EXECUTIVE SUMMARY:

In the fast-paced, high-stakes world of risk management, keeping informed about recent developments and cutting-edge trends is beyond essential. Leverage the following expert insights to address cyber security management challenges and to accelerate security program and infrastructure advances. Our expert insights reflect the deep domain expertise that you need in order to enable and implement sophisticated risk management frameworks that measurably improve security performance, governance, and business outcomes. The following reflects an edited transcript of expert-led security insights…

Cloud Security Predictions

1. In 2023, the threat surface will start to recede slightly. Cloud transformation will slow due to cost and complexity, with many firms considering bringing workloads back in-house or to private data centers, reducing overall threat surface. – D.M.

2. Companies will continue to pull back on public cloud adoption in favor of expanded infrastructure diversity and increased utilization of SaaS services. In their recent earnings call, Microsoft reported that they saw a sudden Azure adoption deceleration in Q3. Platform changes will continue to drive increased risk for organizations until they mature their security programs. – C.N.

3. In 2023, we will see an increase in software supply chain attacks, especially cloud-related ones (e.g. compromises to repositories such GitHub, Docker, Helm, NPM, Azure Artifacts, AWS artifacts, etc). This technique would be used to infiltrate and exfiltrate data as well as amplify attacks. – W.L.

4. Cloud misconfigurations by humans will continue accelerating and the resulting breaches will expose more customer information and cause more disruption. – P.N.

5. As SaaS continues to see adoption, I expect to see DDoS attacks on top-tier cloud providers. – M.O.

Nation-state Threat Predictions

6. In 2023, we will see a growing number of attacks against nation-states and government organizations. In short, we will enter a new era of ‘hacktivism’. – M.H.

7. Cyber security challenges will get worse in 2023. Geopolitical events will increase and broader execution of state-sponsored attacks and will go undetected or undiagnosed. If the world doesn’t know about the threat, it will be harder to protect against. – J.F.

8. Fallout from the continuing conflict in Europe will start a new cyber Cold War. – T.S

9. In 2023, I predict that we will continue to see geopolitical strife in China and Russia, but will also see more nationwide attacks against the West and Taiwan to a degree we hadn’t seen before. During Covid, we saw patients die because of ransomware. And something like Colonial will happen again in Europe, Germany, Australia, and New Zealand (not the U.S.). We see in Ukraine that physical and virtual conflict align. There will be some sort of perilous conclusion. – D.H.

Ransomware Predictions

10. Costa Rica style ransomware attacks and high-profile data breaches will increase. An even larger number of cyber threats and attacks will be carried out by state-level actors or their affiliates, and will impact more people than before. The criminals’ intention is to affect public opinion. – L.L.

11. In 2023, we will see more threat actors who do double extortions -encrypting networks and sending out the data- but who don’t bother to take down networks in the process. Why? The criminals’ revenue comes from the data breach. In such cases, your organizational data might be stolen, but at least you will still be able to use it. – M.H.

12. As ransomware groups continue to be successful, it’s likely we’ll begin to see more groups and more organized cyber crime…It’s always building momentum. We’re already seeing firms being attacked multiple times, so just because a company has suffered once doesn’t mean it’s immune to another attack, unless it pivots to a prevent-first cyber security strategy. -M.Y.P.

13. Ransomware will remain a major threat and continue to be delivered mainly via email. “Ransomware and email go hand in hand”. – J.F., Avanan

14. Deepfakes will become popular in ransomware…deepfake pictures, videos and audio files will be used to increase the effectiveness and impact of the cyber attacks. – W.L.

Artificial Intelligence Predictions

15. AI is a major asset when it comes to resolving anomalies and behavioral analysis. It helps with things that are not able to be fixed at the (slow) speed of manual updates. The good news is that it’s pre-emptive security. It does deliver small number of false positives, and we are far from saying ‘AI will solve all my problems,’ but it helps. – J.F.

16. As we approach 2023, I see significant concerns about ‘what’s inside the box’, as we continue to see breakneck adoption of AI/ML tech in the military, in finance, and in medicine. As this tech continues to grow, major players look to consolidate these technologies (imagine the actual capabilities if Amazon and Google merged their AI tech and weaponized it). Legislation is not keeping pace with development and deployment of this tech. What if AI/ML capabilities are not in the control of friendly entities? – R.F.

