Charting the future trajectory of cyber security is a tall order. The rapid proliferation of new attack surfaces means more opportunities for threat actors than ever before, and this will only continue as new technologies are introduced. Still, there are some things we can confidently predict for the coming year, given that they are trends that have already been gathering pace this year. Below are just a few of the cyber security trends we expect to be of greater relevance to organizations in 2023.
- More attacks in the cloud
- Threats on the go – the mobile attack surface
- Threat actors turn to IoT
- The healthcare sector at risk
- AI in security efforts
- Users as an attack surface
1. More attacks in the cloud
The year 2022 saw the ongoing rapid adoption of cloud environments by organizations looking to take advantage of the many obvious benefits of cloud technology. 2023 will be no different, but security in the cloud remains immature, with default cloud services often providing inadequate essential security functions.
Threat actors are keenly aware of this. Indeed, in 2022 27% of organizations were impacted by a security incident in their public cloud infrastructure. And, with 92% of organizations storing at least some data in the cloud, security teams must keep up with their organizations’ appetite for cloud adoption. We expect a greater focus on predictive security and multi-factor authentication for the cloud, and continued interest in threat intelligence for threats targeting the cloud.
2. Threats on the go – the mobile attack surface
With around two-thirds of the world’s population using smart devices as of 2021, it’s no surprise that mobile is fast emerging as a major target for threat actors. People manage almost all aspects of their digital lives on their phones, and most aren’t experts in securing their assets. Attackers leverage easy opportunities in e-commerce, banking, and online booking applications, with 45% of organizations experiencing a mobile security incident in the past 12 months. And, with mobile devices not going anywhere soon, this attack surface will only continue to grow.
3. Threat actors turn to IoT
As Internet of Things (IoT) devices continue to grow in popularity, they will become an increasingly attractive target for threat actors. The interconnected nature of IoT devices makes them especially vulnerable to attack, as a successful breach of one device can often provide access to an entire network. In the future, we can expect to see more sophisticated and targeted attacks on IoT devices, as well as a greater range of malicious actors targeting this technology in their attacks.
4. The healthcare sector at risk
With the healthcare sector representing particularly high liability to organizations and individuals alike when affected by a cyber attack, it is no surprise that the healthcare security industry is predicted to be worth $125 billion by 2025. Ransomware attacks increased by 94% from 2021 to 2022, and with more and more patient data being stored online and in the cloud — together with the residual impact on healthcare services of the COVID-19 pandemic — the sector is increasingly vulnerable.
5. AI in security efforts
A welcome development for 2023 will be the increased implementation of advanced machine learning and other artificial intelligence techniques in identifying and responding to threats. Today, IT security teams have huge datasets to work with, coming from multiple threat intelligence feeds and scan data. AI would help parse this data and efficiently identify underlying patterns and future threats, giving organizations the best possible chance of staying secure. This is already a widely accepted reality in the industry, with talent and skills shortages driving practitioners to adopt AI and automation into their cyber risk management programs. In fact, only 7% of organizations are not considering the use of AI in managing their cyber risk.
6. Users as an attack surface
An organization’s user base will remain a primary target, with employees having access to approximately 11 million files. Threat actors know this, leveraging phishing, social engineering, and other techniques to try to compromise the organization’s employees and their customers. Many breaches start with an email, SMS message, or some other contact with an unsuspecting user — and that will almost certainly continue into 2023. While user education programs, tools, and security processes continue to improve, the users are likely to remain part of the threat surface rather than part of the security stack for the foreseeable future.
Stay ahead of the predictions
These are only some of the cyber security trends we expect to see in 2023. While nobody can predict the future, we can take appropriate measures to shore up our security posture on the whole. Implementing established best practices, and understanding the common types of attack, keep us best placed to stay secure.
But as security practitioners, we’re required to understand the finer details, which is why we’ve produced our latest report, Cyber risk in 2022 – a 360° view. With original research from our Voyager18 team, we explore the stories behind the stories from the past year and provide practical suggestions for better security posture in 2023.
One last thing…
As technology evolves, so will cyber threats. In fact, the rapidly changing threat landscape and enterprise IT architecture has exposed organizations to significant security risks. Taking a proactive approach to cyber security is therefore critical.
Security teams can mitigate cyber risk and fortify enterprise infrastructure whenever they take steps to increase awareness and leverage cutting-edge security technology.