blog posts

Gartner And Forbes Predictions For The Security Industry In 2023

Gartner And Forbes Predictions For The Security Industry In 2023

In General, The World Of Cyber Security Is A Reactive Industry. However, Every Year, Experts From Well-Known Institutions, Such As Forbes, Gartner, And Similar Examples, Make Predictions About The Prevailing Technology Trends, And The Strategies Hackers Will Use In The Coming Years To Attack The Infrastructure And User Systems.

These predictions provide good clues to security experts to take the necessary measures to deal with these attacks.

In this article, we will learn about the predictions made about the cybersecurity industry in 2023 and beyond.

Forecasts made by Forbes magazine

Based on his knowledge and experience in the cyber security industry, Christopher Prewitt, chief technology officer of Forbes, pointed out some interesting points and believes that some predictions will come true in 2023 or the coming years while others are rooted in false beliefs.

Artificial intelligence and machine learning are becoming weapons in the hands of hackers.

Prewitt believes that the above prediction is wrong. “It’s not that hackers can’t exploit artificial intelligence, machine learning, and more advanced methods; it’s just that they don’t need to,” he says.

Successful attacks on companies like Uber, Twitter, and other major IT companies have shown that simple supply chain attack patterns, commercial email phishing, and authentication-driven attacks still pay off well for hackers. Security experts have devised new ways to deal with multi-factor authentication attacks and complicate infrastructure attacks. However, these traditional mechanisms for coping with threats still have vulnerabilities that hackers can exploit.

Ultimately, he points out why a hacker should spend his time building data tables for a machine learning engine when he can send a Word document infected with malicious macros to several employees in an organization and what is needed. It has to reach

Government regulations will increase.

He believes that the above prediction is correct. As a new memorandum of understanding between the United States and the European Union has been ratified, changes in international privacy requirements will continue. In this regard, new security regulations will undoubtedly enter the tech world from the SEC.

Also, we legislative bodies will likely pass more executive orders, and we will be asking for more material on this matter. Of course, there is a possibility that due to the large number and complexity of these laws, a significant part of them will not find an executive guarantee.

He says: “Since the law was passed to send an acceptance message to all cookies, and websites had to inform the user when they use cookies, until today, there has been no real change. It is unlikely that this issue will change significantly in 2023.”

Hacktivism is on the rise.

This prediction is correct. From the point of view of cyber security, the tension between different governments causes an increase in large-scale cyber attacks against civilians. So that some organized hackers carry out hacking operations against the citizens and infrastructure of other countries; hackers who attack different countries’ military, economic, and social infrastructure for fun and curiosity will make these attacks in the future for various reasons that will have unpredictable results.

The attack on smartphones is getting more intense.

Prewitt believes this prediction is somewhat wrong because there will always be attempts to attack smartphones, but attacks on these platforms will not be as widespread as experts predicted.

Apple and Google have put a lot of effort into securing their devices, which is why mobile operating systems face fewer security risks than desktop operating systems. Also, users change their smartphones every two years, so if a vulnerability is found in older smartphones, hackers cannot exploit it because users are not using it.

Zero trust models will impact the world of cybersecurity.

This prediction is correct. As more organizations abandon on-premise data centers and move to cloud infrastructure, they will turn to zero-trust security to improve security and prevent cyber attacks. This issue will cause fundamental changes in the way of conducting penetration tests and securing organizational networks in the future. For example, Cloud Workload capacity and zero trust model interacting with each other will remove the concept of the network edge. They may remove the dependency on some common network security mechanisms.

The arrowhead of hacker attacks will be toward the cloud

This prediction is incorrect. Cloud service providers are constantly exposed to cyber-attacks and hacking. A wide range of companies active in cloud services have experienced this problem in the past, but it is unlikely that we will see attacks on a large scale. Cloud consoles are likely to be the next big target of hacker attacks.

Because organizations transfer workloads and servers to the cloud, these infrastructure IT equipment are transferred to the lower layer of the organizational network with a virtual nature, which improves their security. In the past, we have seen various cases of attacks on cloud infrastructure. Still, as less experienced companies migrate to the cloud, more reports of attacks on cloud infrastructure will be published. Still, it will not become the primary trend in cyber security.

The active response becomes the default defense doctrine of organizations.

This prediction is correct. Looking back, cyber security has shifted its approach from preventive access controls to diagnostic access controls. However, timely warnings and responses have not prevented the severity of threats from being reduced. Because of this, systems will likely use locked accounts, forced password resets, or other methods to combat data leaks. In this case, security experts will have enough time to evaluate their performance and respond to attacks in real-time. If the situation gets complicated, we can expect these features to become the default settings, and most platforms will deal with threats based on proactive and automated responses.

5G technology will reduce cyber attacks

This prediction is somewhat wrong. 5G technology which can build private networks, prevents clients from directly connecting to the Internet. It allows some technology providers to improve their security mechanisms based on this technique. Of course, we have seen that increasing the bandwidth of 5G alone has not been an effective solution to deal with threats. However, 5G will likely give hackers more opportunities to attack networks, especially IoT equipment. This issue is not a security flaw but is rooted in simple mathematical calculations. As the number of online devices increases, so does the number of cyber attacks.

