The digital world is evolving quickly. Artificial Intelligence is impacting every industry and job function. The Metaverse is upon us. Quantum computing is expected to become reality.
As exciting as these developments are, concerns about a possible recession are also tightening budgets and driving rationalization of the cybersecurity tech stack at many companies. Meanwhile, our homes have become an extension of the office. And cloud continues to drive a massive expansion of the threatscape.
While IT and security leaders are busy balancing budgets, hiring staff, implementing technology, and carrying out maintenance tasks, cybercriminals have the luxury of focusing solely on their attack plan. Attackers are always evolving and looking for ways to gain access.
We’re left asking: what does all this mean for IT and security planning in 2023?
We must try to align our security strategy to the future. While some things change, others stay constant. Data privacy and security are still top priorities.
We can’t sit back and wait. When we’re reactive, we immediately fall behind or become extremely vulnerable. We must always be dynamic and flexible to change.
Last year. I made several predictions about topics such as cyberwars, ransomware, hacker esports, privileged identity, and zero trust. Several of them turned out to be fairly accurate and will continue to provide lessons for all of us in 2023 and beyond.
There are a lot of reasons to get excited about 2023, and also some concerning trends for the cybersecurity community. Let’s look at some predictions, humbly submitted by an ethical hacker and cybersecurity scientist.
In 2023 deepfakes will become so authentic that not only will our digital identities get stolen, but so will digital versions of our DNA. Exposing our Digital DNA on the internet will enable deepfakes to replicate and create “digital humans.”
The SciFi movie The 6th Day paints a disturbing picture of the future, in which a man is cloned as part of a vast conspiracy. We’re on the same path, creating replicas of ourselves by synching our physical lives with constant uploads of photos, videos, and audio on social media, and sharing our personal preferences online to feed enhanced algorithms hungry for digital data.
It’s only a matter of time before attackers can create lifelike digital avatars of anyone, and it will be incredibly difficult to confirm human identities without technology to analyze the source data.
Employees’ homes will become extensions of company offices. Just as cloud transformation dominated the pandemic period, we’ve now started the Bring Your Own Office transformation, where employees’ home networks have become cloud droplets or mini clouds.
The big challenge for organizations today is knowing where the organization’s security starts and stops. Should we be attempting to secure employee homes as an extension of the corporate office? What would that mean for employees’ data privacy? Do we all become always-on employees, monitored 24 hours a day, not just nine to five? BYOO will make these questions even harder to answer.
In the past, your personal life and corporate life had a clear separation. With Bring Your Own Device that dynamic changed, and now with Bring Your Own Office it will continue to evolve. The boundaries will become even blurrier.
The need to become a mature cybersecurity society starts with getting the basics right. Cyber hygiene and awareness will be top priorities in 2023.
With more organizations looking to obtain cyber insurance as a financial safety net to protect their businesses from serious financial exposure resulting from data breaches and ransomware attacks, a solid cyber strategy will be mandatory. The days of “cheap and easy” insurance are over.
This means getting back to the basics in 2023 to level up cybersecurity baselines. Ongoing remote work and cloud transformation mean that a strong access management strategy will be needed, supported by Multi-Factor Authentication (MFA), password management, and continuous verification to reduce the risks.
In addition to implementing better access security controls, employers will need to empower workers with better cybersecurity awareness. This means ongoing training and education to ensure that as threats evolve, employees are informed and ready to be strong defenders.
Over the past few years, many countries have explored capabilities to go on the cyber offensive and built up their arsenals. 2023 may see the introduction of cyber armies.
Many countries have already adopted some variation of a cyber force, whether to support existing armed forces or to defend when targeted by cyberattacks, For example, as a result of the 2007 cyberattack, Estonia established the Estonian Defence League Cyber Unit in 2010. They simulate when a cyberattack targets the country so they’re ready to defend it. Other countries have since established similar cyber units.
In 2023, the need to get offensive has become a reality. While not all countries have traditional weapons, all can easily build cyber weapons and be ready to use them.
