How do companies arm themselves against growing threats? What technological developments will prevail? And how will the impending recession affect the security situation of businesses? Kudelski Security’s IT trends for 2023 and beyond.
Cyberattacks remain effective and lucrative
Whether compromised business emails, Active Directory attacks, ransomware, phishing or MFA attacks: the fundamental attacks against organizations will remain highly effective and lucrative for cybercriminals in 2023. Human errors continue creating gaps in companies’ existing cyber defense systems. Additionally, phishing and new MFA bomb attacks are now more sophisticated than ever, reducing the effectiveness of security training.
With this in mind, enterprise security teams should not react defensively to man-made problems, but act offensively. It is hoped that customers of MDR (Managed Detection and Response) services will primarily require preventive functions rather than reactive rapid repairs.
Zero trust instead of VPN
Many people are working from home these days – this is nothing new. What’s new, however, is how security teams protect distributed workers. Starting next year, Zero Trust will completely replace Virtual Private Networks (VPNs). The boundaries of corporate networks have shifted, with employees accessing the majority of their applications through SaaS (Software-as-a-Service). And securing home networks is risky for IT teams. Therefore, in order to be able to support and protect the largely remote workforce, it is crucial not to trust any device.
Purchased access to corporate networks
The impending recession is approaching. And there’s a high likelihood that cybercriminals will take advantage of the bad economy to gain access to corporate systems. According to our estimate, software piracy will decrease from 2023, but “insider risk” will increase. This means that hackers will increasingly target employees of third-party logistics providers as well as Internet service providers (ISPs) and software manufacturers and attempt to buy access to the corporate network. It is therefore important that companies not only secure their own network boundaries, but also ensure that their providers are reliable.
Fewer passwords
The recent Uber vulnerability exposed weaknesses in Multi-Factor Authentication (MFA). Don’t expect MFA fatigue to see passwords completely disappear by 2023. However, their use will decline in the coming years. Instead, other protections will prevail, including stronger passwords. Additionally, password managers will be ubiquitous over the next year, making them a more valuable target for hackers.
The recession will not lead to less security
With the recession looming, businesses of all sizes and in all sectors are likely to cut budgets and staff. However, we believe the security teams will remain largely unchanged. However, due to the upcoming economic difficulties, they will have to work smarter and consolidate in the future. A sign of the great importance of business security, cybersecurity labels will also prevail on products – especially on hardware. Additionally, US data protection laws are likely to be raised to European standards. This means that boards and management must ensure compliance with stricter security rules.
More control for blockchains
For blockchain technologies, 2022 has been a difficult year in terms of security. 2023 could be just as turbulent if blockchain code continues to rule. Too much trust is currently placed in developers and their programming skills. Blockchain security teams need more robust monitoring, detection, and response capabilities to deter attackers. The many bridge hacks in 2022 have shaken user confidence in blockchain security. Fortunately, customers are just as concerned about the security of their chosen blockchain and its features. Therefore, for blockchains, they will likely dedicate more resources to improving security over the next year. Besides combating theft, the availability and stability of cryptocurrencies should be a priority in the future. Because if the outages and delays continue, some blockchains could lose users and collapse.
Safety lessons for years to come
The main lessons that security professionals can learn from the security breaches, hacks and cyber incidents of 2022 are:
- MFA is not trustworthy.
- All stakeholders, including senior management, should have insight into their organization’s security posture.
- It’s not worth risking IT security for a 1% improvement in a product. Because the constant overhaul of IT architecture keeps creating new gaps.
- Continuous security is also a must for blockchain. Instead of a one-time assessment at launch, the security team should rely on continuous validation.
Security in Quantum Computing
It is unlikely that there will be a massive use of quantum computers as early as 2023. But as early as 2024, security experts should have the subject on their screens. The current risks associated with quantum computing do not quite outweigh the huge investments involved. Therefore, it is best that companies that rely on new technology start assessing the risks now, especially financial service providers, the defense sector and other companies that transmit extremely sensitive data.
www.kudelskisecurity.com/de