A lot happened in cybersecurity in 2022.
We saw cyber's involvement in warfare with the Russian attacks on Ukraine. Supply chain attacks continued to make headlines. Healthcare organizations and educational institutions became top hacking targets. Costa Rica declared a national emergency after an ongoing ransomware attack. And that's just scratching the surface of 2022 cybersecurity events.
So, what's in store for 2023? What can we learn from 2022 and take into the coming year? Cybersecurity experts from analyst firms, nonprofits and vendors shared the following predictions.
1. Zero-trust transparency from vendors improves
Zero trust has been shrouded by confusion from the start -- especially around whether it is or isn't a product. 2023 might finally bring clarity. We'll especially see messaging that provides transparency into vendor offerings, said Mike Spanbauer, senior director and technology evangelist at networking vendor Juniper Networks.
The message that zero trust is a framework that products help create should become clearer to customers. "A customer's skepticism and demand for clarity around exactly what vendors do and don't deliver will continue to rise," Spanbauer said.
2. Cyber-physical security slowly meets zero trust
Zero trust is making the rounds, but as of 2022, it hasn't translated to cyber-physical systems, including operational technology (OT). That's going to continue in 2023, said Katell Thielemann, analyst at Gartner. She explained that zero trust doesn't inherently work in cyber-physical systems for the following reasons:
- Older systems often lack authentication capabilities.
- Vendors may need to remotely access cyber-physical systems for maintenance and upgrades.
- Industrial plants have existing implicit trust zones, which are difficult to modify.
Marrying cyber-physical systems and zero trust isn't impossible, however. Organizations should start to adapt zero trust for cyber-physical systems in 2023, Thielemann said. For example, introduce network segmentation in a way that works for your particular OT systems and devices.
3. Security aligns better with the business
Security is often seen as not only a cost center, but also as a business inhibitor -- even if accidentally. For example, a security team may set up a web application firewall to block malicious traffic, but it may end up blocking a third-party partner that needs to connect to the corporate network for business needs.
In 2023, security can no longer be siloed. Security teams must understand the business and how they can help the business succeed.
"We see DevSecOps and similar efforts all taking off. They're pointing in one direction, which is, if your security team doesn't understand how the business makes money, security can't be successful," said Tony Lauro, director of security technology and strategy at Akamai, a content delivery network, cybersecurity and cloud service company.
4. Workforce reductions lead to attacks
Workforce reductions are on the horizon -- if they haven't hit already -- and attackers are ready to target any weaknesses left in their wake. In 2023, attackers will be aware of organizations undergoing restructuring and the potential vulnerabilities cybersecurity layoffs create.
To reduce openings for malicious actors, reexamine existing procedures, said Hugh Njemanze, president of extended detection and response vendor Anomali. "Make sure thought is being given to the potential ramifications of changing capabilities and permissions, and make sure the right things get closed off, shut down and wiped."
5. High-profile cloud providers suffer MFA bypass attacks
Following the 0ktapus social engineering attack that affected cloud providers Cloudflare and Twilio, other high-profile providers will become targets of multifactor authentication (MFA) bypass attacks in 2023, predicted Andrew Shikiar, executive director at FIDO Alliance.
Many organizations continue to use problematic legacy MFA methods, such as text and email one-time passwords, that have been proven vulnerable to attack. Until organizations adopt stronger MFA options, such as biometrics and passkeys, MFA bypass attacks will continue to affect them.
6. A company sues an offensive security tools provider
Many popular tools, such as Metasploit and Mimikatz, are used legitimately by ethical hackers and maliciously by threat actors. As a result, Forrester analyst Heidi Shey said she thinks 2023 will be the year an organization files suit against an offensive security tool provider. Organizations and governments will pressure vendors into keeping similar new tools from falling into hackers' hands, she said -- and possibly facing litigation following a data breach.
7. Vulnerability management becomes more risk-based
Proactive security efforts will be in the spotlight in 2023, forecasted Maxine Holt, senior director at Omdia -- especially risk-based vulnerability management. "[It] will be a foundational element of proactive security," Holt said.
The risk-based vulnerability management market is still relatively new but will play a key role in helping organizations evaluate and purchase vulnerability management products and discover security shortcomings before attackers do.
8. Quantum security awareness continues to grow
Quantum computing won't be commercially available for another five to 10 years, but CISOs can't put off preparations for it any longer. Awareness around quantum security will improve in 2023 as organizations examine their current and future attack surfaces.
The biggest quantum security worry for organizations now is if current encrypted traffic gets captured for decryption later, said Jon France, CISO at (ISC)2. "All that caught traffic becomes problematic to protect because it can be broken by quantum when it becomes commercially viable," he said.
9. It's time for security fabrics
2023 will see an uptick in adoption of security fabrics. A security fabric serves as a central hub and knowledge base for security teams by helping corral raw data from infrastructure and environmental layers, such as from cloud infrastructure, SaaS applications and endpoints. Security fabrics were designed to answer questions such as the following: What assets do I have? What's important? Does anything have a problem? Who can fix it? Is the issue getting better?
"It's already too overwhelming for teams to manage the underlying complexity in their cybersecurity environment," said Erkang Zheng, founder and CEO of cyber asset management vendor JupiterOne. "We'll see an increase in adoption of the security fabric approach because the majority of security frameworks [are] overly complex and involve layering hundreds of controls across dozens of domains."
10. SaaS security improves
Employees work from home, the office or a hybrid of both. SaaS tools and products have helped employers accommodate this shift. Securing these services, however, hasn't necessarily been top of mind for employers.
In 2023, organizations will take SaaS security more seriously, predicted Ben Johnson, co-founder of Obsidian Security, a SaaS security vendor.
"Security is asking whether these applications are configured correctly," Johnson said. "Are they letting everyone in the front door, or are they actually locked down to the appropriate level?"
Johnson added that SaaS security awareness could lead to increased adoption of a new tool: SaaS security posture management (SSPM). SSPM tools connect to the various SaaS applications used by a company via APIs to ensure they follow corporate security policies. If a configuration doesn't follow policy, SSPM either informs security admins or automatically makes the change to bring the configuration back under policy.
11. Ransomware continues to rise despite the economy
As if ransomware isn't bad enough already, a 2023 recession could lead to a rise of it.
"If people don't have jobs, they're going to find alternative ways to make money," said Tom Gorup, vice president of security operations at Fortra's Alert Logic, a managed detection and response vendor. It isn't difficult to run ransomware these days, Gorup noted, especially with the rise in ransomware as a service.