In the world of cybersecurity, each new year brings new security trends, threats, and technologies along with it. 2023 will be no exception. Although the industry has developed advanced tools and methods for mapping and mitigating security risk, hackers are quick to poke new holes wherever and whenever they can.
Here’s a look at the five most pressing cybersecurity predictions for 2023.
1. The supply chain attack surface will expand to include security tools themselves
In 2023, organizations will adopt more security solutions to manage the cybersecurity risk of their sprawling, complex and transitive supply chains. However, these solutions themselves will become new sources of risk.
Following high-profile fourth-party security breaches in 2022, such as Okta and LastPass, organizations are beginning to understand that their supply chains include more than just their vendors, suppliers and SaaS products. Today, the modern business’s supply chain comprises a complex web of plugins, business partners, MSBs, technologies and systems, each of which have their own third parties and introduce risk. A rising tide of new third-party security categories has emerged to address this rising complexity, such as SSPM (SaaS Security Posture Management), DSPM (Data Security Posture Management) and CSPM (Cloud Security Posture Management). Many new solutions emerged in 2021 and 2022, but we can expect to see more widespread adoption in 2023.
However, the integration of these solutions also presents security risk, which malicious actors will try to exploit. After all, even a third-party cybersecurity solution provider is a third-party supplier. To work, these providers need some level of access to your systems and/or data — which means their security posture has a direct influence on yours. As a result, we can expect to see a new wave of breaches that aim to take advantage of security integrations.
2. Companies will shift their focus from cybersecurity solutions to programs
As organizations’ security tech stacks grow, companies will begin to prioritize strategy, budget and human capital resources on how to address new risk.
As the threat of cyberattacks on companies’ vast third-party interactions (including cybersecurity solution providers) increases, it will become clear that simply adding more security tools is not the solution.
Instead, we predict that in 2023, security teams will realize the need to develop more robust workflows for segmenting and classifying all third-party services, vendors, business partners, products, and sub-products; mapping asset connectivities and attack vectors; and monitoring changes to security posture.
In short, the frenzy of third-party cybersecurity solutions will be replaced with efforts to reform internal security policies, programs and processes.
3. Security providers will add or enhance their cloud offerings
As cloud and hybrid architectures become ubiquitous, cybersecurity providers will expand offerings to address cloud security.
In 2023, we predict that securing cloud infrastructure will remain a primary vertical for cybersecurity companies. As we mentioned in the first point in this article, cloud security software (CSPM) emerged over the last few years to address security needs in cloud computing environments. In the upcoming year, we anticipate that most existing security providers will augment their offerings with dedicated cloud solutions.
At the same time, CSPM providers are expected to broaden their services beyond securing cloud infrastructure. As more organizational workflows migrate to the cloud, it’s become necessary to address issues like phishing, social engineering, and organizational security policy enforcement in cloud environments.
4. Greater data privacy and security regulations are on the horizon
The data protection regulatory landscape will continue to evolve — and so will the business of compliance certification.
Since the emergence of landmark data privacy laws like the EU’s “Right to be Forgotten,” GDPR, and CCPA, the regulatory landscape has become increasingly stringent. In 2023, we expect this trend to continue. What’s new will be the emergence of new businesses that aim to help companies remain compliant with data protection laws and aligned with emerging recommendations. This new subcategory of data security compliance businesses will focus on assessing organizations’ data security and compliance standing, and provide certifications.
Among organizations with more mature security architectures, we expect CISOs to take a more active role in compliance efforts. To that end, they will need to become more involved in understanding how the software, apps, and APIs they use are integrated into their systems, how they work, and how they process data.
5. Phishing schemes will become more prevalent
In 2023, organizations will need to double down on their efforts to educate staff on how to identify and avoid phishing attacks.
Phishing will always be a go-to for hackers because it’s the easiest way to lure employees into sharing their credentials to company networks, systems, and apps. This issue is compounded by the remote work environment. When employees and leadership don’t work in proximity to one another, it becomes harder to identify fraudulent requests for information. The likelihood of human error and falling for phishing attacks is higher in a remote work environment.
In 2023, remote, dispersed teams will remain the norm, even as some companies return to the office. To overcome the threat of phishing, organizations must have a system or solution in place that addresses access management.