In recent years, the world of cybersecurity has seen its fair share of headline-grabbing happenings: the post-pandemic shift to remote work, a former social media exec whistleblowing, the AI-driven ChatGPT phenomenon, and much more.
We’ve pulled together top security predictions for 2023 to help you determine where you should heed caution and where you can breathe easily.
The Russia-Ukraine war impact continues.
As the war in Europe enters its second year, experts predict economic uncertainty and even a mild global recession will play a significant role in cyber warfare. CISA recently warned of increased attacks “in an attempt to sow chaos and societal discord” and urged organizations to be hypervigilant in response to this risk.
According to Built In, the global threat of cyberattacks has increased by 16% since the Russia-Ukraine conflict began in February 2022. Although the Biden administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022, aiming to “allow CISA to rapidly deploy resources and render assistance to victims suffering attacks, analyze incoming reporting across sectors to spot trends, and quickly share that information with network defenders to warn other potential victims,” experts still believe the conflict in Europe will continue to affect global cyber resilience negatively.
RaaS continues to be lucrative.
Ransomware-as-a-service continues to gain popularity among threat actors, with ransomware breaches doubling in frequency in 2021, according to the Verizon Data Breach Investigations Report.
“Gone are the hoodie-wearing loners huddled in basements mining data for cash,” FinTech magazine reports. “Now, it’s men in suits who, for all intents and purposes, operate like legitimate businesses.”
More than half of all financial institutions were hit by ransomware within the last year — a 62% increase on the previous year. And in the second quarter of 2022 alone, approximately 52 million data breaches occurred globally.
Dustin Heywood, Chief Architect of IBM Security X-Force, predicts an increase of attacks against legacy two-factor authentication and multifactor authentication in 2023, as well as innovative phishing tactics.
And a recent J.P. Morgan report echoes Dustin’s belief that malicious actors will resort to new, unconventional methods to ensure a hefty payday. “New extortion tactics and threats will be part of this year's push for more ransom payments,” the financial titan predicts.
Zero Trust is the name of the game.
Zero Trust, defined by NIST as a “collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege,” might just be the buzzword of 2023.
Named in the Executive Order on Improving the Nation’s Cybersecurity, Zero Trust adoption will continue to grow, and with good reason. Organizations with a Zero Trust approach deployed saved nearly $1 million in average breach costs compared to organizations without the methodology in place, IBM reports. Additionally, 80% of data breaches are the result of poor or reused passwords, according to the Verizon report, but in a Zero Trust model, users are required to verify their identity when attempting to access data.
As the shift to work-from-home continues to be prolific, some experts predict the Zero Trust approach may even replace VPN. Forbes states, “Virtual private networks are unable to meet scalability demands, and the technology itself can be prone to cyberattacks and vulnerabilities. Zero Trust, on the other hand, is a multitiered approach that is both scalable and highly secure.”
IDC analyst Frank Dickson says, “It’s not that we’re throwing away VPNs, but when we look at ways to secure remote workers, VPNs are not something we want.” And fellow analyst firms seem to agree. Gartner predicts that by 2023, 60% of enterprises will phase out their remote access VPN in favor of Zero Trust.
The scarce talent pool is cause for concern.
With an estimated worldwide gap of 3.4 million cybersecurity workers, leaders expect the lack of available — and knowledgeable — pros will pose a challenge for businesses in 2023.
“The Great Resignation has made finding talent relentlessly difficult,” Ponemon Institute reports. “To maintain a strong security posture, you need staff who are equipped to manage it.”
Going a step further, FinTech suggests there could be an all-out war on talent in cybersecurity, which will leave companies unable to manage their security needs in-house. One solution to the shortage? Train current employees on how to secure the cloud properly.
“Upskilling current staff is a great way to approach this, since it is cheaper than leveraging salaries to attract talent and has the added bonus of keeping employees engaged,” FinTech’s article suggests. “Staff are more likely to stay with a company where they feel they have forward momentum, which is attractive to other potential employees.”
The workforce will continue to workforce-from-home.
Remote work continues to grow at an astronomical pace, and projections don’t indicate any sign of that slowing down. Gallup estimates that more than 70 million U.S. workers can successfully do their job working remotely, and only 2% of those capable of working remotely choose to work onsite instead.
Career website Ladders predicts this trend will only increase in 2023; the company CEO, Marc Cendella, says the shift from in-office work to in-home affects the entire industry.
“Work consumes about half of our waking hours. So when you change where you’re working and how you’re working, it impacts your entire life,” he said.
However, although working from the comfort of home might be preferable for employees, the rise of using personal devices to connect with work networks proves worrisome for security teams.
“Pre-pandemic, when we were all office-based, it was simple enough for security agents, probably based in IT departments, to regularly check and update company laptops and smartphones,” Forbes reports. “In 2023, when workers are more likely than ever to use personal devices to remotely connect to work networks, a new set of challenges has emerged.”
And Bob from accounting? How do you know he is the one requesting access to the company’s financials? Come to think of it, have you ever actually spoken to Bob? Forbes points out that with the rise in remote work, employees no longer get to know each other over the water cooler and, as a result, could be at risk of falling for impersonation scams.
Security experts believe 2023 will see a drastic uptick in educating remote workers on how to avoid social engineering attacks, the best ways to keep their devices secured, and how to make recommended cybersecurity practices second nature.
It’s automatic, systematic, hyyyyydromatic automation.
Data is expanding faster than cybersecurity teams can keep up. Manual processes that can take hours or even days are being replaced with streamlined, automated measures, and according to ISACA, as data quantities increase daily, automated monitoring of the cloud environment will do the same.
Forbes states, “Machine learning algorithms can examine the vast amount of data moving across networks in real-time far more effectively than humans ever could and learn to recognize patterns that indicate a threat.”
In addition to rescuing overworked security staff, another benefit of using automation and artificial intelligence is the substantial cost savings. An IBM report found that organizations using automation to detect and respond to breaches save an average of $3 million compared to those that don’t, and according to a Teramind study, organizations using AI were able to detect and contain data breaches 27% faster.
Varonis introduced least privilege automation earlier this year, the industry’s first fully autonomous remediation engine. This new feature intelligently and continually removes unnecessary access and enforces least privilege automatically. This enhancement showcases the industry trend of moving toward automation.
What’s beyond 2023?
The Biden administration recently released the National Cybersecurity Strategy, aiming to “secure the full benefits of a safe and secure digital ecosystem for all Americans.” Analyst firm Gartner anticipates modern privacy laws will cover the personal information of 75% of the world’s population by the end of the year.
Additionally, by 2025, Gartner predicts that 40% of boards of directors will have a cybersecurity seat at the table.
However, their analysis also yielded this frightening factoid: 60% of organizations will embrace Zero Trust as a starting point for security by 2025, yet more than half will fail to realize the benefits.
Although we don’t have a crystal ball into the future, Varonis can prepare you for what comes next, delivering effortless data security outcomes, making intelligent decisions about who needs access to data and who doesn’t, and continually reducing your blast radius without breaking the business.
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Twitter, Reddit, or Facebook.
Megan is the content editor for Varonis and an avid fan of all things AP style. When Megan's not debating whether "cybersecurity" should be one word or two, she loves to travel with her husband and dote unhealthily on their pitbull, Bear.