December 19th, 2022
8 predictions for cybersecurity in 2023 and beyond
At LimaCharlie, we believe the cybersecurity community contains a tremendous wealth of expertise, intelligence, and wisdom. It’s one of the main reasons we do what we do as a company: give cybersecurity professionals the tools and infrastructure to build their own solutions, and full control over and visibility into their security stack.
During these conversations, we often ask our guests to offer some thoughts on what lies ahead. In this post, we’ve rounded up eight of their predictions about the future of cybersecurity. We hope you’ll benefit from our guests’ experience and insight as much as we have.
A recession that hits clients hardest
In a roundtable discussion in September, our participants shared some thoughts on what the year ahead holds for both cybersecurity companies and their customers. Paul Caiazzo, Chief Growth Officer at SnapAttack, predicted:
“There is going to be a retraction in the economy, but I think security, in general, is fairly well insulated from that. We always have a bad guy to stop.”
Interestingly, Paul says that the biggest impact of a recession on cybersecurity companies may be an indirect one—driven by customers that are experiencing harder times:
“Organizations that are feeling the stronger economic pains are the ones that are going to be pushing us on cost and commoditization of our services—and that gets tricky from a competitive standpoint when we're trying to win the same set of customers.”
Increased cyber risk for businesses
Another of our roundtable participants, Ariel Ropek, Director of Cyber Threat Intelligence at Avertium, pointed out that there is one group that might not be significantly affected by a recession: cybercriminals. As Ariel explained:
“If you look at the threat actor economy, it's as booming as it's ever been. The network of ransomware-as-a-service organizations, their network of affiliates, the network of initial access brokers, all feeding into each other. There's really a business-minded economy on the adversary side. So while we're thinking about maybe cutting costs or tightening our budgets to adjust for a shrinking economy, the threats out there really aren’t. They're innovating, and thinking more and more along the lines of a business.”
Ariel also noted that this disparity between threat actors and their targets may spell increased risk for suffering companies:
“I think as organizations start to tighten their budgets around security, the economic factors actually increase the risk of a cyber attack. Whereas before, when the economy was good, you might have been able to afford to pay a ransom and continue to run your business, you might face a different situation now—where a significant cyber event actually puts your company out of business because of those increased economic factors.”
For the complete roundtable discussion, see: How MSSPs can overcome challenging and uncertain economic times.
A worsening threat landscape
Economic considerations aside, one cybersecurity professional we interviewed sees trouble ahead, both for organizations and for cyber defenders, simply because of the way business is evolving. Simon Eklund, a DFIR expert and head of CERT at Telia, made the following prediction:
“It will get worse. I have no reason to think otherwise. There's the increased digitalization and increased moving of assets into the cloud, or into technologies that [companies] and maybe even the vendors don't understand. And the entire community is reliant upon those assets—along with global interconnection and increased instability.”
An unsettling prospect, but we have a hard time disagreeing with Simon given the current state of the world. In the rest of the interview, Simon did share some thoughts on what companies can do to prepare for the coming challenges, and talked about sources of inspiration and positive trends in cybersecurity as well.
A spike in CI/CD pipeline attacks
In terms of the exact nature of these coming cyber threats, another DFIR professional we spoke to made a very specific prediction—one that came true shortly after our interview.
“I think we’ll see an uptick in attacks on the CI/CD pipeline—and in geopolitical-based cyberwarfare. We’re seeing it now. And I think it gets worse, not better.”
Before we even had a chance to publish our interview with Kimber, news broke of a major GitHub incident in which an attacker stole credentials for around 100,000 npm accounts.
In the rest of our interview, Kimber discusses why the CI/CD pipeline makes such a tempting target for adversaries—and also how her Mock Interview and Resume Review (MIRR) workshop initiative is helping to bring new defenders into the cybersecurity workforce.
For an in-depth discussion of CI/CD pipeline threats, see our blog post: CI/CD pipeline attacks: A growing threat to enterprise security.
