We’re finally done with 2022. The pandemic is mostly behind us, the world’s economy is rebounding and the year ahead looks bright. But as we move into 2023, it’s helpful to get some idea of what’s ahead, especially when it comes to data security and privacy, since they will control much of what happens over the next year. To find out, we asked several industry leaders what they expected. The consensus – things will not get better and they may get worse, perhaps much worse.
“Overall, organizations and individuals need to stay vigilant and proactive in protecting themselves from cybersecurity threats,” said Bryan Hornung, CEO of Xact IT Solutions, “as the landscape is constantly evolving, and new threats are likely to emerge.”
Hornung said that with the move to cloud storage and computing, the threats will change.
“There will be an increasing need to secure and protect this data from threats such as data breaches and unauthorized access,” he said.
What isn’t going to change dramatically are the targets of those attacks. According to Arti Raman, CEO and founder of Titanium, large corporations are still a favored target. In a recent survey of corporate security professionals, “these experts found that large corporations (41%) will be the top sector targeted for cyberattacks in 2023, favored over financial institutions (36%), government (14%), healthcare (9%), and education (8%). The fast-paced change has introduced new vulnerabilities into corporate networks, making them an increasingly attractive target for cyber attackers.”
One reason for the interest of attackers is the vast amount of personal data that is essentially free for the taking on corporate and social media platforms. “One of the biggest issues in data security that will continue to be an issue in 2023 has been the relentless sale and essentially open market for personal data from social media platforms,” said Art Shaikh, founder, and CEO of Circleit and DigitalWill.com. “We have seen breaches in several sectors over the past few years. The trend is slowly moving to more private technologies that are finding new ways to monetize their technologies. Until that is a more ubiquitous change, consumers using the majority of online tools are susceptible to hacks and data breaches. Private and secure platforms are being released, which will help keep data secure in the future.”
The Weak Economy
There are some key factors in the failure of things to improve materially. Ricardo Villadiego, CEO and founder of Lumu explains what those factors are.
“The economic crisis will drive cybercriminal creativity,” Villadiego said. “As economies flag, more people will turn to cybercrime as a source of income. This will drive further diversification, finding new vectors and attacking new targets – including, smaller businesses.”
And he said that one of today’s greatest threats will get worse. “Ransomware syndicates will continue to avoid prosecution,” Villadiego predicted. “Despite efforts to get back at the many ransomware gangs, such as in the Australian government targeting the perpetrators of the Medibank breach – we predict that ZERO ransomware gang will face prosecution. Besides being nearly impossible to track down, they often dismantle and return under a new name. Politicians won’t prioritize the issue of cybercrime for fear of becoming targets.”
The failure to find and prosecute cyber criminals will lead to a major breach, he said. “A major critical infrastructure breach will disrupt vital services,” Villadiego said. “Despite a concerted federal effort to shore up cyber preparedness, we are past due for ‘the Big One.’ Expect a cyber attack to disrupt access to water, electricity, gas, or the internet, in 2023.”
In general, the EU has been ahead of the US in codifying security requirements, but because most of the largest corporations operate in Europe as well as in the US, changes there has a global effect. There, the EU has put in place the Cyber Resilience Act, which can impose massive fines for failure to protect personal data.
Overall, 2023 doesn’t look great to anyone, except perhaps for cybercriminals. According to Sarah Hospelhorn, CMO at BigID, “2023 will be a huge year in data security: all signs point to more cloud data breaches as companies of all sizes accelerate cloud adoption – with native controls not able to keep up with the evolving threat landscape and threat vectors. The role of artificial intelligence and machine learning will continue to influence data security, as the technology becomes more advanced with automation and risk profiles bringing more actionable defense in depth to data.”
The expert view – be ready for significant breaches, and a lot of them.