(Source – Shutterstock)

VMware’s cybersecurity predictions for 2023 signal concerning times

Cybersecurity predictions are almost identical every year. Ransomware and targeted cyber attacks continue to be the focus of most tech companies. Often, these predictions come true.

Cybersecurity predictions for 2023 shouldn’t differ much from the current year. However, it will be interesting to see the scope and evolutions of cyberattacks every year. For example, in the past, the financial sector has often been the main target for cybercriminals.

This has changed recently. Today, the healthcare and education industry is increasingly targeted by cybercriminals, who are also trying out new techniques to exploit their victims and launch cyber attacks.

According to Rick McElroy, principal cyber security strategist at VMware, the healthcare and education industry will continue to be the top target for cybercriminals next year. McElroy believes that with telemedicine becoming the norm, ransomware and deepfake attacks on the healthcare industry will continue in 2023.

“As increased amounts of people turn to telehealth to connect with healthcare professionals, have prescriptions filled, and file their healthcare records, the door for fraud is left wide open for attackers to strike. As healthcare becomes increasingly politicized, dark web activity and ransom demands will continue to rise as data becomes a goldmine for attackers,” said McElroy.

He also feels attackers will aim to use this data in a way that is harmful to both the organization and the patients at hand. Adversaries know that if they want to inflict pain on an organization, targeting a hospital is the best route for destruction as a patient’s life is on the line.

In the education industry, more than 1,000 schools in the United States fell victim to ransomware attacks in the past year. McElroy expects state and private institutions will continue to face the same challenges as there are a handful of security gaps most education institutions face that make them more vulnerable to cyberattacks in 2023.

“A lack of cybersecurity awareness and training, limited funding, and resources are creating the ideal environment for criminals to gain access to substantial amounts of personal student data or research data. These organizations continue to be a popular target for ransomware attacks as adversaries know schools only have a short window to update processes and get in front of risks, making it harder to keep pace with updated security technologies and easier for cybercriminal groups to gain access to these networks and wreak havoc,” explained McElroy.

Cybersecurity predictions for CISOs looking heavy  

At the same time, McElroy pointed out that because of the increased concerns about cybersecurity, CISOs will continue to be in the business spotlight.

“We are at a major inflection point regarding the role of the CISO, which will continue into 2023 and beyond. The added legal pressure some CISOs now feel following high-profile security leader convictions and whistleblower complaints is added weight to an already stressful job. CISOs are tirelessly fighting for larger budgets in order to ensure that security becomes or remains a board- level issue and an organization-wide responsibility.

This includes having open conversations with CEOs and CFOs about where and how funds will be used, and the value improved defenses will bring to the organization as a whole. In the year ahead, the CISO role will only become more challenging and face more scrutiny as we work to balance the increasing stressors of the job while also trying to maintain the positive work that has been done to manage the burnout of cyber pros,” said McElroy.

cybersecurity predictions

(Source – Shutterstock)

Echoing McElroy’s views is Karen Worstell, Senior Cybersecurity Strategist at VMware. Worstell predicts cyber risk management to be a top priority for business leaders.

“When it comes to the governance and oversight of cyber risk, our system is broken. It’s no longer what it used to be fifteen years ago – we are dealing with higher stakes and fragile corporate reputations. As a result of this, in 2023, we will see companies double down on cyber risk management. Boards will need to have a much clearer role and responsibility when it comes to the process of ensuring adequate controls and reporting cyberattacks. Cyber risk governance is not just the domain of the CISO it is now clearly a Director and Officer level concern. When it comes to cyber, plausible deniability is dead,” commented Worstell.

The problem with the metaverse

Apart from that, cybersecurity predictions for 2023 also show the metaverse posing a huge problem in the future. For McElroy, the metaverse has a relatively unknown future given its adoption is still in its infancy, but enterprises are still rushing it to market faster than the security community is comfortable with.

“We’re already seeing instances of identity theft and deepfake attacks in the current version of our digital world, in which bad actors prey on executives to make wire transfers of hundreds of thousands of dollars outside of a company. What’s not to say there won’t be an uptick in similar scams inside of the metaverse virtual reality?

As we start to look ahead to 2023, businesses will need to be careful and considered in their approach to delivering this nascent technology. Dragging passwords into the metaverse is a recipe for breaches. But if we’re thoughtful about the controls put in place to identify users and deploy continual authentication – leveraging different factors such as biometrics and closely monitoring user behavior – it’ll help to alleviate those security concerns around the metaverse,” McElroy said.

Meanwhile, Chad Skipper, Global Security Technologist at VMware also shared his cybersecurity predictions and states that 2023 will see the evolution of initial access tactics as cybercriminals attempt to gain a foothold in organizations. Skipper explains that the main goal of such access is to carry out aggressive API attacks against modern infrastructure and exploit workload vulnerabilities within an environment.

“Because the majority of traffic within modern applications is API traffic, and it’s often not closely monitored, this fuels lateral movement as cybercriminals continues to use evasive techniques once inside the environment to divert detection across VDIs, VMs, and traditional applications. It may be a new year, but the primary goal of cybercriminals stays the same: gain the keys to the kingdom through four key steps – steal credentials, move laterally, acquire data, and then monetize it,” Skipper said.

Interestingly, Worstell raised another interesting point in cybersecurity predictions for 2023. While it is not directly considered a threat, Worstell believes the prioritization of wellness will finally reach infosec. She believes that burnout remains a critical issue, with almost half of incident responders experiencing burnout or extreme stress in the past twelve months. On a more positive note, two-thirds of organizations have implemented wellness programs to address burnout.

“Across the industry, we are moving toward wellness programs that help an organization’s workforce manage stress and prevent burnout, and these programs will become even more prevalent in 2023. However, these wellness programs are just one piece of the puzzle. Over the course of the next year, it will become the role of the manager to help recognize early on when their reports are struggling, and work to address it before it snowballs into a major issue,” said Worstell.