The Top Cybersecurity Trends For 2023

As we prepare for 2023, it’s important to think about what the year will bring in terms of cybersecurity. Here are some of the top trends to watch for in the next year. 

1. The Zero Trust Framework

This is a methodology that has been around for a number of years, but its deployment has picked up momentum recently. The zero trust framework (ZTF) assumes a network is constantly vulnerable to internal and external threats, and access to systems is given only when deemed necessary. ZTF breaks down an organization’s IT and network infrastructure into smaller units, or microsegments, and each one has its own layer of defense. With ZTF, no resources or users are trusted, and there must be continuous verification for access. Watch for ZTF deployments to grow in 2023 as organizations include it in their strategy to reduce risk. That said, ZTF is not one-and-done – it requires ongoing planning and investment to be successful – and it will not mitigate all cyber risk.

2. Insider Attacks

During the past few years, as organizations have focused on the increasing number of external cyber threats and nation-state threat actors, they have become more susceptible to insider attacks. Not every cybersecurity team can identify threats originating within an organization, whether it’s accidental or intentionally malicious. Yet, insider attacks can be a huge threat. Using the principles of social engineering, cyber attackers can manipulate employees into providing the means to steal sensitive data or disperse malware. It’s crucial for your organization to use the right combination of security tools and team training to ensure your SOC team is prepared.  

3. Data Leakages

As more and more organizations adopt the hybrid cloud, which is a combination of both a private cloud and a public cloud, there has been a corresponding rise in the number of data breaches. Because many IT security teams are stretched thin and have so many other tasks to handle, they are not always able to keep track of every possible vulnerability or area of exposure. It doesn’t take much to alter permissions — whether accidentally or intentionally – and remove the “boundary” between the cloud and the internet. Once that data has been leaked, it’s hard to prove it wasn’t accessed by a bad actor. Thus, more oversight will be required here.

4. The Internet of Things

The Internet of Things (IoT) is the connection of physical devices to the internet, allowing them to communicate with each other and exchange data. IoT devices can include coffee makers, cars and entire cities. As these IoT devices are more commonly used in everyday life, they are also being used more in industries around the world, from inventory management to healthcare. Although there has been recent legislation passed that requires manufacturers of IoT products to install a baseline of security into their products, many have not done so yet. In 2023, not only should you expect more IoT devices to come out into the market, but watch for a significant spike in the cyberattacks that come through as a result. 

5. Supply Chain Attacks

A supply chain attack happens when a cyber attacker uses a vulnerability in an outside system or third-party partner to infiltrate your network and systems. Supply chain attack risks are very high since they expand the attack surface and expose new vulnerabilities. Additionally, bad actors can hide malware that may not be deployed for days or months. The most well-known example of a supply chain attack was the Solar Winds hack, in which thousands of unsuspecting victims were infected with malware through just one vulnerability in the remote services being provided to customers. While it is expected that in 2023 such large-scale attacks may not continue, there will be smaller-scale attacks occurring with much more frequency.

6. Cyber Ranges

As the threat landscape continues to morph and grow, more and more organizations are using a cyber range program to train their security operations and incident response teams. The simulated cyberattack scenarios allow teams to have a safe environment to practice detecting and defending against real-world cyber threats. These organizations are using a third-party partner like Cloud Range, which provides not only the range, but also scenario design and development, licensed security tools within the range, training and guidance during missions, and one-on-one mission debriefs with security leaders.  

7. Geopolitical Concerns

As Russia invaded Ukraine earlier this year, there was fear of large-scale attacks here in the United States targeting critical infrastructure. Fortunately, nothing like that happened for the remainder of the year. But there are still geopolitical tensions, and the fear of an attack upon the food distribution channels, water supply, nuclear facilities, or even the national power grid will remain high in 2023.

8. Phishing

Phishing is an oldie but goodie in terms of threat vectors, and phishing attacks will continue to dominate the cyber threat landscape in 2023. In fact, 91% of all cyber attacks begin with a phishing email. These kinds of attacks have become very sophisticated, and many direct unsuspecting victims to phony websites that look almost like the real thing, even to a trained eye. Plus, as long as phishing remains a viable threat, so will ransomware, as most ransomware is delivered through phishing scams. It's crucial to take preventative measures against phishing scams, such as using a reliable password manager to create and securely store unique and complex passwords for all your accounts.

These are some of the top cyber trends that are expected to come through in 2023. They illustrate why it’s crucial for your security team to gain real-world incident response experience so you’re ready for your next cyberattack. Contact Cloud Range for more information.