The Future of Cybersecurity: 2023 and Beyond

2022 was an eventful year in the world of cybersecurity. From Twitter firing a large portion of its security team, to the five anniversary of WannaCry, to the cyber attacks of the Ukraine war, there hasn’t been a day in which technology news hasn’t made headlines. It seems almost inevitable that 2023 will also see technology, and particularly cybersecurity maintain its prominent position in public discourse.

  • 1 year ago Posted in

Rising Costs 

2023 is already lining up to be the year of rising costs and the cybersecurity industry is not immune. However, in combination with the rising cost of living and energy, those in cyber have another key increase to combat: the rising cost of data breaches. 

Gal Helemski, CTO and Co-Founder, PlainID explains, “since the data access control space is still in its early stages and rely mostly on older techniques such as role based controls, and usage of system accounts. The need to work with data and collaborate with data is increasing, and with that also the risk of breaches”. As a result of these rising costs, it also seems likely that insurance companies will become more opposed to paying out on claims. Sam Humphries, Head of Security Strategy EMEA, Exabeam posits, “in the coming year, I believe we’ll see considerably more legal test cases with cyber-insurers refusing to pay out for a myriad of reasons including poor cyber-hygiene, nation-state sponsored attacks, and inadequate organisational response to ransomware. The latter will be particularly interesting, given the recent shift to extortionware, which has significantly increased the risk of data being leaked, and therefore invites the wrath of the compliance gods”. 

Changing Legislation 

The world of cyber is highly influenced by governmental legislation and in recent years, especially for the UK, there have been notable changes that will continue to affect the sector in 2023. Jakub Lewandowski, Global Data Governance Officer at Commvault suggests that “businesses should be beginning to prepare for the Digital Operational Resilience Act (DORA), focusing on ICT risk management in the financial sector, that was passed at the end of November 2022. Brussels also kicked off work on the Cyber Resilience Act that will introduce mandatory cybersecurity requirements for manufacturers and retailers of products or software with digital components. Both legislative developments act as perfect reminders of the need to assure the ability to withstand, respond to and recover from all types of ICT-related disruptions and threats. Any business that has connections to the EU market will have to comply, so I predict that the UK may soon follow suit with similar regulations”. 

Consolidation of Tools

A particularly key trend that will likely emerge this year is the consolidation of tools used by IT teams. Sharon Eilon, Chief Customer Officer, Aqua Security poses that, “a major priority for CISOs in 2023 will be taking steps to consolidate tooling for streamlining security efforts and increasing ROI on their security spend. With economic constraints increasing over the next 12-18 months, there will be even more pressure for CISOs to quantify the value of their toolsets, and vendors that cannot offer proof of value will struggle with renewals. A key area where they will look for consolidation will be in the cloud and in application security arenas”. 

Donnie MacColl, Senior Director of Technical Support / GDPR Data Protection officer at Fortra continues, “we are already seeing many organisations taking action and consolidating their vendors. However, a large number of businesses are also making the decision to consolidate and merge their solution providers. Companies are becoming very aware that, after reviewing and understanding the functionality of their solutions, one supplier is capable of providing much more value than they are currently receiving from two separate ones. Organisations can then combine  solutions together, creating a much stronger proposition. For example, a vulnerability management solution can pass prioritised vulnerabilities to an automation tool to perform remediation tasks, as opposed to displaying the vulnerability on a screen and waiting for a person to manually step in”. 

Focus on Phishing

Unsurprisingly, it seems 2023 will continue to see phishing attacks as a primary focus for security teams. Patrick Beggs, CISO, ConnectWise explains, “with 90% of malware delivered via email, and the 20% increase in the incidence rate of phishing attacks from the previous year, MSPs are being targeted more frequently than any other time in history according to ConnectWise’s 2022 MSP Threat Report. These threat actors are relentless, not to mention amoral, and they will seek out and exploit any vulnerability they can find”. 

"Extremely targeted phishing will prevail including voice-cloning”, expands Daniel Marashlian, Co-Founder and CTO of Drata. “Spear phishing is already becoming extremely targeted, and attacks are moving into messaging platforms and even using voice messaging. We are now seeing these attacks leveraging services like Slack, and employees are even receiving phone calls from attackers using voice-cloning to impersonate executives. To address these sophisticated attacks, organisations will move towards API-based email solutions rather than the traditional gateways used today. There also needs to be a shift from putting a policy in place to putting technical controls in place. Policy is only helpful after the fact. By putting actual controls in place, human error can be addressed before it happens”. 

Ransomware, Ransomware, Ransomware

It has been suggested that we live in the “golden age” of ransomware. “In the past several years, major data breaches and ransomware attacks have had a profound impact on organisations across the board, from financial implications to brand reputational damage”, explains Neil Jones, Director of Cybersecurity Evangelism at Egnyte. “In 2023, I anticipate the increased involvement of executive and corporate communications teams when it comes to responding to cyber threats. This will discourage social media complaints and traditional media reports from driving the narrative for organisations that are already reeling from major attacks, which almost always makes their bad situations worse. A formal incident response plan must be in place for executive management to refer to immediately in the event of a breach, and it needs to be systematically practised via tabletop exercises before an attack occurs. Customers, employees, and business partners also need routine recovery updates to avoid negative posts on public platforms like social media and feedback forums.”

Christopher Rogers, Technology Evangelist at Zerto, a Hewlett Packard Enterprise company continues, “the rising frequency of ransomware attacks has also created a shift in public opinion when it comes to breaches. Organisations are now all too aware that cyber attacks have become an inevitability rather than a possibility - it’s no longer a matter of ‘if’ but ‘when’ disaster will strike. As a result, more and more businesses are investing significantly more into disaster recovery and backup solutions.

With recovery being such a priority, CDP (continuous data protection) will be vital for companies in the new year. Backing up data without interruption takes the sting out of ransomware attacks - as data can be restored and operations brought back up and running in seconds or minutes rather than hours or days”. 


By Alasdair Anderson, VP of EMEA at Protegrity.
By Eric Herzog, Chief Marketing Officer, Infinidat.
By Shaun Farrow, Security Practice Lead at Bistech.
By Andre Schindler, GM EMEA and SVP Global Sales at NinjaOne.
By Darren Thomson, Field CTO EMEAI, Commvault.