This guest blog was contributed by Almog Apirion, CEO & Co-Founder at Cyolo
Now that 2022 is closing out, enterprises have learned from their mistakes and can forecast a number of security trends for the next years. These include a surge of unlikely breaches, the rise of risky third parties, a lack of user trust intensifying staffing shortages, and more. So, let's take a closer look at the cybersecurity trends that are expected to emerge in 2023 and beyond.
The reluctance to trust will intensify staffing shortages
As the talent gap expands through all industries and we move forward with remote work, many organizations will further incorporate zero-trust. This will mean no user or device will be inherently trusted, as businesses create stronger authentication, maintain continuous authorization, and actively implement the principle of least privilege to create an environment which identities undergo various methods of verification. Building an improved trust-based system while also maintaining talent (even outside the perimeter of the company) will be a significant challenge to undertake in 2023.
Service industry workers will turn cybersecurity professionals
In the coming years, we’ll see service industry workers transitioning into cybersecurity professions as more companies, in addition to larger enterprises like Amazon, look to fill the empty positions within their own organizations. These workers have the basic skill sets, and with additional on-the-job training, companies may shift their focus and employ these individuals. The caveat for 2023 is how organizations moving to this new model will be able to train and reskill employees to meet the security skills criteria needed.
Previously unthinkable breaches will arise
In 2023 and beyond, the expectation is to see well-funded hacker groups go for the ‘whales’ – targeting companies including Amazon and Microsoft that many people leverage at a personal and corporate level. Future attacks will focus on the ability to exploit stolen credentials as the primary reason for breaches – taking examples from the past few years like Dropbox and SolarWinds.
Looking to not fall into the same old traps from hackers, companies will see the need to invest more in security programs that are not noticeable to the user, opting for seamless use that also keeps their corporate perimeters tightly closed. Identity-based security, with a focus on zero-trust, will become essential for dealing with the human-centric and device vulnerabilities that will continue to wreak havoc among vulnerable remote and hybrid operations.
Risky third parties will shift the way companies approach ‘trust’
In the next year, CISOs and company leaders will be compelled to pose more difficult questions around their strategies, next steps, and mitigation processes for integrating third parties within their network. In fact, they’ll pay increased attention to details within their security audits and reports and take real action on implementing more secure architectures and providing improved access to third parties.
Although budgets won’t increase, they will consistently shift to lower cost activities, while other cyber hygiene activities will become a priority to protect companies’ expanded networks. Eliminating implicit trust and asking critical questions will be necessary to verify whether the third-party is trustworthy or not and what level of access they can get.
Regulations will tighten, having a consistent effect on security decisions
The pressure from federal regulations in 2023 will be consistently greater for critical industries such as healthcare, financial services, utilities, etc. General regulations are forecasted to retain some flexibility, as they cannot be "one size fits all," given the various needs of organizations and the changing threat landscape as new threats emerge. Companies will need to adapt and respond quickly without the added burden of unnecessary oversight.
With boards now seeing cybersecurity as a business risk rather than a mere IT problem, more leaders will have to respond to the maturity of their strategies and plans. This will result in security becoming a much larger part of the performance reviews for C-level executives. Employment contracts may also shape some of these requirements, as the security risks have a direct impact on the business bottom line.
Evolution is critical to cybersecurity’s evolving nature
As threats continue to evolve, so will the mindsets and strategies of leaders – integrating out-of-the-box solutions to tackle continuous challenges. Those falling behind will only become a larger target for malicious actors and lose competitiveness across their industry.