December 30, 2022 • 

So, picking up where we left off:

AWS has a new ebook called CJ Moses’ Security Predictions in 2023 and Beyond.

CJ is the CISO at AWS, and you can access the free AWS eBook in PDF format here. Here are a few of his top items:

• Security Will Be Integral to Everything Organizations Do
• Diversity Will Help Address the Continued Security Talent Gap
• Automation Driven by AI/ML Will Enable Stronger Security
• People Will Drive Greater Data Protection Investment
• More Advanced Forms of Multi-Factor Authentication Will Become Pervasive
• Quantum Computing Will Benefit Security

14) Presidio — Presidio’s 2023 Cybersecurity Predictions

Here are six of Presidio’s predictions:

• Exponential growth in ransomware attacks will continue in 2023.
• We will see additional insider threat/disgruntled separated employee attacks as organizations weather the pending economic storm.
• Identity is the cornerstone of all cybersecurity best practices. There is not a single framework that does not start with ensuring identity is locked down. From account take over (ATO), financial fraud schemes and East/West traffic movement to elevated privilege, phishing/vishing and deepfakes, it all starts with identity.
• We anticipate a focused effort to attack cloud infrastructure in 2023. This will drive increased adoption of Cloud Security Posture Assessments (CSPA) ahead of moves to production.
• Security initiatives in 2023 will be measured by how well they contribute to a zero-trust model.
• The importance of a secure PKI architecture will come to the forefront in 2023, as insecure PKI environments present a vulnerability that is becoming widely exploited.

In addition, this HelpNetSecurity video that offers in-depth commentary on ransomware trends by Dave Trader from Presidio is worth watching.

15) Forrester — Like Gartner, Forrester charges for their professional analysis. But they also offer some very good content via their Forrester blog website on cybersecurity, which can be accessed here.

Here are a few of the items in the blog by Heidi Shey entitled Predictions 2023: Security Pros Face Greater Internal Risks:

• A C-level executive will be fired for their firm’s use of employee monitoring.
• A Global 500 firm will be exposed for burning out its cybersecurity employees.
• At least three cyber insurance providers will acquire a managed detection and response (MDR) provider.

There are also several other blogs with security predictions from various Forrester analysts, like this one. 

16) ARMIS offers its Cybersecurity Predictions for 2023:

1. Cultural Cohesion in a modern work environment by Yael Koch Warschawski
2. Technology trends, changes and the impact they have on cybersecurity by Nadir Izrael
3. A CISO’s Prediction by Curtis Simpson
4. 5 healthcare cybersecurity predictions for 2023 by Mohammad Waqas
5. Top 5 trends in OT and ICS Security for 2023 by Steve Gyurindak
6. Six Public Sector Cybersecurity Predictions for 2023 by Joe Hamblin
7. Top 5 trends in IoT Cyber by Chris Dobrec

17) JupiterOne offers 12 predictions you may have missed from the 2023 security predictions panel.

Here are their top three:

• A steady stream of self-inflicted, “oh my god-level” breaches. Self-inflicted security breaches, or data breaches that result because of a preventable vulnerability, are said to make up as much as 90 percent of data breaches. In 2022, we’ve seen a number of breaches from large, well-known companies with millions of customer records, and Fernando predicts we’ll see even more in 2023.
• Increased adoption of secure access service edge (SASE). Omdia has gone on record a handful of times about the buzz around SASE, so it’s no surprise that Fernando believes this framework will continue to rise among cloud-first organizations in 2023.
• The rise of product security and the fall of overarching security budgets controlled by CISOs. As product security takes on more responsibilities previously assigned to security teams, budget is likely to shift, and Fernando predicts we’ll see this take shape in 2023.

17) Cisco offers this excellent report entitled Cisco’s Top Security Trends That You Need To Know About.

Here’s one highlight: “These showed several themes: internal pressures, external changes and solution adoption.

“CISOs need to be aware of the pressures that may come from inside the business. C-level executives having risk-related elements in their employment contracts (8) may result in a higher focus on Risk management. This may benefit CISOs to position cyber security as part of the Risk calculation and perhaps unlock more support for risk reduction initiatives.”

