CybelAngel’s Top 3 Cybersecurity Predictions for 2023

Our cybersecurity predictions for 2023 all fall under one key word: proliferation. CybelAngel’s VP of product strategy, Camille Charaudeau, was recently quoted by both EM360 and BetaNews for his prediction that the expansion of external attack surfaces will be a major cybersecurity business challenge in 2023. What’s driving that expansion is the proliferation of credentials compromised by information stealer malware, shadow IT and misconfigured/unsecured clouds. As you start the new year, here’s what you need to know about these three cybersecurity threats.

#1. Proliferation of information stealers

Information-stealing malware is becoming one of the most popular vectors for cyberattacks. Verizon’s Data Breach Investigations Report revealed that over 80% of hacking-related breaches leverage stolen or brute-forced credentials, and this trend is unlikely to slow down in 2023. CybelAngel predicts an increased probability of important corporate credentials being stolen by malware designed specifically for this purpose, potentially exposing sensitive and proprietary data. CybelAngel has already detected more than 13 billion stolen or compromised credentials, and we detect a constant stream of roughly 20 million compromised corporate credentials every week. Clients express that compromised credentials are a major cybersecurity challenge that is among their top three priorities for the year. While strong passwords, frequent resets, and strict rules for third-party application authentication are the usual policies in place to defend against these threats, it is impossible for companies to reduce the risk of cyberattacks without having full visibility into what is being, or could be, stolen. Security leaders will therefore have to modify their cybersecurity strategy to preemptively detect and disable leaked credentials before they are hijacked by attackers.

#2. Increase in shadow IT, including OT and IoT

Working from home, video calls, and empty offices have become synonymous with the post-pandemic working life. This huge shift in the way we work over the last few years is showing no signs of stopping or even slowing down. But it is not just your dress code that has changed—with this transformation comes new cybersecurity risks and threats. Non-secured internet-facing operational technology (OT) is especially liable to attracting hackers’ attention. IBM Security saw a 2,204% increase in reconnaissance against SCADA Modbus OT devices accessible via the internet between January and September, and there’s no reason to expect a this activity to decrease. We’ve covered shadow IT in a previous blog and we predict that this trend is only going to increase in 2023. External-facing assets are often used by attackers as backdoors into a company’s digital infrastructure. Most companies do invest a lot of resources to protect their known assets but shadow assets are, by definition, a blind spot, and are therefore unprotected and extremely vulnerable. The only way to uncover shadow IT is to take an “outside-in” approach, where you emulate what attackers do to probe for weaknesses in your defense, then proactively mitigate the vulnerabilities before malicious actors can exploit them.

#3. Increase in unsecured/misconfigured clouds

Cloud adoption is ramping up at an incredible pace, with applications and workflows moving to the cloud to support our new “work from anywhere” lifestyle. With an average organization using a whopping 110 SaaS applications, mistakes and misconfigurations are not only easier to make, but could be more difficult to identify and track down. According to the same Thales’ Cloud Security Study, 45% of businesses have experienced a data breach or failed an audit involving data and applications in the cloud. Unfortunately, this complicated multi-cloud environment is now part of your external attack surface, and even the best configurations cannot eliminate all risks and threats. CybelAngel predicts that security leaders will need to stay vigilant with continuous monitoring and speedy remediation to reduce the risk of cloud exposures.

Outlook for 2023

It is, of course, impossible to predict exactly what the future will hold in cybersecurity. The field is constantly evolving and new threats and technologies are emerging all the time. Nevertheless, our experience tells us that 2023 will continue the trend of exponentially expanding external attack surfaces. While external attack surface management (EASM) is a broad topic, you can find quick wins by addressing the three challenge areas we’ve predicted.

A great way to start the year is by conducting a full risk assessment to identify any weak spots. Contact us for a complimentary External Exposure Scan today and start the new year with new clarity.