12 Cybersecurity Trends Every CISO Must Prepare for in 2023
Despite security teams’ efforts, the cybersecurity landscape seems to worsen every year. Our experts share top cybersecurity trends that will help security leaders to strengthen their organization’s security posture in 2023 and beyond.
Work from anywhere and the relentless shift to cloud computing services have accelerated cybersecurity risks in companies. According to a 2020 survey by BakerHostetler, the most common cyber attacks experienced by US companies are phishing (38%), network intrusion (32%), inadvertent disclosure (12%), stolen/lost device or records (8%), and system misconfiguration (5%).
Despite security teams’ efforts, the cybersecurity landscape seems to worsen every year. A report by ThoughtLab found that the average number of cyberattacks and data breaches increased by 15.1% in 2021 – a significant rise from the previous year. Yet, 29% of CEOs/CISOs and 40% of chief security officers admit their organizations are unprepared for a rapidly changing cybersecurity and threat landscape, the report said.
Over the next two years, ransomware and phishing attacks will continue to give sleepless nights to security teams as “cybercriminals will become more prolific”, the ThoughtLab report added. As a result, CISOs and security heads need to assess how to navigate this ever-evolving cybersecurity terrain. To decode this insurgence of cyberattacks, we asked cybersecurity experts to lay down the top cybersecurity trends for 2023 that tech leaders need to focus on. Here’s what they reveal.
See More: Tech Talk: How CISOs Must Gear for Cybersecurity Challenges in 2023
1. Account For the Impact of Ransomware Attacks
Brian Masson, director of security, Jobber
“We’re going to see ransomware attacks continue and leaders need to be ready for it. IAM interfaces with the human element and has historically been a problem. Bad password practices, missing MFA, etc. – I don’t see this changing for a long time. A “new” area of focus: increasing fallout from nation sponsored actors. A few leaders might be directly responsible for critical infrastructure, but the rest of us have to account for the impacts those attacks will have on our businesses – increased absenteeism, disruptions to remote work, and similar indirect business challenges.”
2. Rebuild Endpoints Using a Sophisticated EDR
Sushila Nair, vice president of security services, NTT DATA
“Ransomware attacks have risen 240% in two years and will continue to rise. The majority of times, a ransomware’s initial vector of infection is endpoints, so organizations need to reduce the attack surface. Attackers are now spending time compromising backups, multiple nodes and services so that they can attack once they are already everywhere. In 2023, organizations will have to get better at rebuilding endpoints using a sophisticated EDR. In addition, organizations will turn more toward single sign on with MFA protection, and be more careful of leveraging free tier SaaS apps or SaaS apps that are unable to integrate with single sign on.”
See More: The Top Cybersecurity Trends to Be Aware of in 2023
3. Emphasize on Implementing Cybersecurity Best Practices
Kayla Williams, CISO, Devo
“There’s a lot of misconception today around who owns security. There’s a CISO – who is accountable for setting the strategy – but they cannot implement that strategy if there is no buy-in from other areas in the organization. It is up to those in each department to apply the controls that the security team recommends or mandates. This disconnect between the expectations of the security team and the actual implementation is where we see things fall through the cracks. 2023 will be the year that organizations seek to solve this problem and place more departmental emphasis on implementing security best practices.”
4. Invest in Employee Trainings To Ward Off Cyber Attacks
Mark Guntrip, senior director of cybersecurity strategy, Menlo Security
“Ransomware attacks will continue to rise in 2023. In today’s threat landscape no one’s systems are safe and there’s no signs of cybercriminals slowing down these efforts. Humans are the weakest link when it comes to security. Our research found that employees ignoring corporate security advice topped the list of IT security decision maker’s biggest concerns and 39% worry about ransomware attacks evolving beyond their company’s security capabilities. It’s no surprise that cyber attackers are becoming increasingly intelligent as we continue to see an emergence in techniques that can evade typical security stacks, like Highly Evasive Adaptive Threats (HEAT) attacks.”
See More: Helping Employees Understand Cybersecurity: Clear Expectations Are the Key
5. Zero-Trust Architecture’s Importance Will Grow
Danny Allan, chief technology officer, Veeam
“I expect the top cybersecurity priority for 2023 will be addressing the ransomware threat in a variety of ways, from upleveling cyber skills by working with the security team to the right security tools, like multi-factor authentication (MFA) and training courses. I also think zero-trust architecture’s importance will grow as a means to validate access and improve security, and expect to see a massive increase in cybersecurity budgets beyond levels thought possible mere decades ago.”