This video offers Cisco’s top security trends for 2023:

19) Atos Group offers their 2023 Trends and Predictions in video format (see below).

Here are the Atos top five predictions:

• Multi-extortion attacks on the rise
• Cyber-resilience will drive down the cost of recovery
• Supply chain security will be a priority
• Time to build a cybersecurity compliance program
• Keep the human factor central to your strategy

20) Sentinel One — SentinelOne’s Cybersecurity Predictions 2023 | What’s Next?

This report is well done and offers a table of contents and detailed descriptions. Here are their top items:

• Driving Painful Lessons Home
• Cybersecurity Only Works When “It Just Works”
• No One Gets to Opt Out of Cybersecurity in 2023
• The Disruptors Are Here, And They Aren’t Going Away
• No More Hiding Behind Our Macs

21) McAfee — McAfee 2023 Threat Predictions: Evolution and Exploitation

Here are their top predictions:

• AI Goes Mainstream and the Distribution of Disinformation Rises
• New Year, New Scams (including cryptocurrencies, investment scams, fake loans and metaverse scams.)
• The Rise of ChromeOS Threats
• Web3 Threats will take advantage of FOMO

22) Security Magazine offers 18 cybersecurity predictions for 2023 from a variety of industry experts and global sources.

I really like the items listed, but item 10 on there offers something other lists seem to neglect:

The Cyber Basics — Cyber Hygiene and Awareness, by Joseph Carson, chief security scientist and Advisory CISO at Delinea:

“The need to become a cybersecurity society will see an increase in getting the basics right. This means that cyber hygiene and awareness will be a top priority in 2023. With more organizations looking to obtain cyber insurance as a financial safety net to protect their businesses from serious financial exposure resulting from data breaches and ransomware attacks, the need to get a solid cyber strategy in place will be mandated to get insurance. The days of ‘cheap and easy’ are over.

“This means getting back to the basics in 2023 to level up cybersecurity baselines. Ongoing remote work and cloud transformation mean that a strong access management strategy will be needed to be supported by multifactor authentication, password management and continuous verification to reduce the risks.

“In addition to implementing better access security controls, employers will need to empower workers with better cybersecurity awareness. This means ongoing training and education to ensure that as threats evolve, employees are informed and ready to be strong defenders in cyber strategies.”

23) Microsoft — Via VentureBeat, Microsoft security leaders make nine key cybersecurity predictions for 2023:

Here are their top five:

• Advancement for the security industry and collaboration 
• Data-driven intelligence key 
• Ransomware threats are here to stay 
• Threat actors will innovate new extortion tactics 
• The cloud will become a net-positive for cybersecurity

BONUS ITEMS WORTH REVIEWING

Here are a handful of other predictions lists that are worth your time:

24) Entrust offers their Top 5 Cybersecurity Predictions for 2023:

• Post Quantum and Cryptography Will Pose New Challenges
• Consumer Identity Protection Will Lead to New Strategies
• Increasing Cloud Complexity Will Accelerate Adoption of Automated Tools
• Technology Evaluation Strategies Will Create a New C-Level Role
• New Roles for Board Members in Cybersecurity

25) WWT — 2023 Cyber Security Predictions and Trends

Here’s one list from Traci Sever:

• Platform consolidation to decrease tooling duplication, high operational costs and complex integration requirements.
• Securing both remote and hybrid workers as organizations make decisions about long-term in-office requirements.
• Adapting security for increased cloud dependency
• Managing and securing data that live everywhere.
• Visibility, control, protection and remediation in response to supply chain attacks, IoT attacks and ransomware.

26) I admire Chuck Brooks’ leadership and great content on LinkedIn and via other media. This 2022 overview of threats and 2023 prediction list in Forbes is worth reading: A Boiling Cauldron: Cybersecurity Trends, Threats, and Predictions For 2023.

