The discussion of cyber security has grown beyond the IT department and now includes the entire C-suite as well as the Board. As the number of attacks has increased and the stakes grow regarding penalties and reputation, it has become a top issue for businesses of all sizes.
Increased vulnerability is causing headaches and expenses due to numerous societal shifts – whether it’s the proliferation of the internet of things (IoT) in every aspect of business and society, or the widespread adoption of home and remote working that began during the Covid-19 pandemic and has persisted in many organizations.In this tumultuous climate, it’s a safe bet to say that 2023 will be a year in which cybersecurity remains top of mind. As such, we may expect the following major developments:
Boaz Gorodissky, CTO & Co-Founder
“Customer networks will become increasingly complex in 2023 as companies continue to move their critical assets to the cloud environment. . Attackers will try to compromise those assets, mostly by starting on-premises and trying to ‘jump’ from there to the cloud. The complexity of the networks will also cause more misconfiguration errors, creating a greater need to find, analyze, and prioritize the most severe mistakes.”
Matt Quinn, Technical Director for Northern Europe
“One trend that will be massive in 2023 is that many organizations will rethink their whole vulnerability management process, as it is currently broken industry-wide. Enterprises will instead start to look for approaches that identify exploitable vulnerabilities within their environment, in order to drive greater efficiencies.”
Sascha Merberg, Technical Director DACH
“Despite the plethora of reactive tools that are meant to stop a breach while in progress, organizations will continue to be breached. It doesn’t matter how good their cyber hygiene, endpoint protection or event analytics are. In addition, digital transformation and WFH have not just expanded the attack surface, but created completely new ones that are difficult to control and intertwined with core business processes – like the home computer an employee might use to connect to a company’s ERP system.
The need to understand how an attacker could move through their network is more important than ever for businesses. Instead of adding layers of noise generated by reactive tools and overloading already overloaded teams, organizations must utilize solutions that help predict attacks and focus on what is most relevant, both operationally and strategically.”
Shay Siksik, VP Customer Experience
“Attackers will rely less and less on CVEs, instead using identity theft, passwords, and misconfigurations to enter and move within networks. Some of the recent attacks we have seen, for example on Uber, did not use CVEs at all.”
Zur Ulianitzky, VP Research
“In 2023, Microsoft Active Directory (AD) will continue to be a major risk. Ransomware groups are here to stay, and AD is a huge attack vector they are exploiting in order to move laterally.
Vulnerabilities will also continue to have a major impact. Mail servers in particular are a primary goal for attackers. We have seen publicly exploited vulnerabilities like ProxyNotShell during 2022, and will continue to do so in 2023.
As organizations continue to adopt cloud services, the connectivity to the cloud is growing larger. That means that multi-connected systems such as Kubernetes and the cloud will be major vectors that will be exploited by hackers.”
Tobi Traebing, Technical Director EMEA
“I think we will see an increase in ransomware attacks/families and “professional ransomware,” as well as more widespread impacts. OT / IoT will also be an active target for threat actors using tools like wiper malware.”
Rinat Villeval – Manager of Technical Enablement
“The market is struggling to hire good cybersecurity teams, and there will be a lot of budget cuts in 2023. To combat this, companies will need to invest in team efficiency, including security solutions that will make the team’s work more efficient. Cyber threats are also growing even more rapidly because of the economic downturn globally, so companies that invested heavily in security controls before the ‘boom’ and in costly incident response activities afterwards will need to increase investment in the preventive realm to justify cyber insurance.”