Best Cybersecurity Prediction Reports for 2023 - ranked by Security Industry Company (Part 1)

After a year full of data breaches, ransomware attacks and real-world cyber impacts stemming from Russia’s invasion of Ukraine, what’s next??Here’s part 1 of your annual roundup of security industry forecasts for 2023 and beyond.

President Ronald Reagan once said, “The future doesn’t belong to the fainthearted; it belongs to the brave.”

So what will come next in our world of cybersecurity as we head into 2023? What will be hot, and what will not?

That’s what this annual security prediction roundup will cover, from the perspective of the top cybersecurity industry companies, thought leaders, tech executives and journalists. Every year I catalog and rank the best reports in the cyber industry to see who has made a top New Year’s security prediction list and checked it twice.

This year there are so many good predictions that we’ve split the list into two parts. Look for part 2 to post next Friday, Dec. 30, but first, let’s start with the top 12.

HOW CAN YOU BENEFIT FROM SECURITY PREDICTIONS?

Back in 2016, I wrote, “Americans love baseball, hotdogs, apple pie and predictions. In fact, if we really like something a lot, and especially if we have a growing interest in some new area of life, it’s not long before we start thinking about what the future holds within that area.”

And just as in the last few years, there are more cybersecurity predictions for next year than ever before — cybersecurity now touches virtually every area of life.

The best security prediction reports do much more than just make educated guesses at what might happen in the next year or two. The top 23 security predictions for 2023 examine the vendors who study global security incident trends, analyze what’s working and what’s not, examine new cyber solution alternatives, and use science and data to gaze into the future and make forecasts.

Here are just a few ways that we can benefit from reading the details in security prediction reports:

1. Gain industry knowledge, understand overall trends and expand your horizons beyond one stovepipe or topic.
2. Use the free advice, direction, insights and annual reports provided by many.
3. Use predictions as an opportunity to educate others.

No doubt, some people will say things like, “Nothing will change — 2023 will be just like 2022, only worse.” But the reality is that everything is changing rapidly. The public and private sectors must adapt faster now more than ever before to evolving cyber threats and new digital risks. This report can help with that education.

RECAPPING 2022’S PREDICITONS

Before we look at 2023, many readers may want to know what was predicted for 2022. Here were some of the top cyber prediction themes from last year’s report, “The Top 22 Security Predictions for 2022”:

• Cyber threats in space.
• A heavy emphasis on operational technology (OT) cybersecurity — vulnerabilities, threats and impacts.
• A strong emphasis on cryptocurrencies and crypto wallet security attacks. As bitcoin and other cryptocurrencies rose in 2021, now the bad actors want your bitcoins even more.
• More application security vulnerabilities — especially when code is widely used, such as the Log4j vulnerabilities.
• Issues created by a lack of talent and vacancies in public- and private-sector organizations — as the talent war gets worse.
• Renewed emphasis (but in new ways) on AI, autonomous vehicles, drones and other new technologies being hacked.
• Note that security industry vendor acquisitions have changed many of the familiar names, such as the activities with FireEye, McAfee Enterprise and Mandiant.?

Disagreements in 2022:

• The majority of reports thought ransomware would get worse, but some disagreed and said the bad actors would lay low in 2022 to spend the money they gained in 2021 and avoid nation-state and law enforcement detection.
• Where ransomware was predicted to get worse, several reports suggest some will skip the encryption and just demand payment for the release of the stolen data.
• A few reports said 2022 would be a turning point — where the good guys turn the corner with government help to dramatically improve cybersecurity. They claimed executive boards now “got it.” These reports were still in the minority though, and most said more damaging data breaches were coming in 2022 than ever before.?

While most of the themes on the first list were accurate, ransomware clearly got worse overall, not better. Also, there was no big “turning point” regarding cyber threats diminishing or having less damage.

The big miss by everyone last year was the impact that the war between Russia and Ukraine would have on the global cybersecurity situation. Almost like the COVID-19 pandemic changed the world, the war in Ukraine dominated cybersecurity this past year in various ways, as you can read about in my annual cyber review for 2022.

