Channel Futures 2023 Cybersecurity Outlook: Newer Targets, Tighter Budgets
MSSPs and GSIs will serve a critical role in addressing the ongoing global cybersecurity skills shortage.
![Cybersecurity predictions Cybersecurity predictions](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltf3510be9ce3ed82f/65240b3d254503c6f0dfa131/Cybersecurity-predictions.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
The NCA‘s Lisa Plaggemier said new industries will find themselves in attacker crosshairs. That includes education, aviation, automobile and gaming.
“The frequency of cyberattacks across myriad industries have continued to increase, with no sign of slowing,” she said. “Organizations operating in financial services, health care, energy, government and critical infrastructure have long been perceived as abundant hunting grounds for hackers to disrupt and steal from. It’s reasonable to assume, however, that these industries are slowly adapting better incident response protocols, investing in security services and technologies, and increasing cybersecurity training measures. Though attacks on the aforementioned industries will continue, bad actors will also always seek out less prepared targets where low-tech, high-impact attacks (e.g., phishing, ransomware and social engineering) will net big rewards. In the coming year, education, aviation, auto and gaming will be greater targets in cybercriminals’ crosshairs. And incident frequency is already ramping up in the wake of recent ransomware and distributed denial of service (DDoS) attacks against airlines and auto parts manufacturers.”
Recent data indicates a 167% spike in attacks on gaming companies and a 44% increase in education sector attacks this year alone, Plaggemier said. Expect these numbers to continue at pace or increase in 2023. The silver lining, however, is that new targets will slowly adapt and learn the value of deterrence measures like those before them.
As emerging software, tools and technologies continue to be used and relied upon by younger generations, older demographics will understandably struggle to keep up, Plaggemier said.
“However, this does not necessarily mean that the group will be exploited at a greater number or percentage by cybercriminals,” she said. “In fact, according to NCA’s Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2022, over a third of Gen Z respondents lost data or money due to phishing, which was nearly three times higher than the older generation. However, even if there is a misconceived perception that the elderly population is more likely to fall victim to common cybercrimes, the stakes for this group are significantly higher.”
For example, older demographics now rely heavily on technology that monitors their well being, such as wearable devices that detect vital signs and other health indicators, Plaggemier said. While this technology has no doubt improved the lives of the elderly population, it has also made them extremely dependent on it, and thus, vulnerable to cybercriminals who would exploit these assets.
“As we approach 2023, the incorporation and reliance on emerging technologies to help with everyday life, especially in the health care sector, will need to have cybersecurity-related safeguards in place to help protect their users from bad actors,” she said.
Fears of disinformation and minimal online harassment moderation among major social media platforms like Twitter and Facebook have resulted in many longtime users looking for alternative options. Mastodon, Hive Social and Post have all seen upticks in users, especially since Elon Musk’s acquisition of Twitter.
“But as these emerging social media platforms gain both traction and popularity, keeping users’ information secure from cybercriminals will be as much of a challenge for them just as it is for the major tech giants,” Plaggemier said. “According to a Censuswide survey earlier this year, 42% of those who had their information included in a data breach named social media as the site that led to the compromise of their information. As users begin to test out smaller, emerging networks, expect many social media platforms to begin incorporating cyber safe protocols like multifactor authentication (MFA) and sophisticated password management. Not only will the platforms and users benefit from minimized risks of data breaches or cyber compromises, emerging platforms will be able to build trust with a new group of users who are prioritizing safe and sound information flow.”
Adversarial artificial intelligence (AI) will mainstream as increased adoption of AI and machine learning (ML) models continues to take hold across various industries, Plaggemier said.
“In the coming year, we’re likely to see cyber adversaries using AI and ML models to create attacks that can self propagate across a network or exploit vectors in data sets used to model ML frameworks,” she said. “First, AI algorithms can be trained on manipulated or fake data, known as poisoned data, which can cause the AI to make incorrect decisions or take malicious actions. Additionally, attackers can create adversarial examples, which are inputs designed to fool an AI system into making an incorrect decision. Another way that adversarial AI can be vulnerable to cyberattacks is through the use of AI algorithms to manipulate and deceive individuals. This could involve creating fake social media profiles or websites that appear legitimate, but are actually designed to collect sensitive information or spread malware.”
Adversarial AI will also likely be used to enhance and continue existing attacks, such as disrupting critical infrastructure like power grids or transportation systems, Plaggemier said. The ability of AI algorithms to learn and adapt makes them particularly well-suited for this type of attack, and the potential consequences of such an attack could be devastating.
“Finally, adversarial AI attacks will be used and incorporated in quantum computing breaches,” she said. “This is because the speed and power of quantum-computing make them a prime target because they can manipulate and deceive AI systems. This can lead to critical infrastructure disruptions and the undermining of trust in AI systems that need to be trusted by the public at large to achieve their full potential.”
Increased due diligence will become table stakes for cybersecurity M&A in the coming year, Plaggemier said. As the industry becomes more consolidated, the potential risks and rewards of M&A deals are likely to become more significant, making it paramount for companies to carefully assess respective acquisition strategies.
Also, the rapid pace of technological change in the sector means that companies need to be sure that the technologies and expertise they acquire are current and effective to ensure that an organization’s capabilities are up to date and able to provide the level of protection that the company needs, she said. An acquired company’s weaknesses become the parent company’s problem.
