Cybersecurity trends you can expect to see in 2023

It’s that time of year again when we try to predict what’s ahead of us in terms of cybersecurity. 2022 has already become a record-breaker for the sheer volume of phishing scams, cyberattacks, data breaches, crypto heist and geopolitical unrest, giving rise to hactivisim where state-sponsored cyber legions disrupted critical infrastructure and services, defaced websites, launched DDoS attacks and stole information.

As we embrace the cyber security challenges for 2023, we review the social and economic trends that influence global organisations with a backdrop of scare technical resources and a predicted downturn in organisational spending.

Greater privacy and regulatory pressures

Governments and organisations around the world are stepping up efforts to protect the data privacy of citizens. Gartner predicts that by 2023, “65% of the world’s population will have personal data covered under modern privacy regulations, up from 10% in 2020.” In the U.S. alone, 5 major states will have new comprehensive data privacy laws rolling out in 2023, with a further 40 states having introduced more than 250 bills dealing with cybersecurity in 2022. Global mandates that critical infrastructure organisations must report cyber incidents and ransomware payments, provides greater comfort for the customers of organisations, but leaves the organisations themselves looking to build greater resiliency within their third-party supply chain and infrastructure.

The new buzz word in cyber – zero trust replaces VPN

Hybrid working continues to be the new normal for organisations and legacy networks are unable to meet scalability demands, with the weakest link in cyber resiliency chains the employee becoming further prone to cyberattacks and vulnerabilities. Zero trust is a multitiered approach that is both scalable and highly secure. Zero-trust strategy is based on the concept of “never trust, always verify,” which means that just because users can be identified and authenticated, they must not be granted blanket access to all resources. In a zero-trust environment, users are continuously validated, reassessed and reauthorised using multiple authentication methods.

The Biden administration has already mandated federal agencies to adopt a zero-trust architecture (ZTA) by the end of the 2024 fiscal year. Gartner believes that zero-trust network access (ZTNA) is the fastest-growing form of network security, and that it will grow by 31% in 2023 and will replace VPNs entirely by 2025.

Threat Detection and Response tools go mainstream

Cyberattacks aren’t a question of “if”; they’re a question of “when.” The only way organisations can mitigate an attack, or reduce its impact, is by the rapid identification of unusual activity across the entire ecosystem of users, applications and infrastructure. With the increasing drive to cloud threat, detection solutions need to embrace more dynamic operational effectiveness.

Threat Detection and Response tools like endpoint detection and response (EDR), extended detection and response (XDR) and managed detection and response (MDR) can analyse historical data using Artificial Intelligence and machine learning algorithms to spot unusual patterns as well as leverage threat intelligence to detect and block advanced threats that are designed to evade traditional defences.

Increased demand for third-party risk management

As we saw earlier, many adversaries are circumventing sophisticated defences that large enterprises deploy, by understanding the supply chain and hacking the weaker links of smaller suppliers that might have access to the same information but do not have an equal level of protection.

Gartner predicts that by 2025, 45% of organisations will experience attacks on their software supply chains, which will be three times as many as in 2021. Boards, CEOs and regulators are all demanding security assessment and improvement in the resiliency of supply chains.

The continued outsource of cybersecurity requirements

Cybersecurity complexity and a war on cybersecurity talent means that many organisations are neither experts in cybersecurity nor do they have the skills or resources to manage their security environments. The ongoing skills shortages for cybersecurity talent makes it difficult to recruit and retain security experts. For these reasons, many organisations will be forced to think creatively and the solution to reduce risk is the outsourcing of security operations to an experienced solution provider or leveraging the leadership services of a virtual CISO.

In summary, all employees within any organisation are the first line of defence in stopping cyber incidents and must stay vigilant, never compromise and, if needed, leverage security expertise for advice and guidance.

Buckle your seat belts – 2023 is going to be another bumper cybersecurity year.

Please click the link below to read more from our 2023 prediction series