It’s that time of year again when we try to predict what’s ahead of us in terms of cybersecurity. 2022 has already become a record-breaker for the sheer volume of phishing scams, cyberattacks, data breaches and crypto heists. There was also a rise in hacktivism cases where state-sponsored cyber legions disrupted critical infrastructure and services, defaced websites, launched DDoS attacks and stole information.
It’s not hard to imagine that 2023 will top records in cybercrime. Here are six cybersecurity trends we can certainly expect in 2023.
Trend 1. Greater Privacy & Regulatory Pressures
Governments around the world are stepping up efforts to protect the data privacy of citizens. Gartner, Inc. predicts that by 2023, “65% of the world’s population will have personal data covered under modern privacy regulations, up from 10% in 2020.” In the U.S. alone, five major states will have new comprehensive data privacy laws rolling out in 2023. Additionally, nearly 40 U.S. states introduced or considered more than 250 bills dealing with cybersecurity in 2022. A federal reporting requirement issued in March 2022 mandates that critical infrastructure organizations must report cyber incidents and ransomware payments. The SEC also proposed new cybersecurity disclosure requirements for public organizations that obligate them to disclose the cybersecurity expertise of board members and report cybersecurity practices periodically.
Trend 2. Zero Trust Replaces VPN
Remote working trends will likely continue. Virtual private networks are unable to meet scalability demands, and the technology itself can be prone to cyberattacks and vulnerabilities. Zero trust, on the other hand, is a multitiered approach that is both scalable and highly secure. Zero-trust strategy is based on the concept of “never trust, always verify,” which means that just because users can be identified and authenticated, they must not be granted blanket access to all resources. In a zero-trust environment, users are continuously validated, reassessed and reauthorized using multiple authentication methods.
The Biden administration has already released a memo mandating federal agencies to adopt a zero-trust architecture (ZTA) by the end of the 2024 fiscal year. Gartner believes that zero-trust network access (ZTNA) is the fastest-growing form of network security, will grow by 31% in 2023 and will replace VPNs entirely by 2025.
Trend 3. Threat Detection And Response Tools Go Mainstream
Cyberattacks aren’t a question of “if”; they’re a question of “when.” The only way organizations can stop an attack or reduce its impact is by identifying unusual activity across their entire ecosystem of users, applications and infrastructure. Threat detection and response tools like endpoint detection and response (EDR), extended detection and response (XDR) and managed detection and response (MDR) can analyze historical data using artificial intelligence and machine learning algorithms to spot unusual patterns as well as leverage threat intelligence and advanced file analysis to detect and block advanced threats that are designed to evade traditional defenses. Gartner predicts that the demand for cloud-based detection and response solutions like EDR and MDR will significantly increase in the coming years.
Trend 4. Increased Demand For Third-Party Risk Management
Many adversaries are circumventing sophisticated defenses that large enterprises deploy by hacking smaller supply chain organizations that might have access to the same information but do not have an equal level of protection. Supply chain attacks grew four-fold in 2021. Organizations have long used third-party applications to improve productivity, but such tools can have a number of vulnerabilities that attackers can exploit to gain access to victim environments.
Gartner predicts that by 2025, 45% of organizations will experience attacks on their software supply chains, which will be three times as many as in 2021. Boards and CEOs are demanding security improvements in their supply chains, which is why we can expect an increased demand for tools, services and vendor questionnaires that can help catalog and monitor cyber risks in third parties and suppliers.
Trend 5. More Organizations Will Outsource Cybersecurity
Cybersecurity has become far too complex for organizations to manage on their own. Most organizations are neither experts in cybersecurity nor do they have the skills or resources to manage a full-fledged security operations center (SOC). Security teams are overwhelmed, and a major skills shortage for cybersecurity talent makes it difficult to recruit and retain security experts. For these reasons, many organizations will be forced to think creatively and could decide to outsource their day-to-day security operations to an experienced consulting firm or leverage the leadership services of a virtual CISO.
Trend 6. Cyber Insurance Will Drive Demand For Risk Assessments
Cyber insurance premiums are climbing, and it’s becoming increasingly difficult for companies to afford or obtain coverage. To negotiate insurance premiums and better risk coverage, businesses will be required to present evidence across a broad spectrum of security areas in order to prove compliance with leading cybersecurity standards and best practices. Organizations will begin to conduct enterprise risk assessments that highlight the maturity level of their cybersecurity program and proactively address any underwriting concerns. When buying cyber insurance, risk assessments can serve as guidance—defining priorities as well as identifying risks deemed acceptable and those that need to be transferred to insurers. Risk assessments can help determine decisions around insurance gaps, limits and coverage.
The threat landscape will undoubtedly continue to evolve in 2023, probably at the same pace as what we’re seeing currently—if not more. Organizations must stay vigilant, never compromise and, if needed, leverage security expertise for advice and guidance. Happy 2023!