BeyondTrust Releases Cybersecurity Predictions for 2023

BeyondTrust, intelligent identity and access security, has released its annual forecast of cybersecurity trends emerging for the New Year. These projections, authored by BeyondTrust experts Morey J. Haber, Chief Security Officer and  Brian Chappell, Chief Security Strategist, EMEA/APAC, are based on shifts in technology, threat actor habits, culture, and decades of combined experience.

“The Arab Gulf region continues to innovate at scale,” said Morey Haber, Chief Security Officer, BeyondTrust. “But digital transformation in the cloud brings with it a range of issues, including the increased sophistication of attackers and their ability to adapt to the moment at a pace that, as yet, enterprise security functions have been unable to match.”

Prediction #1:  Negative, Zero, and Positive Trust — Next year, expect products to actually be “zero trust-ready”, satisfy all seven tenants of the NIST 800-207 model, and support an architecture referenced by NIST 1800-35b. Zero trust product vendors will create marketing messages that may imply positive and/or negative intent. Some will provide positive zero trust authentication and behavioral monitoring, while others will work using a closed security model to demonstrate what should happen when a negative zero trust event occurs.

Prediction #2:  Camera-Based Malware is here. Say “Cheese”! — In 2023, expect to see the first of many exploits that challenge smart cameras, and the technology embedded within, to leverage vulnerabilities. While there have been timeless discussions on the risks of using QR codes, we’re only now beginning to understand the risks from our smart cameras. As cameras become more complex, the risk surface is expanding for novel approaches that could lead to their exploitation.

Prediction #3:  Reputation for Ransom—The rise of Ransom-Vaporware — We will see a rise in the extortion of monies based purely on the threat of publicizing a fictional breach. Society so willingly accepts the veracity of breaches reported in the news — and without evidence. For a threat actor, this could mean the need to perpetrate an actual breach is reduced and a threat alone, that is not even verifiable, becomes an attack vector all in itself.

Prediction #4:  The Foundation of Multi-Factor Authentication (MFA) Invincibility Fails — Expect a new round of attack vectors that target and successfully bypass multifactor authentication strategies. In the next year, push notifications, and other techniques for MFA will be exploited, just like SMS. Organizations should expect to see the foundation of MFA eroded by exploit techniques that compromise MFA integrity and require a push to MFA solutions that use biometrics or FIDO2-compliant technologies.

Prediction #5:  Cyber Un-insurability is the New Normal — In 2023, more businesses will face the stark realization that they are not cyber-insurable. As of the second quarter of 2022, U.S. cyber-insurance prices already increased 79% over the prior year. The truth is, it’s becoming downright difficult to obtain quality cyber insurance at a reasonable rate.

Prediction #6:  The Latest Concert Hack—Wearable Risk Surfaces and Hackable E-Waste — If you have recently attended a large concert, you may have received a disposable LED bracelet that can receive RF transmissions during the event. The device is meant to be low cost, disposable, and have potentially only single use. In 2023, expect threat actors to easily decode the RF transmissions using tools like Flipper Zero to wreak havoc on venues that use these enhancements. Some, may be to form a protest for some other purpose.

Prediction #7:  Compliance Conflicts are Brewing — Significant compliance standards, best practices, and even security frameworks, are starting to see a diverging in requirements. In 2023, expect more regulatory compliance conflicts, especially for organizations embracing modern technology, zero trust, and digital transformation initiatives.

Prediction #8:  The Death of the Personal Password — The growth of non-password-based primary authentication will finally spell the end of the personal password. More applications, not just the operating system itself, will start using advanced non-password technologies, such as biometrics, either to authenticate directly or leverage biometric technology, like Microsoft Hello or Apple FaceID or TouchID, to authorize access.

Prediction #9:  De-Funding of Cyber Terrorists Becomes Law — Governments all over the world will entertain a new approach to protect organizations from ransomware and stop the funding of terrorists: ban ransomware payouts outright. Granted, threat actors may move on to a new form of cyber crime to fund their operations, but ransomware as we know it will fade away.