6. Incorporate Policy-as-Code Into Cybersecurity Practices
Gaurav Rishi, VP of product and partnerships, Kasten by Veeam
“As Kubernetes applications become mainstream, the attack intensity and vector are growing too. This will result in Kubernetes-native data protection tools growing further in importance to ensure backups remain your last line of defense. Organizations will also have to prioritize the balance between nature (using/securing the foundational codebase) and nurture (operational best practices including identity management, data encryption). Lastly, in the DevSecOps world, businesses will need to incorporate policy-as-code into their processes to institutionalize an additional layer of protection and ensure security practices are implemented across a diverse environment.”
See More: Cybersecurity Challenges that Need to be on Your Radar Right Now
7. Work Closely With Federal Agencies To Set Security Standards
Deral Heiland, principal security researcher, Rapid7
“With an accumulation of IoT vendors seeking to grow their brand trust, I predict in 2023 many will embrace voluntary product security standards to promote themselves above their competitors. I also expect IoT vendors to work more closely with federal and state agencies in an effort to set those security standards for IoT technology. In addition, as we continue to see the development and growth of new products where smart digital technology and the physical world intersect, we will begin seeing IoT devices with health and safety issues so problematic that vendors will be forced to do massive recalls similar to what we have seen in the auto industry.”
8. Be Transparent About Cybersecurity Practices With Customers
Tony Liau, VP of product marketing, Object First
“The public is becoming more aware of ransomware threats and data privacy issues, and the way companies interact and communicate with their customers will have to shift in 2023 as a result. As data leaks become more and more public, instead of trying to downplay the incident or hide it, organizations will need to be more transparent in their messaging. They’ll need to admit to the problem and provide details on what steps they are taking to mitigate the issue and prevent future breaches. Customers will appreciate this honesty and will be more likely to do business with companies that are open and transparent about their cybersecurity practices.”
See More: The State of Cybersecurity: Trends and Actions To Take
9. Generative AI Adoption Will Grow in Popularity for Security Tools
Fritz Jean-Louis, principal research director, Info-Tech Research Group
“Increased spending will be necessary to address operational updates needed to understand the threat environment and to bring in experienced cyber experts in a shrinking talent market. This will allow CISOs to keep pace with competitors during a time of rapid, continuous digital transformations. Generative AI adoption will continue to grow in popularity within security tools. Powered by neural networks, it can help detect crucial network anomalies, risks, and patterns that a human might miss. As software supply chain attacks become increasingly focused on identifying zero-day vulnerabilities, Zero-trust architecture is evolving from a preference among some organizations to an industry standard. Continuous verification of operations is now a necessity.”
10. Prioritize Cyber Resilience and Risk Reduction in 2023
Eran Kinsbruner, chief evangelist test automation practices, Perfecto by Perforce
“Our mobile devices are frequently at arm’s reach and store personal, sensitive data, making them easy targets of malicious attacks. Organizations must prioritize cyber resilience and risk-reducing strategies in 2023. To achieve this, teams can introduce a shift-left approach to implement codes and policies earlier in the development process that identify security gaps and weaknesses. However, the most successful teams will integrate testing parameters and checkpoints throughout the entire development lifecycle in a continuous and agile manner—going beyond only ‘shifting left.’ Expect to see more teams bring security analysis into the CI/CD pipeline, including static code and dynamic analysis activities and validating with functional testing and mocking services.”
See More: Why a Network Management Card Is Essential to Secure Enterprise Networks from Cyber Threats
11. New Regulations Will Introduce Mandatory Security Practices in IoT
Dan Berte, director, IoT security at Bitdefender
“IoT vulnerabilities will continue. An area that will continue to plague IoT vendors in 2023 is their slow response (or lack thereof) to security researcher contact for vulnerability disclosure and patching. Some mitigation is expected by new regulation such as the EU Cyber Resilience Act, however that will introduce mandatory cybersecurity requirements for products sold in the bloc, but the law isn’t expected to have authority until 2025 at earliest.”
12. Absence of a Cybersecurity Culture Will Pose a Serious Threat
Victor Kritakis, CISO, Epignosis
“Similar to previous years, companies will continue to struggle with phishing, ransomware and DDoS. Remote work is here to stay, along with the security risks that it brings. Unshielded home networks, untrained employees, and absence of cybersecurity culture will pose a serious threat to organizations unless they take proper precautions. A new geopolitical reality. The war that is happening, along with the energy crisis, may result in attacks on critical energy infrastructure.”
Which cybersecurity trends will continue to dominate the threat landscape in 2023? Comment below or let us know on LinkedIn, Facebook or Twitter . We’d love to hear from you!
Image Source: Shutterstock
MORE ON CYBERSECURITY:
