As tech and cybersecurity professionals know, one year can make a huge difference.
While 2022 started with a technology employment boom, by the end of the year many of the big players (including Meta, Microsoft and Amazon) had started to pull back on hiring over concerns about the global economy, declining ad sales, inflation and rising interest rates. Cybersecurity, however, appeared immune to these trends. By year’s end, some reports put the number of open security positions at 700,000 in the U.S. alone.
While cybersecurity held steady when it came to career opportunities for tech professionals, the industry and the cyber threats that target organizations large and small are always in flux. Ransomware, for instance, remains an evolving problem with various players and new techniques detected nearly weekly.
As the calendar flips to 2023, cybersecurity experts and industry watchers are keeping an eye on several trends that have the potential to affect tech and security pros over the next year and impact how they approach their jobs and career aspirations.
Here is a look at seven cybersecurity trends tech pros need to watch in the coming year.
While cybersecurity has largely been spared the job cuts that have upended other parts of the tech sector at the end of 2022, the new year could change that equation. Over the last several months, economists and other financial observers have come to believe that a recession, even a “mild” one, will likely happen in 2023. The U.S. Federal Reserve and other central banks will also likely continue to raise interest rates, putting additional pressure on businesses and hiring.
Additionally, the war between Ukraine and Russia will certainly continue well into 2023, which will place additional pressure on the world economy, including gas and commodity prices.
This economic and geopolitical uncertainty will add to the risks organizations face. It means CISOs and other security leaders must adjust their plans to meet security challenges and threats to their infrastructure and data over the next 12 months, said Lucia Milică, global resident CISO at security firm Proofpoint.
“The growing complexity of our interconnected digital systems, combined with the economic downturn and war in Ukraine, has created a new type of worldwide systemic risk,” Milică told Dice.
“Major failure of any of the connected points due to ransomware attacks or other vulnerabilities can have a broad ripple effect, impacting multiple organizations,” Milică added. “The consequences of such failures grow ever more severe, from service outages and critical vulnerabilities to regulatory fines and lost revenues. Organizations are still trying to figure out how to invest resources to address their cybersecurity risks and systemic risk in today’s turbulent environment makes that a much tougher challenge, especially since it’s more difficult to detect.”
With the collapse and bankruptcy of cryptocurrency exchange FTX in November, the entire cryptocurrency market is now under a microscope. Additional concerns about what happened to the company’s money and the impact on its customers and investors have cybersecurity experts warning about phishing, deepfakes and other scams associated with FTX’s implosion.
This is one reason why cryptocurrency scams are likely to increase in 2023. Patrick Harr, CEO of security firm SlashNext, noted the FBI recently published a report that found senior citizens were especially vulnerable to phishing and other scams and frauds that use cryptocurrency as a hook.
These types of frauds are only likely to multiply over the next year, especially when combined with financial uncertainty about rising interest rates and inflation.
“We expect to see this trend accelerate in the coming year as we move into an economic downturn and recession, which will lead to still more desperation,” Harr told Dice. “Unfortunately, more seniors will fall prey to these kinds of get-rich-quick schemes as crypto scams from bad actors become more prevalent. In addition, service providers like GoFundMe will have an increased responsibility to verify the legitimacy of campaigns on their sites by putting in more brand protection controls. This goes back to questions such as: ‘How do you verify and validate if this is a real user, real campaign or real piece of information on the site?’ We may even see government regulation start taking shape to enforce this responsibility.”
Any tech or security pro who has heard the term “zero trust” over the past year can expect to hear even more about the concept in 2023.
The need for a zero trust approach—which eliminates the concept of the security perimeter and trusted identity—continues to grow as many organizations reconsider their security posture. Even the Biden administration has signaled its support for the concept.
Research firm Gartner notes in a report that zero trust network access will remain the fastest-growing segment in network security, with growth pegged at 36 percent in 2022 and 31 percent in 2023. Much of this is “driven by the increased demand for zero trust protection for remote workers and organizations’ reducing dependence on VPNs for secure access,” the report noted.