The expansion of crypto hacking
In a second conversation with SnapAttack’s Paul Caiazzo, Paul shared his thoughts about the evolution of the cybercriminal ecosystem:
“We're going to see more focus on the direct theft of cryptocurrency. I think it's only going to increase, even with the crypto crash…because the sums that we’re talking about being able to directly steal are just colossal: hundreds of millions of dollars in one op, rather than a couple of million dollars in a ransom.”
Paul also raised the prospect of an expansion in nation-state cryptocurrency theft:
“I also wouldn't be surprised to see other sanctioned nation states adopt the approach North Korea has. When you look at sanctioned nation states like Russia, or Iran, they've got to generate income somehow…I have to think that these nation states with highly advanced capabilities in cybersecurity are developing that capability too against cryptocurrency specifically. I think that's almost certain to happen.”
Considering the recent reports about faltering economies in sanctioned nations, we’d say that Paul’s predictions about nation-state crypto hacking will be important to keep in mind in 2023. To learn more, watch our full interview with Paul Caiazzo.
No respite from industry marketing hype
Shifting to a somewhat lighter issue in cybersecurity, we also had a prediction about the industry’s sales and marketing practices. Chris Gebhardt, CISO and Cybersecurity Practice Leader at Synoptek, says:
“I'll tell you the one thing you won't see in 2023: a zero trust product. Zero trust architecture is an absolute thing—and I like it, I enjoy it, I think it has a lot of merit. But when you come to me and say you have a zero trust product? No, that's hype. That's marketing hype. So in 2023, we're going to see lots of ‘zero trust products’ that don't really exist. To borrow a term from the 80s and 90s: vaporware.”
Sadly, we’d tend to agree that Chris’s prediction is likely to come true, because there’s still far too much hype in cybersecurity product marketing—just as there is too much of a “just trust us, you’re safe” mentality permeating the cybersecurity sales culture of the largest vendors.
In the long term, however, we do see cause for optimism. As more and more organizations demand provable security from their cybersecurity vendors, and as an increasing number of security professionals adopt an engineering-centric approach to cybersecurity, the effectiveness of hype-based marketing in the industry should diminish.
To hear Chris’s thoughts on other topics, watch the complete interview.
More buy-in in the boardroom
Turning to some positive predictions for the future, security expert and ThreatKey CEO Jonathan Haas finds reason to believe that cybersecurity will be taken more seriously at the highest levels of the enterprise:
“We’re going to see more of a focus on cybersecurity at a board level. I think that will be something that continues to be more common as businesses are going more and more online—you’re just going to see more people care.”
This could be one ray of hope if the economy heads into a recession, since board awareness of the value of cybersecurity spending might help to stave off risky cutbacks.
In addition, Jonathan says that external pressures may also drive companies to take security more seriously:
“We're going to see more regulatory restrictions pushing companies to really focus on security. These are your assets. You're collecting this information from consumers. You're collecting this information from businesses. You have a responsibility to secure it. It is your responsibility to be able to steward the data.”
For Jonathan’s views on what needs to change in cybersecurity, how to address the cybersecurity skills gap, and other topics, read the full interview.
Diversity in cybersecurity will improve
Dr. Joseph told us that he sees positive changes coming to the makeup of the cybersecurity workforce:
“I predict a much more diverse cyber workforce. I see a lot of work being done by groups such as the Black Cybersecurity Association, as well as some for women, in particular is Women in CyberSecurity (WiCyS). I’m starting to see a lot more initiatives, programs, and training—many of which are free or low cost.”
That’s one prediction we think all of our readers—and certainly all of us here at LimaCharlie—would like to see come true in 2023.
Read the rest of our interview with Dr. Joseph here. For concrete steps cybersecurity organizations can take to improve diversity in the industry, see our blog post: Why does diversity in cybersecurity matter?
The road ahead
We’d like to thank all of our podcast guests, roundtable and webinar participants, and interviewees for sharing their expertise and their thoughts with us over the past year.
We hope you’ve enjoyed this look at what’s in store for cybersecurity in 2023. If you’re interested in hearing some of our own reflections and learnings from 2022—as well as what the future holds for LimaCharlie—we invite you to join us for a live fireside chat on January 11, 2023 at 10:00AM PT / 1:00PM ET.