2023 SECURITY PREDICTION TOP THEMES

This year, the cybersecurity industry predicts:

• More cyber insurance issues and assorted (big) changes coming. Many won’t qualify.
• More nation-state cyber attacks based on lessons learned from the Ukraine war.
• Growing trouble with multifactor authentication (MFA) attacks.
• New attacks against space vehicles and drones.
• Social media attacks surge, including the use of targeted deepfakes.
• Use of public cloud computing and digital transformations grows, along with cyber threats.
• More critical infrastructure attacks that impact society.
• Hacktivism grows into new areas and becomes a bigger problem.
• Enterprises veering away from endpoint solutions and moving towards platforms to reduce complexity.
• Ransomware will be back in new, more dangerous, blended forms.
• More attacks against non-traditional technology, from cars to toys to smart cities.

Reminder: This ranking covers organizational reports and not just individual predictions. Most reports offer six to 10 predictions, and the top reports group their predictions and themes into categories. Also, the research and details behind each security prediction offer vital context. I urge readers to visit these companies’ websites, read their full prediction reports and see the details on each item. My goal is to point you in the right direction for more details and solution specifics.?

THE TOP 23 SECURITY PREDICTIONS REPORTS FOR 2023 FROM SECURITY INDUSTRY COMPANIES

1) Trend Micro once again takes the top prize with their outstanding report entitled FUTURE / TENSE: TREND MICROSECURITY PREDICTIONS FOR 2023.

Trend Micro leads with:

1. Shapeshifting ransomware business models will become a bigger avenue for data theft and blackmail.
2. Inconsistent application of cloud technology will hurt enterprises as adoption of new tools increases.
3. The enterprise perimeter will expand into the home as users become more comfortable in a hybrid work environment.
4. Social engineering is an evergreen threat — BEC and deepfakes will take new forms.
5. The hype surrounding digital novelties like NFTs and the metaverse will keep waning, but the blockchain technology on which they’re built is going to be where the real action is.
6. Attackers will further capitalize on vulnerabilities and intrude through overlooked attack surfaces like open-source software.
7. Industrial entities will top off their tech stack, but struggle to keep up with staff shortages and vertical regulations.
8. Enterprises will veer away from the point-solution approach to cybersecurity.

Each of Trend Micro’s points are backed up with a page or more of details, so I recommend reading their report. One thing that sets this report apart is the extensive number of references at the end, which are worth reading.

You can get the Trend Micro report in PDF format or view the findings in this summary page which provides supporting insights.

You can also watch these Trend Micro Threat Overviews webinars here, or view this video:

2) WatchGuard Technologies once again was a close second to Trend Micro, with Watchguard’s 2023 Cybersecurity Predictions.

Here are their top six, with many more details at their custom prediction website:

1. Insurers Verticalize Their Already Increased Security Requirements
2. Cybersecurity Evaluation and Validation Becomes a Top Factor in Selecting Vendors and Partners
3. The First Big Metaverse Hack Affects a Business Through New Productivity Use Cases
4. MFA Adoption Fuels Surge in Social Engineering
5. A Novel Robotaxi Hack Will Result in a Dazed and Confused AI Car
6. AI Coding Tools Introduce Basic Vulnerabilities to New Developers’ Projects

I am always impressed with Watchguard’s creativity and fun videos (two are shown here). As pointed out on their prediction webinar website: “This year, Corey and Marc square-off in a Predictions Challenge, offering different takes on potential hacks and attacks in these categories. Whose predictions will come true … only time will tell!”

3)?Kaspersky — Once again Kaspersky offers an abundance of security and privacy predictions for the new year; and once again, their forecasts and predictions are harder to find than many of their competitors. I rank Kaspersky so high on this list due to the huge amount of research and excellent material that is well-researched and timely. They also offer many siloed reports on different topics and in different regions around the world. Finally, they also grade themselves by looking back at what they predicted in the previous year and describe if it happened or not (and how).

Here are a few Kaspersky prediction examples for 2023:

Advanced threat (APT) predictions for 2023

• The rise of destructive attacks
• Mail servers become priority targets
• The next WannaCry
• APT targeting turns toward satellite technologies, producers and operators
• Hack-and-leak is the new black (and bleak)
• More APT groups will move from CobaltStrike to other alternatives
• SIGINT-delivered malware
• Drone hacking!

Other excellent Kaspersky lists:

Industrial Control Systems Predictions

Top prediction: Kaspersky experts predict a shift in advanced persistent threat (APT) activity against industrial organizations and OT systems in new industries and locations. The real economy sectors such as agriculture, logistics and transport, the alternative energy sector and the energy sector as a whole, high-tech, pharmaceuticals and medical equipment producers are likely to see more attacks next year. Moreover, traditional targets, such as the military industrial complex, and the government sector will also remain.

Privacy Predictions for 2023

Top prediction: Internet balkanization will lead to more diverse (and localized) behavior tracking market and checks on cross-border data transfer.

4) Mandiant — Mandiant was acquired by Google this past year, but they did not scale back their annual security predictions forecast for 2023. There are plenty of excellent Mandiant resources available, if you look in the right places.

Start here to download their Mandiant report for free, which covers topics such as:

• More attacks by actors not associated with nation states or organized groups, and that are motivated more by bragging rights than actual financial gain.
• More extortion attacks, and the possibility that Europe will overtake the United States as most targeted by ransomware.
• Destructive attacks, information operations and other cyber aggression from The Big Four: Russia, China, Iran and North Korea.

If you don’t want to register, but have a (free) BrightTALK account, you can view their Mandiant Cyber Security Forecast 2023 here.

This blog also lays out some of the key Mandiant takeaways from the specific Mandiant forecast items. Here are a few:

• Ransomware-as-a-service providers will modernize their software targeted on exfiltration and “leak sites” as the recent trend shows organizations considered mitigating brand names more compelled to pay ransom than to regain access to encrypted data.
• As political motivations and nation-states leverage information operation (IO), more third-party organizations will spring up to provide IO services.
• Enterprises will shift to password-less authentication as corporate credential theft by cyber criminals has continued to be on the rise.
• TAs have shifted to stealing user’s identities as more critical than gaining access to endpoints.
• Attackers are following offensive and defensive security research releases to gain more knowledge to execute attacks.
• The growing risks of cyber attacks are making it difficult for organizations to be cyber-insured as cyber insurance firms are re-evaluating their risk appetites.

Finally, there are some good takeaways from the Mandiant 2023 forecast report found here. One of them is: “An increase in malicious cyber activity associated with the war in Ukraine and a tendency for Russian hackers to co-opt third party front groups for plausible deniability.”

5) Fortinet continues to improve their cybersecurity prediction report each year, and this year is the best so far. Their “Cyber Threat Predictions for 2023: An Annual Perspective by FortiGuard Labs” in PDF format offers many excellent great insights with references and an analysis of what they predicted last year.

Fortinet Prediction Highlights:

• New Crime-as-a-Service Offerings
• Money Laundering Gets a Boost from Automation
• Virtual Cities Welcome a New Wave of Cybercrime
• Wipeout (Wiper Malware will surge)
• The Wild West of Web3
• Cue the Q-Day Preparations (Quantum Computing threats)

For those who prefer a blog format, visit this Fortinet “Threat Predictions for 2023” website, which includes a YouTube video. Here are two threats highlighted at this Fortinet website:

“The Explosive Growth of CaaS: Given cybercriminals' success with RaaS, we predict that a growing number of additional attack vectors will be made available as a service through the dark web. In addition to the sale of ransomware and other Malware-as-a-Service offerings, we'll also start to see new a-la-carte criminal solutions.

“Money Laundering Meets Machine Learning: We also expect that money laundering will get a boost from automation. Setting up money mule recruitment campaigns has historically been a time-consuming process. We anticipate that cybercriminals will start using machine learning (ML) for recruitment targeting, helping them to identify potential mules better while reducing the time it takes to find these recruits. Over the longer term, we expect that Money Laundering-as-a-Service (LaaS) is also on the horizon, which could quickly become part of the growing CaaS portfolio.”

For the rest of this top-rated security predictions article, including the industry predictions 6-12 (by company) in Part 1 of The Top 23 Security Predictions of 2023 see the original post on the Government Technology Magazine website at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-top-23-security-predictions-for-2023-part-1