“As we move into 2023, organizations will likely take their zero trust program beyond some of the core components that included the identity, device, and network levels,” Corey O’Connor, director of products at DoControl, told Dice. “The principle of least privilege needs to be enforced deeper down the technology stack. Zero Trust is something that can never be fully achieved, it’s more a continual evolution that brings an organization closer to ‘never trust, always verify.’”
While quantum computing might still seem like a faraway concept, security experts note that the technology continues to advance and that quantum is likely to become a security threat at some point.
In 2022, the White House issued an executive order about quantum computing that outlined the technology’s security threats. Congress is considering legislation around the tech, and agencies such as the Department of Homeland Security and the National Institute of Standards and Technology have created working groups to study the issue. And while quantum is likely to remain within the realm of governments and highly specialized technology firms, cybersecurity and tech pros must follow these developments.
“Many nations and attackers believe that quantum is the future of cyber power which has started a race to develop the strongest capabilities in this area. However, this comes with a big risk as the technology has the potential to cause huge disruption and damage if it falls into the wrong hands,” Chris Vaughan, vice president of technical account management for EMEA and South Asia at security firm Tanium, told Dice.
“Western governments and companies hold some of the most cutting-edge research in this area and it needs to be protected,” Vaughan added. “The cybersecurity sector should be keeping a close eye on this because whilst overall adoption of the technology is still relatively low, it’s increasing steadily.”
The fight over who has access to data and how identity can be compromised will continue to intensify in 2023, especially as organizations struggle with users who have multiple passwords and cybercriminals continue to use compromised credentials to force their way into networks.
These are some of the reasons why experts see multifactor authentication (MFA) exploding in use in 2023. For instance, GitHub noted that it will require at least two-factor authentication for its community users in the new year, and other organizations are likely to follow this and other examples.
“Several businesses this year have fallen victim to compromises and having data stolen and sold or encrypted by ransomware, many from the use of an active compromised credential and no MFA in place,” Brad Crompton, director of intelligence for Intel 471’s Shared Services, told Dice. “Having MFA in place can often thwart attacks in their early stages, saving businesses thousands, if not millions, of dollars, preventing sensitive data being leaked and preventing reputational damage. Moreover, monitoring the underground for compromised credentials and ensuring that a strong password policy which prevents the re-use of old passwords is in place, would limit the success of a significant portion of attacks.”
Depending on your point of view, deepfakes can either be amusing, such as when a video surfaced of President Biden appearing to sing “Baby Shark,” or malicious, including a faked video of former FTX CEO Sam Bankman-Fried being used as a ploy to defraud investors.
No matter the intent, deepfakes are becoming harder to spot and a greater security concern for researchers attempting to spot frauds and scams.
“In 2023, deepfakes will become so authentic that not only will we see our digital identities being stolen, but also digital versions of our DNA. Exposing our digital DNA on the internet will enable deepfakes to replicate and create digital humans,” Joseph Carson, chief security scientist and advisory CISO at security firm Delinea, told Dice. “It is only a matter of time before attackers can create lifelike digital avatars of anyone, and it will be incredibly difficult to identify the difference without technology to analyze the source data.”
With the financial damages from cyber threats expected to top $10.5 trillion annually by 2025, according to one report, organizations of all sizes must invest more in their defenses and hire the talent needed to fend off these attacks.
For small and midsized businesses, however, competing with larger enterprises for talent is a tall task. With an economic downturn expected next year, finding the money to invest in cybersecurity will likely prove difficult for many organizations.
These issues are happening at a time when small firms are increasingly targeted by cybercriminals and threat actors at a much higher rate, which will require new ways to confront these issues, said Darren Guccione, CEO and co-founder at Keeper Security.
“The U.S. Small Business Administration reports small businesses make up 99.9 percent of all U.S. businesses. Yet, we’ve all seen the news headlines and read the stats—many SMBs are just one cyberattack away from being forced to shut their doors,” Guccione told Dice. “In 2023, cybersecurity vendors will put greater focus on the highly exploited SMB market, providing the cyber defense tools it needs. For both enterprises and SMBs, in 2023, we will see cybersecurity solutions that are simpler to provision by IT departments, easier for the employee to use and more cost-effective.”