Prediction #10:  Cloud Camouflage is Confronted — To mitigate cloud security risks, expect a push for transparency and visibility into the security operations of SaaS solutions, cloud providers and their services. The push to ensure transparency of the architecture, foundational components, and even discovered vulnerabilities, will extend beyond SOC and ISO certifications.

Prediction #11:  Social Engineering in the Cloud — Attackers will turn from their software toolkits to their powers of persuasion as they increase the number of social engineering attacks leveled at employers and organizations across the cloud.

Prediction #12:  Unfederated Identities to Infinity and Beyond — Expect a push into unfederated identities to help provide a new level of services and potentially physical products that will become a mild access control and management nightmare. The size and scope will feel truly infinite — unless it is well-defined for identity management teams to provide access beyond what typically is available today.

Prediction #13:  OT Gets Smarter, Converges with IT — Expect attack vectors for basic Operational Technology (OT) to expand based on similar exploits that target IT. OT which once had a single function and purpose is now becoming smarter, leveraging commercial operating systems and applications to perform expanded missions. As these devices expand in scope, their design is susceptible to vulnerabilities and exploitation.

Predictions #14:  Headline Breaches Move to Second-Page News — Expect news of breaches to be buried deeper — whether in print or online format based on audience fatigue, lack of interest, or just because it is no longer exciting. With that said, legal, regulatory, and compliance responses will become front-page news should an organization fail to follow the proper steps for public disclosure and risk mitigation.

Prediction #15:  A Record-“Breaching” Year — Expect a record-breaking year of cyber security breach notifications, not only because of the sophistication of threat actors, but also due to the larger changes in the world that will impact an organization’s ability to mitigate, remediate, or prevent a problem.

“Our assessments of the year ahead may seem all doom and gloom, but in truth, organizations have many ways of protecting themselves against an incident,” said Haber. “With the right blend of skills, tools and strategy — either in house or in collaboration with a trusted partner — businesses can go into 2023 with their eyes open and conduct their affairs with confidence.”

To read more news and exclusive features see our latest issue here.

Never miss a story… Follow us on:
LinkedIn Security Buyer
Twitter logo @SecurityBuyer
Facebook @SecbuyerME

Media Contact
Rebecca Morpeth Spayne,
Editor, Security Portfolio
Tel: +44 (0) 1622 823 922
Email: [email protected]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

OneLink

Product Spotlight – Gallagher’s OneLink

Gallagher Security presents, OneLink – the product that is elevating remote security through the power of the cloud 
Pinaccle systems

Pinnacle Systems further supports Installers and System Integrators

Pinnacle Systems has launched the Pinnacle Partner Programme, a new initiative designed to provide enhanced support for installers…
Stephen Tickle

Comelit-PAC Appoints Stephen Tickle as Regional Sales Manager

Comelit-PAC has appointed Stephen Tickle as its new Regional Sales Manager.  Stephen will focus on supporting PAC’s access control…
Intersec Saudi

Intersec Saudi Arabia returns with record exhibition space

Intersec Saudi Arabia, the premier industry platform for security, safety and fire protection, will return to the Riyadh…
Abloy UK

Abloy Academy breaks attendance records

Abloy UK has achieved record breaking attendance at its Academy, with more professionals than ever attending its…
Hikvision

Hikvision Introduces X-ray Baggage Inspection System

Hikvision India has recently introduced X-ray Baggage Inspection System with AI- enabled Intelligent Recognition Capabilities…
GBV

IFPO Column: The Quiet Signals of Danger

Yoyo Hamblen of IFPO and Gary Simpson, Nonverbal and Behavioural specialist discuss the important topic of Gender-Based Violence..
Doorbird Carousel

Product Spotlight – Door Communication for the “Neue Wallufer”

 A customised solution case study for a residential complex is presented by DoorBird and CompuNet Systems GmbH 
suprema

Suprema Achieves EN 60839 Certification

Suprema, a global provider of AI-powered access control and security solutions, has achieved EN 60839-11-1:2013 Grade 3 certification
ASSA ABLOY

Electric locks are a vital component in digital access

To protect the important openings in their buildings, organizations need locks they can trust. This means more than just strength…
Scroll to Top