It’s a fast-paced world out there in the cyberverse, so how can your business keep up and keep safe? We share our 2023 cybersecurity predictions so that you and your company can be as prepared as possible as you head into the new year.
We’re all running as fast as we can to keep ahead of what is now a massive industry. The landscape is evolving so quickly as threat actors try to defeat our protections, measures, controls, and policies. That’s why at F12, we thought it was more important than ever to share our best educated guess as to what the future holds for cybersecurity in 2023. Our partner in cybersecurity, WatchGuard Technologies, releases a report at the end of every year outlining their predictions. I sat down with WatchGuard’s CSO, Corey Nachreiner, and our F12 CTO, Calvin Engen, to get the inside scoop on WatchGuard’s 2023 cybersecurity predictions and F12’s take on them.
Not many cybersecurity companies make concrete predictions for the upcoming year in any industry, much less something as ever-changing as technology. WatchGuard not only makes cybersecurity predictions (and more), but actually posts them online and leaves them up year after year.
Corey Nachreiner: We don’t just post our predictions, either—we grade ourselves, too. In the past, we’ve been as high as 80% correct. This past year, 2022, we did get a passing grade, but not quite one that Mom would be proud of. I think it speaks to the particularly unique situation we’ve all lived through during the pandemic. We did, however, grade ourselves a full “win” for a specific prediction: the trend of rising costs. Anyone who’s had to renew their cybersecurity insurance in the past year has seen this firsthand.
Tell us about the “digital supply chain” and where you think it’s headed.
Nachreiner: A lot of people hear the term “supply chain”, and they think about physical manufacturing and shipping. But when I’m talking about supply chain, I mean every business that uses tech. None of us can do it alone; we’re all reliant on third-party vendors that supply software and hardware to us. Looking ahead, I think we’re going to continue to see supply chain hacks. When SolarWinds was hacked in early 2020, the tech company’s software was breached and malware was widely distributed, giving the hackers access to at least 18,000 users of the Orion network system. That’s a supply chain hack. So my prediction regarding the digital supply chain in 2023 is that the customers who usually care more about price when choosing their IT services and products will start to have cybersecurity evaluation near the top of their priority list.
Calvin Engen: The buyer wants to know if a vendor or service provider has good security themselves. I love the fact that this issue is getting more traction, and that we’re hearing about it more in the market. Any vendor that we use internally for F12 and for our clients is put through a very rigorous profile to understand how adept their product and services are. We have a thorough, frequently-updated vendor risk profile for each and every one of our suppliers.
You mentioned WatchGuard didn’t get a stellar grade for 2022. Is there a prediction from last year that didn’t come true that you’ve dusted off for your 2023 cybersecurity predictions?
Nachreiner: At WatchGuard we do find that often, when our prediction fails, it’s only because we predicted it a too early. They might not be coming true until later. One such prediction was state-sponsored mobile threats trickling down to the cybercrime underworld. We thought that once the malware was out, cybercriminals would up their game when it comes to mobile threats. And while mobile threats exist, we really didn’t see any proof of nation-state level mobile malware getting into their hands. However, I think mobile phones will become an increasing threat vector; one day criminals will get a nice little nugget leaked from a nation state.
Engen: And to add to Corey’s point, there is a tremendous attack surface across so many consumers. There are a lot of other devices that exist out there that are not mobile devices and don’t have their sophistication (aka security). With IoT devices (Internet of Things), there are a lot of technology devices that make our lives easier, but the reality is that those devices are designed for the consumer market. They are not putting security front of mind. So they become a serious attack factor.
Does WatchGuard have any really off-the-wall 2023 cybersecurity predictions—or beyond?
Nachreiner: Okay, this one’s a little crazy. This is the one that may not come true in 2023, but maybe in the next five years or so. We predict that a robo taxi hack is going to result in a dazed and confused AI car disrupting traffic. We all know that self-driving cars are proliferating; in San Francisco you can hail a “Waymo” or a “Cruise” and a robo taxi—a totally human-less taxi—will pull up. But we’re predicting seeing some sort of connection-based attack. I know this sounds a bit dystopian, but that’s why we do the predictions. Our goal is, let’s do the defence now, and avert the dystopian results in the future.
What keeps both of you up at night thinking about what 2023 will bring?
Engen: Oh, there are many things that scare me, but I’ll pick the scariest thing. That would be an insider attack. At F12 we do a lot of things to ensure that we’re secure on our perimeter and we’re secure on the internal. But if you had a person infiltrate your business, someone who went through all the regular checks, background checks, the whole deal—and they were swayed? Paid or somehow otherwise influenced? We have triggers in our system to watch out for certain types of behaviour, but if they were just under the radar enough, that would be a scary scenario. So we’re always thinking about it: what can we do to restrict access, control it, silo it. That way, the overall blast area of the inside attacker is really, really limited.
Nachreiner: Our worry is consumer drones being used for warfare. Consumer drones are known to be hackable, even the most popular brands. Even if you consider a nation to be the “good side” using it, they might be maliciously taken over by the other side. Then, that harm the good side was trying to do gets turned back on them. We predict that consumer technology is going to be used in unintended ways like this, and will have serious consequences.
Are you a small- to medium-business looking to get ahead of the curve when it comes to cybersecurity this year? Do you have any 2023 cybersecurity predictions of your own? Give us a call. Let us help identify your company’s vulnerabilities and ensure your data and your people are protected.