Cybersecurity is evolving. New threats emerge, some old ones disappear, and the threat landscape shifts constantly. Here are seven general trends that will shape cybersecurity in 2023.
1. Growing Threats in 5G, IoT and other connected devices
The most frequent and common type of security incidents in 2023 will involve IoT sensors and smart devices.
5G, mobility, IoT and connected devices offer speed and a world of convenience. But these advantages come with the downside of opening more access points for hackers..
IoT sensors and connected consumer devices are loose ends in network security. Many smart devices, such as thermostats and kitchen appliances, have weak or hard-coded passwords. Weak encryption and connection over vulnerable networks compound the danger. There have already been many instances where cybercriminals hijack these devices to breach the network. They may siphon off data, launch ransomware attacks, or use the network to launch DDoS attacks.
The global shortage of cyber security experts to mitigate threats from a new technology compounds the challenge. But market economics may force a solution. In 2023, cyber security resilience takes precedence over speed to market. As cyber security implications grow, vendors will shun vulnerable devices. Loss of business will force manufacturers to build more secure devices.
2. Continued evolution of ransomware
Ransomware attacks continue unabated. In 2023, ransomware operators will launch more sophisticated attacks. These attacks will target large corporations, municipalities, and core service businesses that cannot afford a prolonged outrage.
The dread of ransomware attacks means cyber criminals only have to show up. Of late, many ransomware operators do not bother to encrypt the victim’s data. They connect with the company and demand money. More often than not, the company pays up! The ruinous implications for companies if they lose sensitive data make them pay the ransom. In 2023, such targeted ransomware attacks will also increase.
As things stand, there is no practical solution against ransomware other than prevention. The onus is on cybersecurity to develop protocols around their sensitive business applications.
3. Zero Trust adoption will increase
Among the recent cyber security developments, zero trust is the most potent. By 2023, most enterprises serious about cyber security will adopt a zero-trust approach. Advances in AI-powered attacks and deepfakes make a zero-trust approach inevitable.
The zero trust principle authenticates users at each stage and everywhere. For instance, users must re-establish their credentials after a specific time, even when logged in. Access rights will depend on confirmation of identity credentials.
Enterprises underutilized zero trust in 2022. The delay is more cultural than a technical issue. In 2023, they will work to overcome these obstacles and zero trust adoption will increase.
4. Greater thrust on identity authentication
Passwords are inconvenient and rarely fool-proof. A brute force attack can crack most passwords. The cyber-world is moving towards safer and more robust identity authentication. The increasing popularity of zero-trust also raises the stakes for identity authentication.
Elon Musk’s takeover of Twitter and attempts to keep bots at bay have triggered a renewed interest in identity management. The imminent EU digital wallet will give even more impetus to identity authentication.
The conversation on how to authenticate identity is increasing. There still needs to be a consensus on industry standards to authenticate identity. Biometrics is the obvious choice, but some challenges remain.
eIDAS 2.0 will boost digital signature adoption. eIDAS, or Electronic IDentification, Authentication and trust Services), sets standards for electronic signatures, digital certificates, timestamps and other proof of authentication in the European Union. eIDAS standards offer users a safe way to conduct business.
5. Increased reliance on Artificial Intelligence and automation
In 2023, cyber security experts will automate their workflows and processes. They will leverage Artificial Intelligence to develop new offensive-capacity frameworks.
The conventional approach to cyber security is reactive. Security experts build workflows reactively based on historical attack patterns. The reason is the opaqueness of the network, with cyber security not having access to real-time data.
Threat actors take advantage of such shortcomings. Of late, they launch sophisticated AI-powered attacks that conventional security defences cannot stop.
Cyber security uses AI to fight fire with fire. The latest security solutions leverage AI to identify attack patterns and anomalies in data. These tools offer early threat intelligence signals and enable a proactive approach to security. Automated response rules nip these attacks in the bud.
6. SASE adoption will increase
Secure access service edge (SASE) is on the verge of a massive push, and 2023 may be the year it goes mainstream.
Enterprises seek simple solutions and tighter security stacks. They try to bring order to their networks that have gone out of control.
Data has become distributed and more vulnerable than ever. The increasing use of APIs adds to the security risks, and hackers can exploit these connections. In such a context, data close to the network edge, with minimal distance to the end user, is safer.
7. Cyberregulations and legislation will increase worldwide
Relentless cyber attacks have started to compromise national security. Governments worldwide respond by throwing in more legislation and regulations. Fines for compliance and regulatory breaches have increased manifold in most parts of the world. The heavy penalties make companies take up cyber defences with more serious intent.
In May 2022, the European Union started to develop the Payment Service Directive (PSD3), the draft of which will be ready by mid-2023. PSD2, launched in 2016, triggered the development of Open Banking.
The European Union has also proposed a Cyber Resilience Act. The act proposes mandatory cybersecurity requirements for digital products throughout the product life cycle.
Other nation-states have started to review and update their outdated data laws. Most of them benchmark EU General Data Protection Regulation (GDPR).
Changes in data laws are also taking place at a frenetic pace in the United States. In a recent directive, the Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to improve their asset visibility and vulnerability detection capabilities within six months. Threat actors will likely ramp up their attacks in the first half of 2023 before the new cybersecurity controls come into effect. In 2023, the US federal government will also likely issue regulations related to ransomware payments.
Countries across South Asia and SouthEast Asia are updating data protection laws. These legal reforms aim to tie up legal loose ends in the fight against cybercrime and data theft.
As people wake up to the consequences of cyber-attacks, they take proactive measures to keep threat actors at bay. In 2023, new threats will emerge, and the threat landscape will keep changing. Enterprises would do well to keep track of the latest trends while continuing to do the basics right.