Expel insider · 3 MIN READ · DAVE MERKEL, GREG NOTCH, MATT PETERS AND CHRIS WAYNFORTH · DEC 21, 2022 · TAGS: Cloud security / MDR
It’s that magical time of year when security folks dust off their crystal balls and do their best to gaze into the future—hazarding a (well-informed) guess at what’s on the horizon for cybersecurity in 2023.
A few leaders on the Expel team took some time to reflect on learnings from this year—from our own customers and the broader security community—to share what they think is next for the industry in the new year. Here are their thoughts.
1. The cyber-insurance industry is ripe for disruption.
Cyber insurance is an expensive, complex, and difficult necessity in the cybersecurity industry. It’s rapidly becoming a more expensive line item in a Chief Information Security Officer’s (CISO’s) budget, and we can expect new and innovative approaches to risk assessment to emerge. As companies look to secure cyber insurance, they’ll apply additional pressure on their supply chain to provide demonstrable proof that their downstream suppliers are able to respond effectively and in near real-time to cyber incidents—incidents that have the potential to affect the company’s own response (like when Toyota halted production following an attack on a supplier earlier this year).
– Chris Waynforth, General Manager, EMEA
2. Everything old is new again, as attackers bypass MFA by targeting the user.
Since “secure by default” configurations have become more common, we’re going to see attackers investing more of their time targeting the user. Our security operations center (SOC) saw this trend in the third quarter (Q3) of 2023, as users increasingly let attackers in by approving fraudulent multi-factor authentication (MFA) pushes to enact business application compromise (BAC) attacks. In fact, MFA and conditional access were configured for more than 80% of the cases where the attackers were successful in Q3. (More on this in our quarterly threat report recap for Q3.)
In theory, none of these hacks should have succeeded, but the attacker tricked users into satisfying the request by hitting them with a barrage of MFA notifications until they eventually accepted one. For some organizations, this shift in attacker strategy will drive adoption of technologies like Fast Identity Online (FIDO). For others, especially those that struggled to implement MFA in the first place, it won’t. For those companies that do button up effectively, attackers will turn back to targeting the infrastructure and applications.
– Matt Peters, Chief Product Officer
3. CISOs will have to learn to frame security risk as a business factor.
Company boards are having broader conversations around risk and as a result, security leaders will need to translate risk into business outcomes enabled by security investment. As macroeconomic conditions drive changing priorities, security leaders will need to adopt a more framework-based approach to demonstrate return on investment (ROI) for their boards. Security leaders unable to make the connection to business outcomes will struggle career-wise, struggle for budget, and struggle for relevance in the business decision-making processes of their organization.
– Dave Merkel, Chief Executive Officer, Co-founder
4. Macroeconomic impacts will force companies to scrutinize security spend.
For many security leaders, the changing macroeconomic climate will shift the focus toward cost-conscious decisions and the consolidation of cybersecurity investments. Until now, companies have taken a “more is more” approach to cybersecurity products and services, tacking on tools to their arsenals to combat the growing threat landscape. But next year, they’ll face tighter budgets and the need to prioritize.
This consolidation can be a good thing, as it will force focus on quality outcomes, and a move away from the model of loosely integrated solutions that simply deliver more alerts. Companies have increasingly turned to managed detection and response (MDR) providers to help manage this, and that trend is only going to continue. Many security leaders recognize it can be more effective and economical to optimize their operations with outside experts. For those that do continue to handle this internally, they’ll be pressured to drive cost efficiency, and with greater urgency than in previous years.
– Greg Notch, Chief Information Security Officer
5. The available cybersecurity talent pool is about to get a lot bigger.
As tech companies are forced to enact layoffs because of the macroeconomic climate, more professionals with technical skills will enter the job market. For companies fortunate enough to still be in the position to hire, this will present a unique opportunity to select from an increased talent pool of skilled technical workers—at a time when the cybersecurity “skills gap” still makes the headlines daily. Not to mention, the diversity that comes from an expanded hiring pool leads to organizations that are more successful at attracting and retaining employees.
– Dave Merkel, Chief Executive Officer, Co-founder
At the beginning of this year, we took a deep dive into the data our SOC ingested from the previous year to predict what was in store for 2022 with our first-ever Great eXpeltations annual report. Keep an eye out for the next iteration of this report, full of year-end analysis and predictions like these, coming in January 2023.