in the arena of cybercrime? Here are 10 predictions from cybersecurity experts.

Jump to:

Ransomware attackers will focus more on data exfiltration

“The threat from ransomware will still remain even in the face of decreased attacks,” said Matt Hull, global head of threat intelligence at cyber threat advisor NCC Group. “However, we are seeing an evolution in the way groups operate, not only because of law enforcement intervention but also cooperation among governments and regulators to tackle the problem.”

Hull believes ransomware gangs will continue to diversify their operations with less focus on encrypting data and more on exfiltrating data and carrying out distributed denial-of-service attacks.

More state-sponsored attacks will seek to shut down critical infrastructure

“If the past few years have been defined by ransomware attacks from organized hacking groups, we are now entering an era in which an increasing number of threats will come from state-sponsored actors seeking to disarm global economies,” said Asaf Kochan, co-founder and president of cloud security provider Sentra. “This poses a direct threat to specific sectors, including energy, shipping, financial services and chip manufacturing.”

These attacks won’t stop at just stealing intellectual property or demanding a ransom, according to Kochan. Instead, they’ll aim to disrupt, compromise and even shut down critical operations and infrastructure on a national level.

Cyberattacks through personal communications will create tension between employees and employers

“Social engineering attacks originating in employee-owned communication channels are highlighted in the news on a weekly basis,” said Steven Spadaccini, vice president of threat intelligence for security provider SafeGuard Cyber. “Cybercriminals are targeting high value employees on LinkedIn, Telegram and WhatsApp to infiltrate enterprises.”

In response, employers are trying to enforce security policies, Spadaccini said, but they need to weigh the risks versus the rewards. A conflict between personal privacy and corporate visibility could see its first class-action lawsuit in 2023 to test the boundaries.

SEE: IT physical security policy (TechRepublic Premium)

Third-party vendor security compliance is on the horizon

“Today’s enterprises rely on a web of third-party vendors for microservices and other outsourced solutions,” said Kochan. “While these third-party service providers can prove more efficient and cost-effective than in-house tools, they often serve as unprotected channels for malicious activity.”

A Gartner study found that more than 80% of third-party vendor risks are discovered after the initial onboarding and due diligence process, showing that traditional due diligence methods are failing to reveal the risks, Kochan added. As a result, organizations are already implementing stricter standards for third-party vendors, a trend that will become even more formal in 2023.

On-premises environments will become more vulnerable to security threats

“The future is in the cloud, and the world’s most talented engineers and developers are highly motivated to work on this bleeding-edge technology,” said Kochan. “This leaves organizations operating on legacy on-prem systems — including a significant number of Fortune 500 companies and other industry leaders — with a competitive disadvantage when looking for new talent.”

As more IT professionals turn to cloud-focused work, organizations will struggle to retain their best engineering and security teams, added Kochan. In turn, on-premises environments will be more vulnerable to compromise as cybercriminals exploit unpatchable legacy technology.

Continued transition toward the cloud will increase security needs

“Organizations are adopting cloud-first technology to move faster in their domain while improving cost and time efficiencies,” said Dan Garcia, chief information security officer of software provider EDB. “Though both hybrid and multicloud approaches offer greater options for accessibility and workload offsetting, these environments can also widen security gaps.”

To deal with the risks and vulnerabilities of cloud environments, organizations will need to ramp up their employee education and training, Garcia said. Those organizations that don’t have the in-house resources to effectively manage cloud environments should consider external parties with the right expertise in cloud privacy, security and deployment.

SEE Security Awareness and Training policy (TechRepublic Premium)

Data storage solutions will need to ensure proven protection and security

“Channel solutions providers and end users will prioritize data storage solutions that can deliver the most reliable, real-world proven protection and security,” said Surya Varanasi, chief technology officer of enterprise storage vendor StorCentric. “Features such as lockdown mode, file fingerprinting, asset serialization, metadata authentication, private blockchain and robust data verification algorithms will transition from nice-to-have to must-have, while immutability will become a ubiquitous data storage feature.”

Consumer attitudes toward online security and privacy will heighten

“While enterprises getting hacked and hit by ransomware continue to make the headlines, cybercriminals have begun to hit not just enterprise businesses with deep pockets, but SMBs and individuals,” said Varanasi.

SMBs and individuals are more vulnerable to cyberattacks because they don’t have the level of protection or the big budgets of large enterprises, noted Varanasi. However, with remote work and remote access — the model for today’s worker and consumer — people will require and demand data protection and security that can protect them wherever they are.

Software-defined perimeters will begin to outpace VPNs

“In 2023, I predict that SDP will finally pull ahead of VPNs as the dominant technology for remotely connecting people and devices,” said Don Boxley, chief executive officer and co-founder of enterprise security provider DH2i. “More and more IT professionals are already using it successfully to connect to cloud or on-premises applications from wherever they are, and they are talking about it.”

Boxley also believes VPNs will decline in popularity in the face of bugs and performance issues. In the past, a small number of people depended on VPNs, but with the move toward a remote workforce, the risks of VPNs have multiplied, many of which are mitigated with SDPs.

The responsibilities of CISOs will continue expanding

“CISOs are already in charge of ensuring business compliance, hiring the right people, implementing strong threat management and getting vulnerabilities under control,” pointed out Ulfar Erlingsson, chief architect of cloud security platform Lacework. “Increasingly, CEOs and boards are giving CISOs an even larger mandate, and asking them to drive the probability of intrusions, data exfiltration, ransomware, etc., to effectively zero.”

To handle the increased responsibilities at preventing security breaches and other threats, CISOs may not have the time to build their own in-house solutions, added Erlingsson. Instead, they should consider third-party technologies based largely on automation as a way to supplement the skills and resources of their internal teams.

Read next: Security risk assessment checklist (TechRepublic Premium)

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays