Cybersecurity Predictions for 2023

Download eBook

Cyberattacks and threats aren’t going away anytime soon. Malware, phishing, denial of service, and SQL injection attacks are on the rise, and the cost of cyberattacks is expected to increase 15% annually over the next five years, according to Cybercrime Magazine. As cybercriminals’ strategies and techniques evolve, businesses must evolve too. Keeping up with the latest cybersecurity trends is a great way to stay one step ahead of cybercrime. After all, when you know what’s coming, you can better prepare. In this eBook, we share the top emerging trends that we predict will shape the cybersecurity industry in 2023.

Prediction #1

Critical Infrastructure Attacks Will Increase

The Russia-Ukraine War fueled an increase in cyber warfare against nation-states. That’s because pro-Russian and pro-Ukrainian cybercriminal groups have publicly taken sides in the geopolitical conflict and executed attacks on supporters of the opposing side. As a result, commercial entities experienced a fortunate drop-off of cyberattacks, but nation-states and government agencies worldwide experienced an immediate spike in cyber activity, especially in NATO countries.

In particular, in October 2022, the pro-Russian hacker group Killnet orchestrated a series of distributed denial-of-service (DDoS) attacks against U.S. airport websites, including Los Angeles International and Chicago O’Hare International airports. In a DDoS attack, a cybercriminal disrupts the normal flow of traffic on a website by overwhelming its capacity with fake traffic, making the website inaccessible for an extended time. The DDoS attacks from Killnet show the vulnerability of U.S. critical infrastructure targets and may mark the beginning of an escalation of threats against critical infrastructure and unprecedented ransomware demands.

Prediction #2

Cybersecurity Budgets Will Be Cut Across All Organizations

A recent Xtelligent Healthcare Media study commissioned by Pondurance showed that 71% of respondents agreed that their organizations increased their budgets in 2022 to support a digital health environment. However, inflation and unstable global economies are taking their toll on businesses across all industries. As a result, we predict that budget cuts will impact all technology investments including cybersecurity.

Smaller cybersecurity budgets could mean a boom for managed security solutions that deliver cybersecurity services and experienced staffing at a lower cost than using only in-house cybersecurity. The Xtelligent study showed that 92% of healthcare providers outsourced or planned to outsource their cybersecurity in 2022. Outsourcing allows organizations to focus on their core competencies rather than having to focus on cybersecurity expertise.

Prediction #3

The Rise of Hacktivism Will Continue

Hacktivism, a tactic of gaining illegal access to a computer system or network to promote a political or social cause, saw a rise in 2022, and we believe the trend will continue in 2023. In the first six months of 2022, DDoS attacks — a favorite hacktivist attack tactic for causing disruption — increased by over 200% compared to the first six months of 2021.

The Russia-Ukraine War caused some of the increase. The left-right political divide in the United States, involving contentious issues ranging from freedom of speech to fair elections to abortion rights, has added to the rise. And social media platforms may contribute to hacktivism. For example, Elon Musk’s purchase of Twitter has provided a forum “where a wide range of beliefs can be debated in a healthy manner, without resorting to violence,” which ironically could spark hacktivists to take action against individuals or organizations that they disagree with or want to avenge.

Prediction #4

Cyber Insurance Providers Will Require Quarterly Security Reviews

Over the past few years, ransomware has wreaked havoc on organizations, especially small to midsize businesses that make up 98% of cyber insurance claims, according to NetDiligence’s Cyber Claims Study 2022 Report. Now, premiums are up, coverage limits and coverage access are down, and cyber insurance providers are imposing greater scrutiny on their clients. While many insurance providers conduct annual or biannual reviews to know their clients are meeting the requirements for cyber coverage, we expect to see many insurers also require quarterly reviews as a condition for insurability.

Both managed detection and response (MDR) providers and cybersecurity vendors that provide continuous risk assessment services will reap the benefits of this new requirement. Small and midsize businesses will likely rely on MDR services to close the gaps that prevent them from eligibility for cyber insurance, and risk assessment services can help businesses quickly identify and remediate any regulatory, compliance, or cybersecurity gaps.

Prediction #5

The Wave of New Federal Rules, Best Practices, and Guidelines Will Continue

Passage of U.S. government regulations will aggressively continue in 2023. More than 35 states have enacted new cybersecurity legislation since 2021, and a barrage of new regulations and enforcements are yet to come from federal agencies, according to a recent Harvard Business Review article. The Federal Trade Commission, Food and Drug Administration, Department of Transportation, Department of Energy, and Cybersecurity and Infrastructure Security Agency are preparing new regulations. In addition, the Securities Exchange Commission has new rules in the works for cybersecurity risk management, and the Department of Labor has set forth guidelines to protect its employees.

Most of the regulations will focus on consumer privacy rights and regulation of ransomware payments. The abundance of new rules calls attention to the need for better cybersecurity reporting when attacks do happen.

Prediction #6

More Cybersecurity Vendor Solutions Will Fall Victim to Breaches

Yes, even cybersecurity companies can fall victim to a data breach. Over the past few years, some high-profile cybersecurity companies have experienced a significant breach, which is a grim reminder that even the best in the business of cybersecurity protection are not impenetrable. Such highly sophisticated attacks are typically conducted by nation-states with highest-level capabilities.

We predict that 2023 will see more coordinated, direct attacks on the cybersecurity solutions that many organizations rely on for protection from cyber threats — and there will be new names on the list of victims.

Prediction #7

Zero-Day Exploits Will Significantly Increase

We predict that zero-day vulnerabilities from 2022 will lead to a significant increase in zero-day exploits in 2023. Unfortunately, this prediction isn’t a novel one. It often appears on year-end lists because technology products, services, platforms, and tools aren’t perfect.