Here are a few of Chuck’s items:

• Machine Learning and Artificial Intelligence Assimilate into the Cyber Ecosystem
• Polymorphic Malware grows (in various ways listed)
• More BOTs on the Warpath
• IoT Expands Everywhere in 2023
• Ransomware Will Continue To Be a Prime Concern

27) F5 Networks offers these 5 Cybersecurity Predictions for 2023:

• Prediction #1: Shadow APIs Will Lead to Unforeseen Breaches
• Prediction #2: Multi-Factor Authentication Will Become Ineffective
• Prediction #3: Troubles with Troubleshooting
• Prediction #4: Open Source Software Libraries Will Become the Primary Target
• Prediction #5: Ransomware Will Expand on the Geopolitical Stage

28) Ntirety — Emil Sayegh, CEO of Ntirety, offers this excellent list via Forbes:Top Cybersecurity Predictions 2023

While most of his items are the same as others, I am highlighting the last of his 12 predictions:

“Onward, State-Sponsored Mayhem — One of the most efficient and effective tools of modern warfare is cyber war. As we witnessed in 2022, there is no break in this action and it is a full-spectrum battlefield of leaked credentials, supply chain attacks, breaches, loss of industrial secrets, and everything that comes with attacking another nation in the world of geopolitical spy games. We can never let our guard down on the global stage when it comes to proactively combatting evolving cyber threats. And the number of nations currently engaged in cyber war against each other has made it the frontlines of national security and can impact a nation’s readiness for an actual shooting war.”

29) Datamation offers us their 10 Top Cybersecurity Predictions for 2023:

Here are the first five:

30) Deloitte — From an article via VentureBeat:Deloitte reveals 10 strategic cybersecurity predictions for 2023 

Here are the top five items listed:

HONORABLE MENTION SECURITY PREDICTION LISTS

Avast — 3 major cybersecurity predictions for the new year

Here’s one of their three listed:

Accenture — From VentureBeat, Accenture shares 9 cybersecurity predictions for 2023

Here are the first five on the list:

• Geopolitics, economic uncertainty and destructive cyber attacks will challenge leads to step up
• Evolving threat tactics require renewed focus on digital identity
• Broader talent pools will strengthen cybersecurity
• Protecting people: Cybersecurity for critical infrastructure will take a central role
• Increasingly automated responses will become core tech for the cyber-resilient business

SANS — Via VentureBeat, here are4 cybersecurity predictions for 2023 — SANS analysts look ahead

No. 1 on the list: “ChatGPT will reduce code vulnerabilities and improve productivity”

DICE —  7 Cybersecurity Trends for 2023 to Watch Out For

Top of the list:

SlashNext —  7 Network Security Trends & Predictions for 2023

SlashNext CEO Patrick Harr’s top item: “Start thinking ahead to cybersecurity concerns in the metaverse. The metaverse, digital twins, and similar advanced technologies will present new security challenges for organizations and individual users. Artificial intelligence solutions will be needed to validate the legitimacy of identities and controls.” 

Extrahop — Cybersecurity Predictions: Cloud Security Trends for 2023

The top item on this list is on thinking differently about cloud security: Companies will continue to shift from the use of on-premise storage to the cloud. However, many of these organizations do not have a clear understanding of how cloud security differs from on-premises. Security in the cloud has to be integrated differently from the start or else bad actors will have the opportunity to infiltrate the infrastructure and attack vulnerabilities.

SimpliLearn — Top 10 Cybersecurity Trends to Watch Out For in 2023

Top item: Rise of automotive hacking.

IT Security Wire — Five Major Trends that will Transform Cybersecurity Landscape in 2023

No. 2 on their list: Using mobile devices as targets.

CPO Magazine — Expert predictions for the next 5 years

They list nine areas, and here are the first three:

• Attacks on shared infrastructure
• Malware takeovers
• Cyber-kinetic attacks

Radware (via Spiceworks.com) — Cloud Security: 5 Predictions on What Lies Ahead for 2023

Top of the list: “Cloud Security Will Become Synonymous With Cyber Security”

Help Net Security — 5 cybersecurity predictions for 2023

No. 1 on the list: “IoT blends with shadow IT to make a security headache”

Bangkok Post — Making security predictions for 2023: “First, cybersecurity will be the cornerstone of everything.”

