Cyber Security Predictions for 2023

Every year, we can point to events, breaches, and trends that will drive actions and behaviors in the cybersecurity space for the following year. As I look at 2022, several events and trends stand out to me that will have a material effect on security practice in 2023.

Essential factors driving security in 2023

1. Ukraine invasion - This is the seminal event of 2022. It renewed our focus on the fragility of peace and the need to protect democracy, freedom of communications, and critical infrastructure. There are dozens of other impacts on the global economy, energy politics, and even the hacker community, as many groups responded to the hostility of the Russian Federation with cyber tactics.
2. Five-front wars - We traditionally think of wars as having four main fronts: land, sea, air, and economic. We now know that cyber is the fifth, and space will soon become the sixth.
3. Sophisticated threat actors - Whether funded or tolerated by nation-states, collectives of like-minded activists, or criminal organizations, hackers have stepped up their game. CISOs need help from the security industry - not more fear, uncertainty, and doubt (FUD). As vendors, we must work together, share capabilities, and provide solutions that address their security and business needs.
4. Remove workers - Of the many takeaways from Elon Musk’s acquisition of Twitter, one stands out to me — don't try to take away remote work! Talent and elite skills are always in demand, and enabling secure remote work is critical to staying competitive.
5. Cost and complexity - Security stacks are complex and complicated. We need to find ways to simplify and consolidate them to optimize protection, make them easier to administrate, and contain costs (yes, a vendor is saying this). Our friends at Gartner indicate that 75% of customers are already trying to do this.

SimSpace security predictions for 2023

1. Platform and industry consolidation - Next year, we will see an acceleration in the growth of the integrated platform. As part of the overall need to drive simplicity, Gartner indicates that 57% of CISOs want to get to 10 or fewer significant vendors. This will create a much more competitive market between the big security platform vendors.
2. Edge of the Enterprise - According to ESG, applications on the edge of the enterprise will grow by 54% in 2023, and they are more attractive targets for threat actors than fortified enterprise data centers. These applications are harder to protect because non-employees often use them and more sensitive data lives at the edge than ever before. Mitigating this risk will require new thinking, training, and processes.
3. Disclosure discourse - As an industry, we must be more transparent. New SEC rules kick in this year, and we better have our proverbial acts together. If you still need to update your breach disclosure process, it is time to dust it off and rethink things.
4. Criticality of critical infrastructure - North America and Europe have had major reminders of how vulnerable we are to energy, IoT/OT, and supply-chain risk in the past few years. According to CISA, threat actors are more aggressively pursuing critical infrastructure. These systems are often more vulnerable due to long-lived legacy systems and limited security capabilities for IoT/OT devices.
5. Patching persistence - We all understand patches are important. But over 50% of the breaches can be prevented with active patch management. It is a simple yet inconvenient and time-consuming task. However, this is the most useful thing security teams can do to prevent breaches.
6. People, people, people - According to the latest ISC² Work Force Study, the cybersecurity world is still understaffed by 3.4 million professionals. Everyone from the government to vendors and security leaders must invest in cybersecurity training. The best gift you can give yourself, your team, and your organization, is the time and tools to up-level their skills.
7. Zero Trust deployments - Zero Trust security measures will only become more important in the coming years. The Pentagon recently said they would aim to have ZTA deployed by 2027. Zero Trust assumes there is no longer a traditional network edge and takes a more continuous and dynamic approach to authentication — without adding friction to user experiences.
8. Insider threats - Organizations are facing a rise in insider threats, which is expected to continue in 2023. Organizations must be able to dynamically set, manage, and audit user controls to conduct real-time risk assessments.
9. Privacy - We are going to see more states pass laws with a focus on privacy. According to Gartner, by the end of 2023, modern data privacy laws will cover the personal information of 75% of the world's population. Data privacy laws in the United States have been primarily sector-based, i.e., HIPAA for health care, FERPA for education, and GLBA for finance. While this approach allows laws to be tailored to specific contexts, it has also resulted in many businesses being exempt from meaningful data privacy regulation.

This list is a subset of what CISOs, CxOs, and GRC teams face on the security front. 2023 will be a challenging and dynamic year for everyone in the cybersecurity space. We have all heard the expression, “security is a team sport.” Every organization needs to create a culture of continuous security improvements.