What will the security landscape in 2023 look like? Here’s my take.
1. Attackers’ tactics will evolve, and defense strategies will evolve with them
With online platforms and social media fully integrated into our daily routine, phishing and social engineering will continue to be a common cause of data breaches.
Attackers will take advantage of remote and hybrid workers knowing that traditional security measures might not all be in place, and they will target identity as the new perimeter. To stay one step ahead, organizations will evolve their encryption, zero trust and multifactor authentication strategies to protect credentials and arm their employees against increasingly sneaky social engineering tactics.
2. There will be more software supply chain attacks
In the new year, there will be more attacks that can be traced back to a compromised software supply chain. With attackers getting savvier, they’re going to start hacking more and more software-making individuals and entities, placing bugs directly into their software so that it will later get pushed out to entire organizations and their client base.
3. Organizations will aim for holistic security
2023 will also be the year organizations take a good, hard look in the mirror to understand all the assets in their physical and digital environments and ensure holistic security.
The new year poses an opportunity for organizations to review all their assets and potential rogue devices (e.g., external cameras, microphones, or adapters), and organizations looking to strengthen their security measures will take this chance to ensure each device complies with their security standards. Cloud security will also be a key focus for organizations – as businesses move more assets to the cloud, security teams must work with the changes.
4. Unnecessary worker privileges will be taken away
Whether an organization’s workforce is onsite, remote, or a hybrid of the two, chances are the employees are all over the place physically and/or digitally – making it increasingly hard to keep track of what they may or may not be doing on their devices.
In the new year, companies will look to give their workers the least amount of privilege needed to do their job to reduce associated security risks. While this may seem like a punishment, it’s not. Employees must understand that this is a necessary step to ensure security across the board and that it doesn’t mean that they can’t take a break to check their personal phone or devices during work hours.
5. Training and education will become focused on engagement
Organizations are beginning to realize that the hour-long, unengaging videos are no longer doing the trick when it comes to training their workforce on security issues and best practices. Knowing that the human firewall is one of the best defenses against security threats, 2023 will be the year that organizations overhaul their old training programs and implement innovative and engaging solutions.
Training courses will be shortened and become more frequent to address shrinking attention spans as well, making key points more memorable. Additionally, new technology will be considered and implemented to facilitate training, such as immersive experiences and XR solutions.
6. New technology will enable umbrella services to protect multiple endpoints
Software companies will begin to leverage new technology like machine learning and artificial intelligence to learn from issues that one organization may face and apply the solution to all other customers.
For example, when an email security provider notices that a customer base is receiving a malicious attachment, they’ll be able to leverage automated technology to block it from all other customer bases. These umbrella services will play a major role in propagating key learnings and enforcing solutions across multiple endpoints.
7. Feedback and reporting will become simpler
Simplicity will become a focus when it comes to providing feedback and reporting security threats to the security team. Whether it’s a suspicious email or a cybersecurity event, organizations will make it easier for employees to report a threat or provide feedback for something that doesn’t sit right. It could be as simple as a button in the ticketing system or a text box to submit a concern that goes directly to security – either way, organizations must figure out a way to create feedback loops to constantly be aware of what areas need increased protection.
For attackers, the new year means new opportunities. For organizations, the new year will be the year of self-reflection, overhauls, and innovation. Organizations will do what they can to stay one step ahead of attackers, so that when new threats emerge, they’re fully prepared and set up for success.