OT, IoT & IoMT Predictions

17. As more IoT capable devices come to market, IoT security will become increasingly critical and imperative. – L.L.

18. OT and IoT attacks that directly affect human well-being will increase. – T.S.

19. Cellular connectivity is being extended at scale to include the delivery of trust for IoT data. The SIM has already become an integral element in the rapid growth of connected IoT devices worldwide, and will continue to secure access to cellular networks for many years. Now this functionality can be extended at scale to include the delivery of trust for IoT data – no matter how large or small – thereby leveraging the widespread use of SIM and eSIM to provide end-to-end security for IoT data. – C.C.

Skills Shortage Predictions

20. Experienced cyber security engineers are burning out. To me, this presents the highest risk. What if cyber defense experts burn out and we are left without experts on the front line?

After geopolitical changes in February 2022, and more than two years after enterprises started to move to remote work, cyber attacks have intensified. Engineers involved in the defense are exposed to high stress and a heavy workload. They are exhausted. Periods for taking breaks to recover are rare and cyber security experts are commonly called back to the office while on vacation. Higher salaries and attractive benefits packages can’t necessarily compensate for the time required for professionals to recover from stress.

We know that machine learning/data-driven security requires human experience to fine-tune the logic that makes solutions effective. What if the human factor is falling out of the equation? – P.E.

21. Physical health, gatherings and isolation. This is not a direct cyber risk, but rather, an indirect one. Here in Europe, we have a physical war. Our colleagues in Poland, Slovakia, Romania and the Baltics share a border with a country that no longer cares about the rules that have been in-place since WWII.

There are no limits. The list of violent acts against civilians has no obvious end, and the level of cruelty may extend infinitely. Even the use of atomic bombs is not excluded from the list of possibilities. Energy prices are skyrocketing and 10.4% inflation in Germany is just one example of the challenges that we face. Before you dismiss this as a non-cyber prediction…

Over here, the level of interest in cyber security remains high, but there are other, more pressing problems for some. Given this context, people are looking for interpersonal connections that allow them to exchange a smile, or a gesture of encouragement that expresses ‘we will stay strong together’. The resistance in opening up for conferences and travel is not helping. Our continued ‘clapping on our shoulders’ telling us ‘how great we are’ in a virtual meeting is not reflective of the needs of colleagues, customers and partners for in-person get-togethers.

When I listen to colleagues, I observe that we are breaking apart from the inside. The lack of interpersonal encouragement is contributing to the burning out of the experts we need. See my first point above: we are entering a loop. – P.E.

22. We cannot win by ourselves (IT) – it’s time we start recruiting or appointing security champions. Someone not related to security team needs to be thinking about what to do – this will increase effectiveness of security. It’s not a technology. We’re talking about process and people. And people who feel more engaged and empowered effectively preserve the business; so a win-win situation. – J.F.

New and Novel Predictions

23. SBOM is currently a topic we do not address. With all of the best technology in the world in your own company, it will not stop authorized user misbehavior. This will be on CISO agendas, external consultants, IT merging with IoT, but also OT…Tectonic plates crashing. The effects society now has on our digital world have been magnified by the Ukraine-Russia war; it is not just about IT. It is about how we want to live our lives (Note: cyber insurance is not a solution here). – P.S.

24. As many governments look to use technology for public services and modern life, smart cities are on the horizon. The biggest barrier for adoption is cyber security; as everything will be inter-connected and online. The amount of data that needs protection and concerns over privacy need to be addressed, but we are definitely going to see more of this come to life as there are economic and sustainability benefits, which will be at the forefront of any strategy. – M.Y.P.

25. There will be massive consolidation in the cyber security vendor space as IPOs become less attractive and previously inflated valuations get right sized. This shift will pose a significant challenge in the form of organizational change for many companies that currently embrace a best-of-breed strategy. – C.N.

26. Connected vehicles are a big deal. We haven’t seen a big attack against vehicles en-masse but might see something there in 2023. Tesla would be the one to go after. Could they go after vehicles remotely? – D.W.

27. In 2023, I predict the rapidly expanding use of AR/VR, which will create massive amounts of additional data, while being used in ever more sensitive areas (healthcare, engineering, elderly care). AR/VR devices are quickly being adapted to high speed 5G networks, further pushing out the boundaries for organizations that are using them. Security is rarely even an afterthought for most of these platforms, although they are deployed in highly sensitive areas. – R.F.

CyberTalk wishes you a cyber safe, secure and successful 2023. Thanks for reading! For more cyber security insights, see CyberTalk.org’s past coverage. Lastly, discover more premium cyber security articles, interviews and more – subscribe to the Cybertalk.org newsletter.

P.S. Further food for thought: “I see companies interested in pursuing more investigations, as they want to know what’s going on, but will they invest?” – M.H.