2023 will continue to see the workforce gap increase. As an industry, we must urgently figure out how to get more new talent and diversity to join the cybersecurity workforce The old ways of attracting and accelerating new talent into the cyber industry must evolve. Hiring the right people is no longer just about core technical skills but rather a diverse set of skills that also include communication, collaboration, marketing, design, and psychology.
Cybersecurity is now a challenge for all societies and, as global security expert Mikko Hypponen says, “we are no longer just protecting systems, but we are now protecting society.”
With these predictions in mind, take some time to prepare for the new year by increasing your security posture. The following resolutions provide a strong foundation for your cybersecurity, so try to implement all three in 2023, You won’t regret it.
Hackers use password-cracking techniques, brute-force attacks, and social engineering trickery to steal enterprise passwords. If they get their hands on a password that uses an authentication token (password hash), they can "pass-the-hash" to breach multiple systems without requiring multiple passwords.
For users, passwords can be a real pain. For IT and security teams with hundreds or thousands of enterprise passwords, managing and securing passwords manually is a nightmare.
Move your passwords into an enterprise password manager. Enterprise password management software essentially closes the number-one hole in your attack surface and protects your passwords without slowing down your business by inconveniencing your users.
Password management software for the enterprise uses security controls to prevent internal and external threats from capturing master passwords, credentials, secrets, tokens, and keys to gain access to confidential systems and data. These centralized password management systems can be on-premise or in the cloud. Most important is that they provide password security for all types of privileged accounts throughout your enterprise.
To get started, learn more about enterprise password management.
How do you distinguish between a legitimate admin presenting a legitimate ID and password and a threat actor using compromised credentials?
Let’s not count on passwords as the only protection for your sensitive IT systems. For your most important accounts, try enabling Multi-Factor Authentication.
Multi-Factor Authentication requires additional validation steps for extra identity assurance. MFA is one of the most effective and easiest on-ramps for Privileged Access Management, providing a lot of value with minimal effort. Once you get past the first time you will find it much easier to enable MFA for more accounts. This will help reduce the risk of attackers gaining access.
According to Gartner, enterprises that rapidly expand remote access without implementing MFA will experience five times as many [account takeover] incidents as those that use MFA. Regulated industries such as financial services, healthcare, and e-commerce industry verticals are under pressure from several bodies (such as PCI, HIPAA, PSD2, DFARS, NIST, etc.) to implement MFA for privileged access. MFA is now mandatory for cyber insurance requirements to prevent unauthorized access to servers, workstations, and remote desktops. And of course, MFA is an integral component of best practices such as zero trust and zero standing privileges.
See how adaptive and risk-based MFA confirms identity at every access control point, from login to privilege elevation, without slowing people down.
Get the eBook: MFA at depth.
Check out our MFA demo to see how Multi-Factor Authentication can be used wherever access control decisions are made.
The start of 2023 is a good time to ask: are your security controls working the way you think they are?
For some companies, auditing is required to meet regulatory requirements and demonstrate compliance. For everyone, it’s the best way to increase your understanding of your full attack surface so you know where you may have security gaps. By monitoring and recording privileged sessions, you can capture events for investigation and shore up vulnerabilities.
Check your audit logs and look for suspicious activity, such as any failed login attempts from suspicious locations or devices. If you find unknown devices or old devices you are no longer using, make sure to revoke access or update your passwords.
Data gathering can often form a large portion of the audit process. Automated, centralized reporting saves you time pulling together documentation to show auditors.
Delinea has a variety of free tools to help you assess your risks and prioritize your new years’ cybersecurity resolutions.
Start with the Privileged Account Discovery Tool for Windows. This free tool evaluates privileged accounts and passwords on your network to identify areas of security risk.
You’ll get a detailed custom report so you can prioritize your next steps to reduce privileged account risk compliance. Keep these cybersecurity predictions and resolutions in mind as you set your course for 2023 and beyond. Happy new year to everyone!