Information Security Buzz — Experts’ Responses: Cyber Security Predictions 2023

An impressive list of cyber experts from around the world contributed to this list. Here is the first item: “Cyber resilience will come from people — not technology” — Bec McKeown, Director of Human Science

Optiv (via CRN) — Five Big Cybersecurity Bets For 2023 From Optiv CEO Kevin Lynch

Nice video interview. Top of the list: “Integration Is Going To Win”

Bernard Marr (via Forbes) — The Top Five Cybersecurity Trends In 2023

Many good items. I like: “International state-sponsored attackers target businesses as well as governments.”

Venturebeat — Not to be outdone by Forbes, VentureBeat offers this piece: 31 CISOs share their security priorities and predictions for 2023

They lead with Phil Venables from Google Cloud: “Malicious behavior will get worse before it gets better — and investments in technological infrastructure will rise in response.”  

Digicert — 8 Things to Expect in 2023

They lead with: “Quantum Computing Will Force Crypto-Agility”

Neustar Security Services (via VMblog) — Emerging Security Threats to Watch in 2023

No. 1: “Low-code/no-code software development at odds with DevSecOps”

KnowBe4 (via NBCnews11.com) — KnowBe4’s Team of Cybersecurity Experts Release Top Five Predictions for 2023

Top of the list: “A shift in focus to creating a security culture within organizations across the globe.”

Snowflake (via Cybersec Asia) — Data predictions for 2023

Top item: “Cybersecurity will finally join the modern data stack.”

ZDNet — Tech in 2023: Here’s what is going to really matter

A really good list of the top items from Gartner, IDC, Forrester and CCS Insight. Definitely worth reading, although most items are not cybersecurity-related.

LogRythm via Digital Journal — Threat experts share 2023 cybersecurity predictions

Lead: “Organizations should be on high alert for supply chain attacks if they use open-source software. In recent years, hackers have become more strategic when it comes to exploiting open-source software and code. 2023 will be no different. Bad actors examine the code and its components to obtain a thorough understanding of its flaws and the most effective ways to exploit them.”

MIT Review – What’s next in cybersecurity?

Excellent piece. It begins, “In the world of cybersecurity, there is always one certainty: more hacks. That is the unavoidable constant in an industry that will spend an estimated $150 billion worldwide this year without being able, yet again, to actually stop hackers.”

Logpoint – Logpoint 2023 predictions: The year of the business-driven CISO

Top item: The CISO caught between a rock and a hard place.

AWARDS

Best & Most Comprehensive Vendor Report Overall: Trend Micro — FUTURE / TENSE: TREND MICROSECURITY PREDICTIONS FOR 2023

Most Creative: WatchGuard — Watchguard’s 2023 Cybersecurity Predictions. Their videos were again outstanding and fun. Also, love No. 5 on their list: “A Novel Robotaxi Hack Will Result in a Dazed and Confused AI Car.”

Least Reported But Most Likely Prediction: Kaspersky — The entire list titled Advanced threat (APT) predictions for 2023 might apply, but items two and three are most likely:

• Mail servers become priority targets
• The next WannaCry

Scariest: Mandiant (now part of Google) — Destructive attacks, information operations and other cyber aggression from The Big Four: Russia, China, Iran and North Korea.” (Read their report for more details.)

Most Common: Trouble coming for MFA and cloud (because of misconfigurations).

FINAL THOUGHTS

After reading over a thousand predictions for 2023 from hundreds of sources (including companies, online magazines and more), I still ask the question: What’s missing?

Last year, no one predicted that Ukraine would be front and center for cybersecurity, so it is prudent to ponder if another global conflict might cause unforeseen consequences.

Wired magazine recently released the article: “Cyber Warfare Is Getting Real.” Another piece worth reading.

Other items that aren’t on these lists (but I always wonder why), include big global events being hacked or “held hostage” in some way. This could be a major sporting event like the Super Bowl, a political rally or election, or even a G7 meeting.

In state and local governments in the U.S., I expect to see the new federal grant dollars flowing and new cybersecurity plans emerging for many states — especially with new and recently re-elected governors.

In conclusion, I’d like to wish you a happy New Year, and thank you for following “Lohrmann on Cybersecurity.”

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.