Cybersecurity and threat detection continues to be top of mind moving into 2023. Data breaches and the capture of sensitive information remain concerns for organizations large and small.
Just in 2022, the average cost of data breaches reached $4.35 million globally—up 2.6% from the previous year, according to an IBM report.
The United States was the costliest country for the 12th year in a row, with an average total cost of $9.44 million—up 4.3% from the previous year, with 60% of businesses having to increase their product prices to account for the costs as a result.
Here, data security leaders share their thoughts on what lies ahead as companies seek the best resources to secure data and thwart bad actors.
- Threat actors will leverage novel programming languages to become untraceable: Instead of using common programming languages like Python, threat actors will begin leveraging languages like Rust that cybersecurity tools aren't designed to catch, causing attacks to go undetected. Some organizations today continue to neglect to implement cybersecurity basics that detect and prevent basic attacks, let alone attacks built on uncommon languages. —Terry Olaes, senior technical director at Skybox Security
- The increase in cybersecurity directives from the federal government will lead to a rise in threat actor activity against federal agencies:The Cybersecurity and Infrastructure Security Agency (CISA) has issued a number of new guidance this year. Most recently, Binding Operational Directive 23-01 mandates federal agencies to take necessary steps to improve their asset visibility and vulnerability detection capabilities in the next six months. In 2023, we will see threat actors ramp up their attacks on before new cybersecurity controls are implemented ahead of 2023 deadlines. This increase in attacks will likely come in the form of supply chain attacks as malicious actors seek to do their worst before they get caught.—David Anteliz, senior technical director at Skybox Security
- Password alternatives will begin to gain traction, but won’t annihilate the traditional authentication method yet: There will be increased adoption of more secure technologies than passwords, particularly with the onslaught of cybercriminal activity and increased focus on privacy. More websites and apps will offer alternate authentication mechanisms to passwords, many of which will involve biometrics. The two major platform players—Apple & Google—will increase the adoption of passkeys/FIDO. It will be interesting to watch how the other two behemoths that do not control a consumer platform—Amazon & Microsoft—react to this change.—Shiva Nathan, founder and CEO of Onymos
- Cybersecurity will not be immune to the recession: In 2023, we will see fewer resources and tighter security budgets in corporate settings thanks to economic uncertainty, resulting in subpar security posture across organizations. Because of this, threat actors will capitalize on this asymmetry and evolve faster, creating the perfect storm for an amplified number of breaches across all vectors in 2023, especially using email as an attack vector.—Rohyt Belani, chief executive officer and co-founder, Cofense
- Threat actors will shift away from ransomware and opt for more discreet methods to monetize: Ransomware has historically been the primary method of monetizing for threat actors. However, research has revealed a decrease in both ransomware attacks and ransomware payments this past year, suggesting that cybercriminals are evolving their strategies. Rather than blatantly threatening organizations, threat actors will begin leveraging more discreet techniques to make a profit. Threat groups like Elephant Beetle have proven that cybercriminals can enter business-critical applications and remain undetected for months, even years, while silently siphoning off tens of millions of dollars. While ransomware will still be a prominent cyber threat in the coming year, we will see more malicious groups directly targeting ERP applications. Organizations must develop cybersecurity protocols specifically around their business applications to ensure their most critical resources and valuable data are secure.—JP Perez-Etchegoyen, CTO of Onapsis
- The browser, the gateway to an organization’s endpoint, becomes the main target for threat actors: Browsers power just about everything we do and are undoubtedly the most used applications, especially as more applications like CRM tools migrate from native applications to existing fully in the browser. Because so much of our daily work and personal activities live in the browser, it’s the perfect gateway for threat actors to reach an organization’s core. As browsers become more complex with new features and uses, threat actors will heavily target browser bugs and vulnerabilities in 2023 to breach organizations and access sensitive data. –Avihay Cohen, CTO and co-founder of Seraphic Security
- Security automation’s proactive footprint continues expanding: Rather than focusing on retroactively building workflows and processes based on historic attacks, security automation deployments will shift to a proactive approach to help prevent attacks before they happen. Part of this involves security teams harnessing early threat intelligence signals and building defenses against them into their workflows and processes. The result will be a comprehensive new offensive-capacity framework that combines the entirety of the security stack into the most powerful protection approach to date.—Torq co-founder and CTO Leonid Belkind
- We’ll see an encouraging trend in connected consumer devices, with cybersecurity resilience taking precedence over speed to market: For decades, the tech world’s “move fast and break things” mentality has led to tremendous innovation and groundbreaking new hardware and software products. However, as cybersecurity threats increase, and as digital products shift from just laptops and cellphones to more personal devices – security systems, doorbells, thermostats, kitchen appliances, etc.—in 2023 and beyond, I expect device manufacturers to adopt more deliberate product rollout timelines in order to ensure the security of their products. Consumers will demand a product that they know is secure, from an organization they know will be a good steward of their data. And while consumer technology companies will continue to innovate, we’ll see product development timelines that reflect an increased prioritization of security and privacy at the core of each product.—Dean Zwarts, global business manager for cybersecurity at UL Solutions
- In a hybrid world, cloud will be de-facto environment for maximum security: On-premise environments cannot maintain the same default level of security as cloud environments can in today’s hybrid world. The base security of the cloud, coupled with an organization’s protected configuration, will be stronger than what any on-prem environment can realistically offer. Cloud technology will continue to embrace simplicity across a highly complex security landscape, and become an abstraction generating machine for identifying, creating, and deploying simpler modes of operating securely and autonomically. Organizations will also reap more of the benefits of using “software defined infrastructure” in the cloud, or even on-premise, to deliver the promise of controls-as-code. For businesses, tapping into the constant security updates the cloud provides will be like tapping into a global digital immune system that is constantly growing in strength. In 2023, we’ll see more organizations across sectors transition to the cloud to support better security. –Google Cloud’s CISO Phil Venables
- Zero Trust comes of age: Zero Trust has been such a massive buzzword in 2022. However, even with the apparent benefits to security and business, the actual application of Zero Trust technology within corporate infrastructure has been minimal. While there is interest, most organizations stall in some stage of the exploration process. In 2023 we will finally see Zero Trust concepts implemented within corporate IT environments at higher rates. –Ashley Leonard, CEO of Syxsense