This post is part of our 2023 cybersecurity prediction series.
The security experts at Telos Corporation share their predictions for 2023.

Hugh Barrett, Chief Product Officer, Xacta at Telos Corporation
Quantifying cyber risk will become essential to communicating with the board.
For years, organizations have grappled with the complexities of effectively communicating cybersecurity risks to their boards. Complicated by the technical nature and nuanced risks that have come with remote and hybrid work, many organizations have turned to a seemingly-simple answer: Going by the numbers. In other words, cyber risk quantification (CRQ). In fact, this year, Gartner recognized CRQ as both a top trend and a critical capability for IT risk management. However, the research firm also found that only 36 percent of organizations can currently demonstrate concrete results.
Organizations will need to better understand and communicate their cyber risks and compliance data in a context that drives business decisions to come out on top in the new year. To do so, they must effectively identify, align and communicate business objectives with the most critical cyber risks. Once this is done and the board is in agreement, the organization is empowered to prioritize and remediate risks more effectively and with the greatest financial impact.

Charles Hatcher, VP of Technology and Innovation at Telos Corporation
Touchless fingerprinting will emerge as the top authentication method.
Mobile device ubiquity has increased the activities performed in a remote capacity, particularly in high-stakes markets like financial services. However, with this comes increased risk and complexity around user identity. In 2023, organizations with pre-existing fingerprint database infrastructure will increasingly turn to touchless fingerprinting to perform remote biometric identity verification, allowing them to secure activities like financial account opening and transaction verification. Touchless fingerprint technology will allow organizations and governments to extend their existing fingerprint infrastructure without investing in expensive hardware or solving infrastructure hurdles. Further, we will begin to see the adoption of touchless fingerprinting in law enforcement to solve remote field identification in high-risk situations, leading to increased officer safety and criminal apprehension.
Authentication also relates to the process of ensuring a user is allowed to access a system — i.e. logging in. While touchless fingerprinting will flourish here too, real growth will occur in identity verification for account opening — i.e. know-your-customer (“KYC”) onboarding and law enforcement use cases like field identification.
With regards to authentication, we’ll see identity platforms backed by multi-modal true biometrics face and fingerprint and “convenience biometrics” embedded mobile solutions like faceID and touchID emerge.

Dawn Lucini, Director of Aviation Security at Telos Corporation
Aviation attacks will soar; security will need to fly higher.
2022 shined a light on the security risks facing the aviation sector. Groups like ‘Killnet’ took advantage of DDoS attacks to take down airport websites and shake traveler confidence, making it impossible to connect and get updates about their scheduled flights or book airport services.
In 2023, these attacks will grow more sophisticated and more strategic, shifting the goal from creating inconvenience for travelers to rattling the backend processes that go into day-to-day airport functionality and security. In order to stay ahead and remain secure, the aviation industry must implement end-to-end security protocols, beginning all the way back to secure background checks for workers. Without a dedicated focus on data integrity and efficiency, the sky will be the limit for adversaries who are hungry for workers’ biographic and biometric data.

Robert DuPree, Manager of Government Affairs at Telos Corporation
Congress will see changes in key players, but more of the same on cybersecurity.
Despite ever-growing cyber challenges facing our nation and expressions of concern in Congress, we have not much in the way of major cybersecurity legislation enacted lately, with the exception of increased funding for state and local government cybersecurity and federal agency IT modernization (which benefits cybersecurity) and a new requirement for expeditious reporting by critical infrastructure entities of cyber incidents and ransomware payments. Suggestions to legislatively set mandatory cybersecurity standards for the private sector have gone nowhere, even with the fallout from some very high-profile hacks. This has left it up to the White House to carry the ball using whatever voluntary standards and guidance they can develop.
It will be more of the same in 2023, as Congress will continue to act on relatively non-controversial cyber initiatives but private sector cybersecurity requirements will be DOA. That’s because with control of the House and its agenda (and its committee agendas) flipping to the Republicans, mandatory cybersecurity requirements for the private sector will again be non-starters, and even voluntary guidance will be viewed more skeptically due to the GOP’s philosophical opposition to anything it views as unwarranted federal intrusion or overregulation of business matters.
On federal government cybersecurity issues, Congress has been more active and effective but further progress in 2023 will be hampered by the fact that some longtime cyber policy advocates and experts from both parties, including Sen. Rob Portman (R-OH), Rep. Jim Langevin (D-RI) and Rep. John Katko (R-NY), are retiring and won’t be around in 2023. Their absence will leave a tremendous void when it comes to pushing “good government” cybersecurity issues through Congress.

Stephen Horvath, SVP, Xacta Solutions at Telos Corporation
Audit fatigue will debilitate unprepared IT organizations.
While security and privacy standards are born out of good intentions, many IT organizations struggle to hire and maintain staff with the experience and training necessary to meet compliance demands. Over the past few years, it has become nearly impossible to be 100 percent compliant with all applicable standards. As a result, nearly nine in ten security professionals have grown to believe that compliance is or will be an issue when moving systems, applications, and infrastructures to the cloud. Further, more than 80 percent of security professionals reported that they “personally dread” when their organization is audited.
In 2023, dread will evolve into debilitation unless organizations invest the time and resources to shift the paradigm. Solutions to the problem can come in many forms because there is never a “one-size-fits-all” approach to compliance. One approach that many organizations will turn to is automation, as it can increase the accuracy of audit evidence, reduce time spent being audited, and increase the ability to respond to audit evidence requests more quickly. At the end of the day, there is always a cost for compliance, but organizations have the power to decide what that cost is: either burnout and fatigue or investment into positive changes.

Ryan Sydlik, Senior Security Engineer at Telos Corporation
Decision-makers will embrace risk to strengthen security.
Though risk inherently brings a negative connotation, understanding what risks are facing your organization can actually turn into one of your strongest assets. In 2023, security teams will place a stronger emphasis on understanding their risks and weaknesses. In doing so, they will likely find that risk acceptance of unpatched vulnerabilities has been far too lenient and sometimes overlooked. With this new, deeper understanding, leadership will be empowered to prioritize using standardization and automation to control and manage attack surfaces, and to identify and remediate missing patches that could otherwise bring serious security implications.

Paul Capasso, VP of Strategic Programs at Telos Corporation
Twitter will become the focus of adversarial misinformation “trial balloons.”
Disinformation and misinformation campaigns will emerge as a major subject of discussion in 2023. Over the past few years, “Speed of effect” has made social media the influence platform of choice to win the hearts and souls of many with minimal resources. Next year, Twitter will be the focus of adversarial “trial balloons” to see how those who fall under the “new management” sign will handle content management under this new world order.
###