1. Attackers use new programming languages to become untraceable.
Instead of using popular programming languages like Python, attackers start using languages that cybersecurity tools like Rust can’t intercept, making their attacks undetectable. Today, some organizations continue to neglect implementing the cybersecurity fundamentals of detecting and preventing basic attacks. – Terry Olaes, Senior Technical Director, Skybox Security
2. Increased federal cybersecurity policies lead to increased attacker activity against federal agencies.
Increased federal cybersecurity policies lead to increased attacker activity against federal agencies.
The Cybersecurity and Infrastructure Security Agency (CISA) has released a set of new guidance this year. Finally, Binding Operational Directive 23-01 requires federal agencies to take necessary steps over the next six months to improve asset visibility and vulnerability detection capabilities. In 2023, attackers will step up their attacks before new cybersecurity controls are implemented ahead of the 2023 deadline. This increase in attacks can come in the form of supply chain attacks as malicious actors try to do their best before they are caught. – David Anteliz, Senior Technical Director, Skybox Security
3. Password alternatives will become more important, but not yet break traditional authentication methods
Adoption of more secure technologies than passwords is on the rise, especially given the onslaught of cybercriminal activity and growing concern for privacy. More and more websites and apps offer alternative authentication mechanisms to passwords, many of which include biometrics. His two big platform providers, Apple and Google, will increase the adoption of Passkeys/FIDO. It will be interesting to see how the other two giants, Amazon and Microsoft, who do not dominate consumer platforms, react to this shift. –Shiva Nathan, founder and CEO of Onymos
4. Cybersecurity is immune to recessions.
In 2023, economic uncertainty will lead to fewer organizational resources, tighter security budgets, and a below-average security posture for all organizations. As such, threat actors will take advantage of this asymmetry to evolve faster, creating a perfect storm in 2023 with an increase in the number of breaches using all vectors, especially email as an attack vector. – Rohyt Belani, Chief Executive Officer and Co-Founder of Cofense
5. Attackers are turning their backs on ransomware and opting for less obtrusive monetization methods.
Ransomware has historically been the primary monetization method for attackers. However, research reveals that both ransomware attacks and ransomware payments have declined over the past year, suggesting cybercriminals are evolving their tactics. Instead of overtly threatening your organization, threat actors will start using more covert techniques to make money. Threat groups like the Elephant Beetle have proven that cybercriminals infiltrate mission-critical applications and silently siphon tens of millions of dollars while going undetected for months or years. Ransomware will continue to be a prominent cyberthreat next year, but we will see more malicious groups directly targeting ERP applications. Enterprises should develop cybersecurity protocols specific to their business applications to ensure that their most critical assets and most valuable data are protected. – JP Perez-Etchegoyen, his CTO of Onapsis
6. As the gateway to an organization’s endpoints, the browser becomes a prime target for attackers.
Browsers support almost everything we do and are arguably the most used application. In particular, more and more applications such as CRM tools are moving from native applications to full browser applications. Browsers are the perfect gateway for threat actors to get to the core of an organization, as so much of our day-to-day work and personal activities take place in them. As browsers become more sophisticated with new features and uses, threat actors will likely target browser bugs and vulnerabilities heavily in 2023 to damage organizations and gain access to sensitive data. prize. – Avihay Cohen, his CTO and co-founder of Seraphic Security
7. The footprint of proactive safety automation continues to grow.
By deploying security automation, instead of focusing on retroactively creating workflows and processes based on past attacks, we move to a proactive approach to preventing attacks before they occur. . This includes security teams taking early threat intelligence signals and incorporating countermeasures into their workflows and processes. The result is a comprehensive new attack capability framework that combines the entire security stack into the most powerful protection approach ever. – Leonid Belkind, co-founder and CTO of Torq
8. Cybersecurity will take precedence over go-to-market, and we will see a promising trend in connected consumer devices.
For decades, the tech world’s “move fast and break things” mentality has resulted in tremendous innovation and groundbreaking new hardware and software products. However, as cybersecurity threats increase and digital products move from pure laptops and mobile phones to more personal devices (security systems, doorbells, thermostats, kitchen appliances, etc.), after 2023 device manufacturers will is expected to set more conscious product launch deadlines. To ensure product safety. Consumers demand products known to be secure from companies known to be good custodians of their data. And as consumer technology companies continue to innovate, we’ll see product development timelines that reflect increasing security and privacy priorities at the core of every product. –Dean Zwarts, Global Business Manager, Cybersecurity, UL Solutions
9. In a hybrid world, the cloud becomes the de facto environment for maximum security
In today’s hybrid environment, on-premises environments cannot maintain the same standard level of security as cloud environments. Baseline security in the cloud, combined with your organization’s guarded configuration, is stronger than what your on-premises environment can realistically provide. Cloud technologies will continue to embrace simplicity and generate abstractions in a highly complex security landscape to become machines that identify, build and deploy simpler, more secure and autonomous modes of operation. Enterprises can gain even more by using “software-defined infrastructure” in the cloud or even on-premises to deliver on the promise of control as code. For enterprises, leveraging the continuous security updates delivered by the cloud is like leveraging an ever-strengthening global digital immune system. In 2023, more businesses across all industries will move to the cloud for enhanced security. – Phil Venables, his CISO at Google Cloud
10. Growing Zero Trust
Zero Trust has become a huge buzzword in 2022. However, despite the obvious security and business benefits, the practical application of Zero Trust technology within enterprise infrastructure has been minimal. Despite the interest, most organizations are stuck at some stage in the investigation process. In 2023, he will see a higher percentage of implementations of Zero Trust concepts in his IT environments at enterprises. –Ashley Leonard, CEO, Syxsense