Cybersecurity Predictions for 2023
Cybercriminals are an opportunistic bunch. Their determination to exploit new and existing vulnerabilities in the IT infrastructure has given rise to the world's biggest criminal growth industry – it’s estimated that the cost of global cybercrime will reach $10.5 trillion annually by 2025, up from $3 trillion in 2015.
When they’re not tweaking existing attacks to avoid detection, they’re developing innovative threats to cash in on new trends – and it’s up to the organisations they target to keep them at bay. So, what cybersecurity trends do businesses need to be aware of in 2023? Because it’s not a case of if they will be targeted, but when.
Securing remote and hybrid employees
The pandemic triggered a sudden shift to remote working at kitchen tables across the globe following the introduction of emergency lockdown measures. As business models altered and digital footprints expanded, the attack surface suddenly became much wider for cybercriminals.
This transition from cyber secure offices to hybrid working post-pandemic – around 22% of the UK workforce work at least one day a week from home – has exposed the vulnerability of unsecured devices and networks and the biggest cybersecurity weak spot for businesses: employees.
In 2023, proactive businesses will increase their efforts to secure this flexible workforce by reinforcing their cybersecurity policies and procedures and by educating them on cybersecurity practices.
Leveraging artificial intelligence
The sheer scale of attempted cyberattacks – for example, around 3.4 billion phishing emails are sent daily – can make detecting them and keeping pace with new threats an overwhelming task. The development and adoption of artificial intelligence (AI) is providing some clarity in an otherwise opaque landscape.
AI hasn’t just been developed so you can ask Alexa what the capital of Canada is; it can enhance the automated detection and prevention of cyberattacks by analysing large datasets quickly and accurately – and presenting the findings clearly.
By 2030, the global market for AI-powered cybersecurity products is estimated to reach $133.8 billion, up from $14.9 billion in 2021.
Escalating ransomware threats
Ransomware – a malicious software that’s injected into networks, compromising data until a ransom is paid – has been making headlines for two reasons: the pace and frequency of attacks are increasing – the share of breaches caused by ransomware grew 41% in 2022 – and they typically cause more widespread damage. For example, attacks that target supply chains restrict people's ability to put petrol in their vehicles and buy groceries.
This threat is expected to escalate in 2023 as ransomware gangs become more pervasive by selling ransomware as a service – a subscription-based model whereby affiliates pay to launch ransomware attacks developed by operators.
According to Charles Henderson, Head of IBM Security X-Force: “With the distinct possibility of a global recession on the horizon, we expect to see ransomware attacks spike in 2023.”
Spotlight on Chief Information Security Officers
A perfect storm of factors – widespread adoption of digital technologies, increasing frequency of cyberattacks, and high-profile data breaches – has magnified the need for a holistic approach to cybersecurity that’s overseen by a dedicated security professional.
This Chief Information Security Officer (CISO) must monitor, mitigate and respond to cyber threats by combining traditional technical acumen with a business-focused, risk management mindset. However, recent data breaches show that this doesn’t guarantee cyber resilience. Take Uber for example, which was targeted by a hacker who compromised and leaked data belonging to 77,000 employees.
The pressure will be on CISOs to learn from their contemporaries’ mistakes in 2023 – from maintaining the most current licenses to fostering a culture of shared cyber risk ownership across the business.
Managing the cybersecurity skills gap
There’s a big obstacle that businesses must overcome when attempting to mitigate the cyber threat: the global cybersecurity skills gap. By 2025, it’s estimated that there will be 3.5 million cybersecurity jobs open globally, representing a 350% increase over an eight-year period. Amid this worrying trend, a high proportion of businesses lack staff with the technical skills, incident response skills and governance skills needed to manage their cybersecurity effectively.
To begin bridging this gap in 2023, businesses must be able to access and retain cyber talent – a tough task when the skills shortage is driving up salaries. Some businesses are addressing this issue by investing in existing employees through additional training and development.
While crippling for businesses, this skills gap presents opportunities for cybersecurity professionals who are seeking employment. Amid severe ransomware attacks, the rise of AI, the growth of hybrid working, and holistic cybersecurity practices, some of the most in-demand roles are: CISOs, malware analysts, network security architects, penetration testers, security analysts, and security software developers.