Cybersecurity Predictions for 2023

Cybersecurity will continue to be paramount for tech vendors, managed service providers and businesses of all sizes in 2023.

Top issues on the minds of business and tech leaders, according to CompTIA’s State of Cybersecurity 2022, are the increasing number of cybercriminals, building trust, privacy concerns, and the variety and scale of attacks. In many cases, your business’s future depends on your ability to safeguard your information. With that in mind, we asked several prominent cyber leaders from CompTIA’s member ranks to offer their predictions for what to expect in the next 12 months. Here’s what they had to say:

Inflation Will Increase Security Risks Across Enterprises

“Borrowing from my colleague Jennifer LuPiba, I think cybercriminals are going to leverage one of the hottest topics in the news today—inflation—to their advantage in 2023. We identified multiple scenarios that are likely to play out this year, especially as those feeling the pinch financially due to inflation might be more tempted to let down their guard, whether it’s to unleash ransomware for money or even sell their own credentials into a business’s network. Our security assessments often find that 70% to 100% of user accounts in an IT environment have rights that could be escalated in a handful of steps to give an adversary access. IT teams will need to stay sharply focused in 2023 and ensure they have a robust disaster recovery strategy and automated solutions that speed the restoration process. After all, the key to becoming more cyber resilient is not magically ensuring that you’ll never suffer an attack; it’s being prepared to get the business back on its feet as soon as possible if a disaster does strike.” – Olivia Donnell, global MSP and distribution lead, Quest Software

Failure to Manage Customer Expectations Will Spur Litigation

“MSPs that fail to properly manage customers’ expectations regarding the availability and/or limitations of cybersecurity solutions will end up being blamed for cybersecurity failures, regardless of fault. MSPs need to improve their sales and contracting procedures to ensure customers understand what cybersecurity services they are buying (or not buying), and the limits of those services.” – Brad Gross, founder and president, Law Office of Bradley Gross

More Women Will Be Represented in Cybersecurity

“In recent years, there has been a push to increase the representation of women in the cybersecurity industry, and this trend is expected to continue in 2023. Diversity is vital in any industry, and women bring unique perspectives and skills to the table in cybersecurity. Research has demonstrated that women tend to be more risk-averse and possess strong problem-solving abilities, which is an asset in this field. Furthermore, increasing the number of women in cybersecurity helps address the shortage of skilled professionals in the field. By promoting diversity in cybersecurity, we can strive to create a stronger and more effective workforce that can enhance cybersecurity measures.” – Barb Paluszkiewicz, CEO, CDN Technologies

Security Culture Takes Center Stage for MSPs, Customers

“Whether it is through legislation, cyber insurance requirements or otherwise, MSPs will be required to internally implement and measure one or more cybersecurity frameworks as a cost of doing business. This means a re-evaluation of not only the technology used (vendors get ready!) and administrative controls (policies and procedures, anyone?), but it places security culture at the forefront. Every part of MSP delivery will be viewed through a lens of security and compliance, and leaders must get in front of this with resources, enthusiasm and support, or the efforts will not take hold. 2023 is the year that security culture will be a required foundation for an MSP’s organizational maturity.” – Joy Beland, vice president of partner strategy and cybersecurity education, Summit 7

MSPs Will Look Inward to Address Cyber Workforce Challenges

“With cyber workforce shortages continuing and corporate/enterprise employers competing with MSPs for talent, more MSPs will look internally and consider feeder roles and training/certifications as a method to upskill their staff. Having institutional knowledge of your customers and the foundational knowledge in technology they are ideal candidates to move up. CompTIA members should take advantage of discounted CompTIA certs for everyone in their organization as well as leverage their vendors for product specific options.” – Ron Culler, vice president and cyber learning officer, CompTIA

AI and Geopolitics to Have Increasing Effect on Cyber Attacks

“Bad actors, be it nation states or organized cyber criminals, are going to take every advantage they can to increase attacks on organizations. Advances in AI tools are enabling these actors to better tune targeted attacks on organizations and their supply chains. Expect nation states to test the limits of their reach across critical infrastructure industries and affiliated supply chain contractors. ‘OT’ attacks, while not new, will increase in severity and scope, and MSPs need to be aware of these threats and how their customers might be targeted—this includes the MSP themselves as a target.” - Ron Culler, vice president and cyber learning officer, CompTIA

CMMC 2.0 Will Fizzle Due to Self-Attestation

“When Cybersecurity Maturity Model Certification (CMMC) ‘dropped’ a year or two ago, it was very clear that addressing the limitations of ‘self-attestation’ (deceit?) was clearly critical, but the bar had been set so high that many SMBs just ignored it. CMMC 2.0 was designed in part to address that, but went too far, bringing back self-attestation and with it, setting the bar nearly as low again.” – Joshua Liberman, president, Net Sciences

Zero Trust Adoption Increases as Access Demands Increase

“In 2023, I think there will be a more widely adoption of the zero trust framework. With the normalization of the remote workforce, security has never been more important. With remote work, more vulnerabilities are being introduced and the security posture of corporate networks are seeing an impact. Therefore, there is a growing need to have users, inside and outside of the network be authenticated, authorized, and continuously validated before having access granted. Continuous validation along with implementing other frameworks and principles will allow security experts limit the blast radius. We should be thinking and focusing more on pro-active methods of protection instead of reactive. Zero trust will help us work towards achieving this.” – Bill Campbell, CEO, Balancelogic