The field of cybersecurity is rapidly changing. Here we spoke with a number of Cybersecurity experts and Industry leaders to find out the most critical cybersecurity trends to watch in 2023. Here are the top cybersecurity predictions for 2023 from the experts:
Cyber resilience will come from people—not technology
I believe that 2023 will be the year when enterprises recognize that they are only as secure and resilient as their people—not their technologies. Only by supporting initiatives that prioritize well-being, learning and development and regular crisis exercising can organizations better prepare for the future.
Bec McKeown, Director of Human Science
In 2023, organizations will focus on driving a positive digital employee experience (DEX) without compromising security. Not only do draconian security controls lead to bad DEX, but they also cause users to find workarounds, which on balance creates an overall less-secure IT estate
Jason.Keogh , Field CTO
The cybersecurity workforce shortage is no secret. In 2025, research says global openings will reach 3.5 million. So far that conversation has been theoretical – if anything, positioned as an opportunity for young professionals seeking a career in cybersecurity, which it is. But unfortunately, 2023 is the year we’ll see this all come to a head. I expect we’ll see a nationally significant attack in the U.S. that can be directly tied to a shortage of cybersecurity talent – either due to a mistake made by an overburdened employee, or an attack that overwhelms an understaffed team
Marcin Kleczynski , CEO
Research has consistently shown that humans are still the most notable risk to cybersecurity, and this largely results from a lack of awareness, negligence, or inappropriate access controls. Training alone will not solve these problems, nor will attempts to turn everyone into a cybersecurity expert.
John McClurg , CISO
Cloud-native and Kubernetes projects become secure by default
Kubernetes offers many advantages but also poses unique security challenges that can be difficult to address for organizations lacking in Kubernetes talent and experience. However, Kubernetes clusters are not secure by default, and as threats become more advanced and mature it will be unrealistic to require developer teams to also be security experts. Deploying Kubernetes platforms with security built in by default will be recognized as a means to reduce the burden of security on IT teams. Keeping security and developer expertise separate will reduce the pressure and burnout on both sides.
Deepak Goel , CTO
As Istio becomes an integral part of organisations’ cloud-native stack of technologies (along with Kubernetes, all things open source), it will also become a key part of bolstering security within companies. We will see more government agencies and commercial organisations adopt Istio to strengthen zero-trust mandates within technology infrastructure.
Idit Levine , Founder and CEO
Cyber risk management will be a top priority for business leaders
As a result of this, in 2023, we will see companies double down on cyber risk management. Cyber risk governance is not just the domain of the CISO it is now clearly a Director and Officer level concern. When it comes to cyber, plausible deniability is dead.
Karen Worstell , Senior Cybersecurity Strategist
Budget cuts, amid economic uncertainty, will leave companies vulnerable to cyberattacks
Once rumblings of economic uncertainty begin, wary CFOs will begin searching for areas of superfluous spending to cut in order to keep their company ahead of the game.
Jadee Hanson, CIO and CISO
The cybersecurity industry is historically resilient in tough economic times. On the cusp of a recession, this time won’t be any different. Recession or not, businesses are facing unprecedented volume and sophistication of threats, and the potential losses from cybersecurity threats aren’t going to go down, either; cybercrime cost the UK £27B in 2022, and that figure is likely to increase. Amid that backdrop, CIOs in the UK predict that the top area of increased investment (66%) will be cyber and information security during 2023.
Marcin Kleczynski , CEO
Cybercriminals will increase ransomware attacks on SMBs as prime targets in the wake of heightened geopolitical tensions, such as the War in Ukraine, and rising inflation in the UK and globally.
Tyler Moffitt , Security Analyst
Cyber insurance will become a core part of understanding cyber risk and building resiliency
I expect the volume of virtual-first business operations to increase in the year ahead. In turn, cyber insurers will need a deeper and more dynamic understanding of organizations’ cybersecurity risks and IT systems in order to reduce cyber risk and build resilience. By partnering with third-party cybersecurity solutions providers, insurers will gain greater risk insights and leverage these to set new expectations for potential policyholders and help raise their cyber posture.
Vincent Weafer , Chief Technology Officer
I expect to see more investment into quantifying cyber risk. This will drive better collaboration and data sharing between security companies. Cyber insurance carriers will lean into partnerships with technology companies to fuse security data with insurance and risk modeling insights. The net result is more accurate risk quantification, which will in turn help keep policyholders safer.
Jason Rebholz , CISO
Healthcare will continue to be top targets for cybercriminals in 2023
With telemedicine becoming the norm, ransomware and deepfake attacks on the healthcare industry will continue in 2023. As increased amounts of people turn to telehealth to connect with healthcare professionals, have prescriptions filled and file their healthcare records, the door for fraud is left wide open for attackers to strike.
Rick McElroy , Principal Cybersecurity Strategis
Software security still has significant holes
Today, software security still has significant holes, and a missed patch or single misconfiguration can open the door for a breach or hack.
Idit Levine , Founder and CEO
This will also be forced as more organisations implement Zero Trust.
Over the past year, organisations have been looking into secure architecture and trying to understand what it truly means. Essentially, Zero Trust is attribution access, but an idea which is now mature. As we move into 2023, senior decision-makers and security teams are discussing how they can achieve a granular-approach in real-time, and ultimately, they will come back to the issue of identity data management.
Wade Ellery , Solutions Architects and Senior Evangelist
Zero Trust security measures will only become more important. Zero Trust assumes that there is no longer a traditional network edge, and takes a more stringent, continuous, and dynamic approach to user authentication, but also does this seamlessly to avoid impacting the user experience.
John McClurg , CISO
As more and more organizations abandon their internally hosted data centers and migrate to the cloud, they will increasingly rely on zero-trust models to improve security and prevent lateral movement.
Christopher Prewitt, CTO
Government and industry will take steps to eradicate ransomware
With ransomware more pervasive than ever, industry and government will be forced to address the issue at its core. Ultimately, paying ransomware simply funds the activity, so the only way to eradicate ransomware is to stop the payment of it entirely. It is unlikely that any new legislation will be introduced in the next year, but we will certainly see discussions start to materialise about what this may look like and possibly the first iteration of this developed.
Adam Brady , Director, Systems Engineering, EMEA
Below are the detail comments from the cybersecurity leaders, cybersecurity experts, industry leaders and industry experts on what will likely dominate the cybersecurity landscape in 2023 and beyond.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.