A zero-day vulnerability is a newly discovered software vulnerability, and an attack on that vulnerability is a zero-day exploit. In 2022, zero-day vulnerabilities were found in Microsoft, Apple, Atlassian, and Fortinet, to name a few, all big-name companies with big-time user bases. These zero-day vulnerabilities and many others have opened the door to a possible rise in zero-day exploits in the year ahead.

Prediction #8

Mobile Device Attacks Will Rise

Mobile technology is rapidly evolving, and cybersecurity awareness isn’t keeping up with mobile device usage. Mobile devices, including smartphones, tablets, and wearables, are easy targets for cybercriminals since the devices store valuable sensitive personal data, yet users don’t always keep up with software patches and often introduce malware or spyware on their devices without even knowing it.

Cybercriminals can attack mobile devices in multiple ways, including the use of malware, ransomware, phishing, man-in-the-middle attacks, jailbreaking and rooting, and operating system exploits. In particular, mobile malware cyberattacks rose 500% during the first few months of 2022, and we predict that such attacks on mobile devices will continue to rise in 2023.

Prediction #9

Dwell Time Will Continue to Decrease

Dwell time — the time from when cybercriminals enter an environment until they are removed — matters because the longer cybercriminals are in an environment, the more damage they can cause. The average dwell time in 2020 was 24 days, the number decreased to 21 days in 2021, and we expect dwell time to continue to decrease into the teens in 2023. This is both good news and bad news. Some of the dwell time decrease can be attributed to organizations doing a better job with threat detection and response, but much of the decrease is due to the rise in ransomware use.

By nature, ransomware attacks have a shorter dwell time than other types of cyberattacks. The median dwell time for ransomware attacks is only five days versus a median dwell time of 45 days for non-ransomware attacks, according to Mandiant’s 2022 M-Trends Report. Now more than ever, cybercriminals are competing to be the first in and striking quickly to get a ransom payout — a trend we predict will continue in 2023.

Prediction #10

The Zero-Trust Security Model Will Gain Momentum But Lag

Since its introduction in 2010, the zero-trust security model has become a widely accepted framework for building a cybersecurity program. Forty-one percent of organizations have already deployed a zero-trust architecture, according to IBM Security’s Cost of a Data Breach Report 2022. With zero trust, organizations trust no one, assume that a data breach has already happened, and grant only limited access to internal and external users.

We believe the “never trust, always verify” model will continue to gain momentum in 2023 but the actual implementation and execution of zero-trust programs will lag, especially in the healthcare sector. However, there are ways to break the logjam. Ultimately, it will take better reference architecture models that bridge varied vendor implementation, alignment with best practice frameworks, and regulatory requirements that push the adoption of zero trust.

Prediction #11

True MDR Providers Will Separate From the Pack

Market research firm Gartner estimates there are currently more than 100 MDR service providers. These providers offer wide variations in the depth and type of services and capabilities available. In 2023, we believe the market will see a reckoning of the MDR market that will separate a “true” MDR service provider from those companies that offer only elements of threat detection and response. At a minimum, companies should offer incident response, threat hunting, 24/7 security operations centers, and a full staff of cybersecurity experts to qualify as an MDR service provider.


hand with phone
Cyberattacks aren’t going away anytime soon, so organizations must evolve to stay protected against the relentless threats of cybercriminals. Understanding the top emerging trends in cybersecurity and working with the right cybersecurity partners can help your organization mitigate cyber risk and better protect your business in the year ahead.

Find out more about our 2023 predictions as Pondurance cybersecurity experts Doug Howard, Ron Pelletier, and Dustin Hutchison discuss their cyber insights in the webinar Predictions To Power Your Cybersecurity Strategy in 2023.

How Pondurance Can Help

Our mission is to ensure that every organization is able to detect and respond to cyber threats — regardless of size, industry, or current in-house capabilities. We combine our advanced platform with decades of human intelligence to decrease risk to your mission.

Closed-loop Managed Detection and Response

Recognized by Gartner, Pondurance provides 24/7 U.S.-based SOC services powered by analysts, threat hunters, and incident responders who utilize our advanced cloud-native platform to provide you with continuous cyber-risk reduction. By integrating 360-degree visibility across log, endpoint, and network data and with proactive threat hunting, we reduce the time it takes to respond to emerging cyber threats.

Pondurance MDR is the proactive security service backed by authentic human intelligence. Technology is not enough to stop cyber threats. Human attackers must be confronted by human defenders.

Incident Response

When every minute counts, organizations need specialized cybersecurity experts to help them respond to a compromise, minimize losses, and prevent future incidents.

Pondurance delivers digital forensics and incident response services with an experienced team capable of guiding you and your organization every step of the way. This includes scoping and containing the incident, determining exposure through forensic analysis, and helping to quickly restore your normal operations.

Security Consultancy Services

Our specialized consultancy services will help you assess systems, controls, programs, and teams to uncover and manage vulnerabilities. Our suite of services ranges from penetration testing to red team exercises, along with compliance program assessments for highly regulated industries. We provide security incident response and business continuity planning to put you in the best position to defend against and respond to cyberattacks.

About Pondurance

Pondurance delivers world-class MDR services to industries facing today’s most pressing and dynamic cybersecurity challenges including ransomware, complex compliance requirements, and digital transformation accelerated by a distributed workforce. By combining our advanced platform with our experienced team of analysts, we continuously hunt, investigate, validate, and contain threats so your own team can focus on what matters most.

Pondurance experts include seasoned security operations analysts, digital forensics and incident response professionals, and compliance and security strategists who provide always-on services to customers seeking broader visibility, faster response and containment, and more unified risk management for their organizations.