Governments will pursue cyber security more seriously

This prediction is correct. In 2022, various reports were published about the theft of business information of large and military organizations in multiple countries. These reports show governments will spend significant funds improving cyber security in the new year.

Cyber ​​insurance is helping more companies.

This prediction is incorrect. The cyber insurance market in 2022 witnessed drastic changes. Insurance rates increased, making fewer users willing to insure infrastructure. Of course, it is expected that in 2023, new requirements and laws for cyber insurance will be adopted in different countries, and some actions in the field of cyber security will be included in the subcategory of cyber insurance, the most important of which should be mentioned mandatory external vulnerability scans and third-party validation. did

One of the biggest problems large organizations will face in 2023 is rising cyber insurance premiums. In the first quarter of 2022 alone, cyber insurance premiums increased by almost 28% compared to the fourth quarter of 2021. One of the reasons for the increase is that companies are more aware of heavy fines and damage to brand reputation due to cyber incidents such as ransomware attacks, data breaches, exploitation of vulnerabilities, and the like.

At the same time, underwriters have also made the requirements for obtaining cyber insurance more stringent, requiring companies to comply with two-factor authentication and adopt certain technologies such as EDR, XDR, and others.

While before this, the documents and questionnaires related to cyber insurance were summarized in only two pages; now, the audits have become stricter and include more than 12 pages.

Due to the emergence of geopolitical issues, in addition to the cyber threats that companies constantly face, companies prioritize the protection of their most critical assets (including their reputation). Because of these issues, companies will likely obtain cyber insurance from any vendor or a third party they work with. In 2023, the demand for cyber insurance will increase, increasing the prices and requirements for obtaining these insurance policies. However, in 2023, we will most likely see an increase in demand due to the increased occurrence of supply chain problems.

Recession reduces the costs of training programs in the field of security.

Despite the idea that cybersecurity may be a recession-proof industry, some professionals will likely struggle during an economic downturn. We do not see budget cuts in cyber security, but sectors such as education may lack education funding. This decrease is not only specific to the training of employees but also affects the budget allocated for training and increasing the skills of specialists. This industry is currently facing a skills shortage; unfortunately, due to the increased demand for skilled cybersecurity professionals, we will likely face a shortage of experienced professionals in 2023.

Security managers will increase their focus on cyber resilience.

“While protecting organizations against cyber threats is always a top priority in security programs, we anticipate that security managers will increasingly focus on cyber resiliency, which includes planning for recovery,” said Michael Adams, CIO of Zoom. And continuity in the event of a cyber incident. “Security managers will not only invest in protecting resources against cyber-attacks but also in people, processes, and technologies to mitigate the devastating effects of a successful attack and continue operations in the event of a cyber-incident.”

Gartner’s Cybersecurity Predictions

The focus and emphasis on data privacy laws, dealing with ransomware attacks, physical protection of systems, and performing various audits will interest managers of large organizations. In addition, companies will adopt new crisis management policies. Gartner raises an essential question: how organizations and companies should ensure their customers are safe from online fraud? This is a question that senior security and risk managers should seek an accurate answer to in 2023 and adopt comprehensive plans in this field.

Developing cyber-physical systems, including strategies integrating the cyber and physical worlds for technologies such as self-driving cars, will create new security challenges for organizations. One of the most important predictions for the coming years is how hackers can target these systems.

“We’re used to approaching new problems based on old ways of thinking and old solutions,” Gartner analyst Sam Olyai noted in his speech at the 2022 Gartner Symposium. We need to ensure that our thinking, philosophy, programs, and policies align with the current developments in the world of technology.

Approval of new data protection laws

Security and risk management have become an essential topic at the highest levels of organizations. Security breaches have become more common and sophisticated, so new laws must be enacted to protect consumers and businesses.

Gartner analysts believe the cyber industry will emphasize more decentralization, increased regulations, and legal requirements in the next few years. So that by the end of 2023, stricter data privacy laws will be adopted, which will affect how to access the information of at least 75% of online users worldwide.

Protection Act) and California’s Consumer Privacy Act. GDPR was the first important consumer privacy law. Still, other laws were quickly adopted, the most important of which is the Personal Data Protection Act in Turkey and the General Personal Data Protection Act in Brazil.

These rules indicate that organizations should be more careful about automating privacy management systems that host data. For example, based on GDPR rules, you can standardize security operations to avoid heavy fines from international organizations.

By 2024, organizations implementing a network cybersecurity architecture will suffer fewer losses.

Today, organizations use different technologies in different places and need a flexible security solution. So they have to secure the communication networks to implement the authentication process accurately and get a comprehensive view of the operations performed in the organizational network. The above approach improves security in doing things remotely.

Also, by 2024, 30% of enterprises are expected to deploy Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS).

Organizations are moving towards optimization and integration. Typically, CSOs have to manage various tools to get their work done, but they prefer to use a few tools that provide comprehensive capabilities. More precisely, they tend to use SaaS solutions.

By 2025, nearly 60% of organizations will consider cybersecurity risk a determining factor in third-party transactions and business relationships.

Investors use cybersecurity risk as an essential factor in evaluating opportunities. In addition, organizations consider cyber security risks first in business transactions. As a result, they may require counterparties to send them their security policies before conducting transactions. This is especially true for companies that are supposed to play an active role in the supply chain.