Vaporvm is announcing our 2023 cybersecurity forecasts with the beginning of a new year! At Vaporvm, this has become a tradition as our executives share cyberthreats that businesses throughout the world may encounter.

Looking back on our security forecasts for 2022 and 2021, many of them did come true! We have some ideas to share regarding new or changing threat strategies this year, as well as forecasts for the difficulties organisations will face and possible solutions.

Eight cybersecurity forecasts for 2023

We’ll go into detail about cybersecurity forecasts for 2023 in this blog. You can also join our webinar with vaporvm security experts to learn more about the forecasts and get advice on how to be ready for anything may happen.

Supply chain assaults will remain one of the major dangers to businesses utilising open-source software.

Organisations should be on high alert for supply chain attacks if they employ open-source software. When it comes to taking use of open-source software and code, hackers have gotten more strategic in recent years. Nothing will change in 2023. To fully comprehend the code’s vulnerabilities and the best strategies for exploiting them, malicious actors carefully scrutinise the code and all of its parts.

The majority of people believe that “supply chain attacks” refer to an attack on the physical pipeline that prevents people from producing tangible goods. Attacks on the software supply chain are analogous to physical world attacks in nature. Libraries, executable code, and code snippets are all tools used by developers to finish software projects. The developer’s final product becomes a vehicle for threat actors to compromise it and perhaps get access to the system that houses the programme if those components are hacked and malicious code is placed into them.

In 2023, malicious actors will target open-source vendors with low hanging fruit in an effort to compromise the global supply chain that relies on third-party code. Attackers will upload malicious code to the chrome stores and open-source repositories, then wait for developers and other end users to download the updated sources and plugins. Companies will remain vulnerable if there is no reliable scanning programme and no “curated zone” for source code and plugins.

Cyberattacks will increase when the economy is weak.

“Organisations need to be acutely aware that when it comes to malicious attackers, we’re not talking about machines or software programmes being on the receiving end of this; rather, we’re talking about creative human beings who are motivated and will do whatever it takes to achieve their goal of receiving more money. Threats will unavoidably change as organisations scale back operations while balancing international turning points and Russia’s conflict in Ukraine. This is because hackers will take advantage of the recession to step up their attack strategy. Therefore, it’s imperative that all organisations adopt endpoint technologies and other preventative security solutions into their overall security strategies.

The creators of ransomware will quit encrypting files in favour of damaging them.

Ransomware has been an attack vector that has undergone constant growth over the years, and it may be the one threat that consistently keeps CISOs up at night. Ransomware attacks will shift their focus from encrypting data to damaging it in 2023. Data corruption is faster than full encryption, and writing the code is more simpler because you don’t have to worry about managing complicated public-private key pairs or providing complicated decryption code to undo the damage when the victim pays up. The idea of damaging the data rather than going to the trouble of encryption has several advantages because practically all ransomware operators already participate in double extortion, which means they exfiltrate the data before encrypting it. The ransomware operators will be in a stronger position if the organization’s data is corrupted and there is no backup and the organisation is forced to choose between paying the ransom or losing the data. Therefore, it is now more important than ever to back up important business data.

Budget discussions for cybersecurity will centre on protecting important corporate assets

“In hard economic circumstances, an organization’s c-suite will be focused on reducing what they see as non-essential costs. It’s crucial that management properly considers and comprehends what they are safeguarding from a business viewpoint when thinking about cybersecurity expenses.

As cyberattacks increase, I predict that more organisations will increase their reliance on cutting-edge prevention and detection techniques to stay safe and will strive to consolidate cybersecurity capabilities whenever possible.

Businesses will review and increase end-user awareness training.

As the year comes to a close and so many businesses have fallen prey to social engineering scams, more businesses will look to invest in end user security training. The use of phishing and other social engineering techniques, as well as multi-factor authentication (MFA) fatigue, has resulted in breaches at some well-known companies over the past year, including Microsoft, Cisco, and Uber.

Many attacks today have advanced past the fundamental phishing techniques that end users are trained to recognise thanks to threat groups like Lapsus$ using bribery tactics to entice credentials from internal users. Organisations will review their training initiatives to make sure that users are familiar with the extortion and bribery techniques used in the most recent social engineering scams. Threat actors are always looking for new ways to access networks. Companies who are worried about their security postures will make sure to inform their users about new dangers.

The burden of upcoming security standards will be felt by organisations.

A number of new cross-sector cybersecurity performance goals (CPGs) have been developed as a result of the joint work of the Cybersecurity & Infrastructure Security Agency (CISA) and National Institute of Standards and Technology (NIST) in recent years, and organisations have already started to execute them. To assist organisations in managing and reducing risk, the NIST is continually refining its cybersecurity architecture. Although these requirements are intended to make organisations stronger, achieving full regulatory compliance can be challenging. In 2023, as more organisations try to adapt these new security standards, there may be a frenzy of activity due to the complexity and increased desire for federally enforced compliance.

Competitors within industries will imitate their counterparts’ security strategies.

“Each industry frequently believes that malicious actors pose the greatest threat to it. Although each industry can undoubtedly make its case, we are noticing a general trend of stagnation in security maturity. So how do businesses decide when to update their security policies? For the majority, it begins with a detailed examination of the opposition. No one wants to feel less safe or prepared than their rivals, therefore we’re observing a tendency of businesses comparing themselves to their industry peers inside specific industries. In the coming year, competition will spur security advancements in the same way that it drives change in goods and services. In 2023, organisations from a variety of sectors will be compelled to reassess their security maturity and IT budgets due to the escalating possibility of security events.

In order to better manage security, organisations will resort to subscription and managed services.

“Creating an IT budget has become more difficult over the last few years, which has been exacerbated by the industry’s skills gap, and 2023 appears to be no different. Executives are faced with a variety of challenging budgeting considerations as a result of widespread economic uncertainty that has affected practically every sector. In the end, businesses will strive to accomplish more in 2023 with the same, or less, in many cases. Subscription and managed services are given top priority in organisations’ security budgets as one means of achieving this goal. To bridge internal skill gaps and support organisational security objectives including boosting maturity, enabling 24-7 visibility, and improving threat detection and response, lean IT teams will resort to these services.

In 2023, improve your security measures.

Join the vaporvm executive and security leaders in our forthcoming predictions webinar to learn more about anticipated security risks and trends for 2023.

The industry has no shortage of difficulties to face, therefore if your security operations centre is prepared to streamline defences, arrange a demo with vaporvm to find out how we can help you more effectively counter the most recent threats.