This post is part of our 2023 cybersecurity prediction series.
Bec McKeown, Director of Human Science, Immersive Labs
Cyber resilience will come from people—not technology.
I believe that 2023 will be the year when enterprises recognize that they are only as secure and resilient as their people—not their technologies. Only by supporting initiatives that prioritize well-being, learning and development and regular crisis exercising can organizations better prepare for the future. Done correctly, by delivering the right training to the right people at the right time means that this can be done in a resource and cost-effective way. Adopting a psychological approach to human-driven responses during a crisis—like a cybersecurity breach—will ensure that organizations fare far better in the long run.
Kev Breen, Director of Cyber Threat Research, Immersive Labs
Automated attacks will rise + cybercriminals will get quicker in 2023.
As we look to 2023, I expect we’ll continue to see severe ransomware risks, as well as supply chain cyber attacks that pose massive threats. Also, the world is getting “smarter” daily, so it’s likely there will be an increase in automated attacks against home smart devices at scale, tapping into direct consumers more than we’re seeing now, which could, in turn, impact companies with remote workforces.
The number of reported common vulnerabilities and exposures (CVEs) in 2022 was the lowest it has been since 2016. It's difficult to know if this number is trending downward due to software vendors getting stronger at identifying vulnerabilities at the source or if researchers have gotten busier this past year and haven’t been reporting on this as much. Either way, we know researchers and threat actors will continue to find, publish, and exploit new vulnerabilities.
Cybercriminals are also getting quicker. To compound that issue we’ve seen that once a vulnerability is announced, it’s exploited within minutes to hours, not days to weeks. In 2023, the pace of the threat landscape will further quicken, and most defenders will find themselves one step behind, which is why proving cyber resilience and preparing for future risk are key.
###