“Since the potential cost of a cybersecurity breach is significant, both in terms of financial losses and damage to a company’s reputation, there will be a greater reliance on best practices and processes that can reduce the risk of a breach and protect the bottom line,” Plaggemier said. “Increased third-party risk management will play a key role in better recognizing downstream vulnerabilities ahead of an acquisition, such as SaaS/data sprawl, past relationships with breached security vendors and solutions, or improper history of vetting partners. Additionally, there will be much more reliance on a software bill of materials (SBOM). SBOMs provide a detailed inventory of the components that make up a piece of software. This information is crucial for identifying potential vulnerabilities and ensuring that the software being acquired is secure.”
CrowdStrike‘s Michael Rogers said partners will work increasingly with vendors that offer a unified security platform as budget restraints tighten.
“Organizations will be forced to optimize security and IT costs as a result of the global macroeconomic shift,” he said. “This will lead to increased customer demand for vendor consolidation, resulting in an increased shift to the adoption of platform vendors offering solutions under a single umbrella. Partners will fuel this vendor consolidation.”
The standardization of a shared data schema will accelerate among partners, Rogers said.
“Partners (of all types) will work closer than ever to accelerate data normalization to help organizations defend against adversaries,” he said. “In 2022, we saw new technology partner alliances come together to achieve this outcome. In 2023, more partners will join these initiatives to make it even simpler and less burdensome for organizations to use and exchange security data in the global fight against cybercrime.”
Consumption of security resources will change and partners will adapt, Rogers said.
“Customers are evolving the security procurement process and partners will evolve alongside them to meet their needs,” he said. “Customers are shifting away from traditional purchase orders (via solution providers) toward buying and consuming services and products online through various marketplaces, including online SaaS stores, public cloud marketplaces and even direct to vendors. Due to this shift, partners will make their solutions available in multiple locations with flexible buying options.”
Partnering with identity providers will have increased importance, Rogers said. Identity will be the top threat vector in 2023 and identity providers will play a critical role in helping to protect user credentials.
“Threat actors know that they can take advantage of the growing remote workforce to steal credentials and infiltrate organizations,” he said. “The ability to protect these identity-based attacks will require an identity protection solution that integrates with identity providers, so that organizations can handle the complexities of storing and authenticating identities.”
MSSPs and GSIs will serve a critical role in addressing the ongoing global cybersecurity skills shortage, Rogers said.
“According to the (ISC)2 2022 Cybersecurity Workforce Study, there’s a global cybersecurity workforce gap of 3.4 million people,” he said. “As a result, organizations will look to MSSPs and GSIs to fill this gap. The benefit for organizations leveraging MSSPs is that they provide 24/7/365 expert monitoring without the need for additional staffing. As for GSIs, they can help organizations manage the complexity inherent with cybersecurity and solve business challenges through implementation services.”
MSSPs and GSIs will serve a critical role in addressing the ongoing global cybersecurity skills shortage, Rogers said.
“According to the (ISC)2 2022 Cybersecurity Workforce Study, there’s a global cybersecurity workforce gap of 3.4 million people,” he said. “As a result, organizations will look to MSSPs and GSIs to fill this gap. The benefit for organizations leveraging MSSPs is that they provide 24/7/365 expert monitoring without the need for additional staffing. As for GSIs, they can help organizations manage the complexity inherent with cybersecurity and solve business challenges through implementation services.”
It’s that time of year to peer into our crystal ball and see what’s ahead for cybersecurity in 2023. Our cybersecurity outlook includes more attacks, new targets, tightening budgets impacting security demands and more data sharing among partners.
We’re capping off another year of rough seas in cybersecurity, as attacks escalated, including those associated with war in Ukraine, and cyber defenders facing more challenges than ever.
So what’s in store for 2023? If there’s one certainty, it’s the new year will bring more, as in more threats and attacks, and more hurdles for those in the cyber trenches.
More of Everything in 2023
Experts with Avertium’s cyber intelligence recently shared their predictions for cybersecurity in the new year. What they anticipate is:
More attacks laced with a distinctly human element.
A rise in the weaponization of IoT and operational technology (OT) to drive catastrophic outcomes.
More stringent requirements and higher rates for cyber insurance.
Heightened risk from the use of third-party vendors.
An increase in the number of data privacy laws.
A more pressing need to implement a zero trust framework.
Gen Z at Forefront of Cyber
HackerOne’s Shlomie Liberow
Shlomie Liberow is head of hacker research and development at HackerOne. He said Generation Z will be at the forefront of shaping cybersecurity and hacking culture.
“I look at the community now and there are people as young as 15 or 16 getting more and more proficient at hacking,” he said. “Last year, more than half of the hacking community was under 25 and I expect that percentage has increased. Some of the top hackers on the platform are just 17 years old. They’re good at it because they’ve grown up with technology. Imagine you’re a gamer and you find out that a gaming company is offering bounties. Since you’re already trying to find cheats in games, the opportunity to hunt for vulnerabilities in exchange for cash is enticing. This demographic influence means the community and culture will be built around what Generation Z cares about.”
Some hackers have joined the community indirectly because of gaming, Liberow said.
“And we’ve seen younger hackers getting involved in more niche programs, including IoT, cloud security and hardware security testing, rather than classic website hacking,” he said.
NCA’s Lisa Plaggemier
CrowdStrike’s Michael Rogers
Lisa Plaggemier, executive director of the National Cybersecurity Alliance (NCA), provided overall cybersecurity predictions. And Michael Rogers, CrowdStrike’s vice president of global alliances, gave his predictions for cybersecurity partners.
We invite you to mull over Channel Futures’ 2023 cybersecurity outlook. See the slideshow above to get started.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like