When was the last “easy” year for security teams? Certainly not last year. Not this decade or even this century. Every year in recent memory has seen its share of noteworthy and novel cyber attacks.
It doesn’t take a crystal ball to predict 2023 will be more of the same. If anything, the pace and scale at which threats and challenges compound will only expand the threat landscape and overwhelm current enterprise defenses more quickly than ever. Cybercriminals aren’t going to let up and neither should security teams’ efforts to protect networks, systems, applications and data.
Cyber threats aren’t the only security challenge to be aware of in 2023, however. New technologies being adopted bring their own vulnerabilities to address, and perennial issues make “top challenges” lists year after year.
Here’s a look at the top seven trends and challenges security teams and organizations need to be aware of in 2023.
Many called 2020 the “year of ransomware,” with attacks spiking 148% during the COVID-19 pandemic. Then came 2021. For the second year in a row, the IBM Security X-Force Threat Intelligence Index found ransomware attacks were the most prominent type of cyber attack, accounting for 23% of attacks in 2020 and 21% of attacks in 2021. While 2022 saw a decrease in the number of attacks, it was still a present threat.
This article is part of
Ransomware will continue to be an issue in 2023, especially as double extortion attacks and ransomware as a service become more prominent.
Learn how to protect against ransomware:
2. IoT security
IoT is meant to make lives easier and more convenient — both personally and professionally — but these internet-connected devices greatly expand the attack surface, and many of them aren’t designed with security in mind.
IoT has never been immune to security issues. The Mirai botnet attacks of 2016 took advantage of a common IoT security pitfall: hardcoded passwords. The subsequent release of Mirai’s source code resulted in multiple variants that still loom large today.
Legislation is on the forefront of mitigating such preventable issues and subsequent attacks. The IoT Cybersecurity Improvement Act of 2020 set security guidelines for any IoT devices used in government agencies. In December 2022, the White House announced efforts to protect consumer IoT devices from cyber threats. A national cybersecurity labeling program for IoT is expected to launch in spring 2023.
Other countries have IoT security legislation, too. For example, the U.K.’s Product Security and Telecommunications Infrastructure Act 2022, which received royal assent on Dec. 6, 2022, will require security measures on all IoT devices — for example, prohibiting default password use and ensuring the manufacturer maintains a vulnerability disclosure program.
Learn more about the top IoT security challenges, threats and countermeasures:
3. AI for good and evil
Consumer and enterprise AI use are expected to grow even more in 2023 — a potentially good and bad thing for cybersecurity.
In good news, security teams can incorporate AI into their everyday work — for example, to augment security operations center analysts, detect and mitigate threats, and perform fraud management and detection.
AI can add a lot of work to the security team’s plate, however. Teams at enterprises that use AI must be aware of its privacy and security concerns.
AI can also be used nefariously by threat actors. Attackers can run malware on AI to test its efficacy, poison AI models with inaccurate data and map legitimate enterprise AI use to improve the success of their attacks. AI-enabled attacks, such as deepfakes, are becoming increasingly realistic for use in social engineering attacks. And AI-powered malware — malware that is trained by machine learning and can think for itself — may appear in the near future.
Learn more about AI and cybersecurity:
4. Slashed budgets
Increases in inflation, interest rates and gross domestic product have many predicting an inevitable recession in 2023. An impending recession could spell disaster for organizations of any shape, size and industry — especially if it results in budget cuts and staff layoffs.
While security is often viewed as safe from budget and staff cuts due to its importance, it’s not immune to them. Plus, security has historically been viewed as a cost center because its ROI isn’t easily calculated. CISOs and security teams facing budget cuts and spending reductions must plan carefully to maintain the security of their company and colleagues, while getting more done with less — and without burning themselves out.
Learn more about working with a constrained budget security:
5. The skills gap and staffing issues
The security industry is no stranger to the skills shortage. For years, report after report has concluded more security employees are needed than there are applicants for security jobs. To make matters worse, budget cuts and layoffs can equate to fewer staff members on a team that has to get the same amount of work completed, no matter what.
The most recent “(ISC)2 Cybersecurity Workforce Study” found that, although the cybersecurity workforce is the largest the nonprofit has ever recorded, a worldwide security gap still increased year over year. An estimated 4.7 million people currently make up the cybersecurity workforce — an increase of 11.1% over 2021 — but an additional 3.4 million are needed to properly protect and defend today’s organizations. Yet, hiring employees with the necessary skills — and retaining those employees — continues to be a challenge. That is the reality even before potential budget cuts and layoffs are taken into account.
Learn more about cybersecurity staffing issues:
Phishing is a never-ending challenge faced by organizations of all shapes and sizes — no company nor employee is immune to attack. According to the “2021 Verizon Data Breach Investigations Report,” 25% of all breaches involved a form of phishing or social engineering.
These attacks, which involve malicious actors tricking employees into revealing passwords, credit card numbers and other sensitive data, come in many forms, including email phishing, spear phishing, business email compromise, whaling, vishing and image-based phishing.
The following are some notable phishing attacks:
- Facebook and Google were scammed out of more than $100 million after attackers impersonated a legitimate partner of the businesses between 2013 and 2015. The phishing scams involved contracts and invoices for funds due.
- Sony Pictures was hacked in 2014 after company executives received phishing emails from a group called Guardians of Peace. The attackers reportedly stole more than 100 TB of data.
- Austrian aircraft supplier FACC was defrauded of $54 million in 2016 after an employee was phished by an attacker, purporting to be the company CEO, who requested a wire transfer to a bank account controlled by the attackers.
Learn more on phishing attacks and prevention:
7. Supply chain attacks and software supply chain security
Organizations need to be mindful of the third-party vendors and suppliers they work with. Trust is an inherent value here, but organizations must also do their due diligence in vetting third parties. Software- and hardware-based supply chain attacks can devastate a company.
Take the SolarWinds hack reported in December 2020 that involved nation-state actors exploiting SolarWinds Orion, an IT performance monitoring system. Through the Sunburst backdoor, threat actors were able to gain access to more than 30,000 SolarWinds customers and partners, including governmental entities, such as the U.S. Departments of Treasury, Commerce and Homeland Security, as well as private entities, such as Intel, VMware and Cisco.
This hack is just one example of how widespread and harmful a supply chain attack can be. Simply put, organizations must carefully vet their supply chain and third-party partners.
It’s also important to know what software and software components third parties and services providers use, as evidenced during the 2021 Log4Shell exploit. A defect in the Java-based Apache Log4j library enabled malicious actors to launch remote code execution attacks and potentially take control of target systems. Any software using the vulnerable library was subject to attack. While companies could quickly update the library version they used, the libraries used by their suppliers and partners — and their suppliers and partners, and their suppliers and partners and so on — needed to be updated to avoid being vulnerable to attack.
Unfortunately, many companies are unsure of the components in their own software, let alone others’ components their software connects to. If one link in the software supply chain is vulnerable, everyone is at risk.
Following proper patch management is key to ensuring any software is secure and up to date. Using software bills of materials (SBOMs) and requesting them from third parties are important to know if components in partners’ software are secure.
Learn how to protect your organization from supply chain attacks:
Learn how to protect your organization from software supply chain security issues:
Supply chain attacks and software supply chain security, IoT security, AI, ransomware, budgets and staffing issues, and phishing are far from the only information security challenges enterprises will face in 2023.
Beware and prepare for the following issues that increase the attack surface and present cybersecurity risks as the year progresses: