Venafi releases top 10 cybersecurity trends for 2023

Venafi, the inventor and provider of machine identity management, today released its predictions for the cybersecurity landscape in 2023, indicating that this will be one the most challenging years yet for the cybersecurity industry.

“With economic uncertainty casting a heavy shadow across the globe, the geopolitical landscape the most unstable it’s been in decades and cloud migration marching on relentlessly, cybersecurity has never been more important. This will present unprecedented challenges for security teams in 2023,” comments Kevin Bocek, VP of security strategy and threat intelligence at Venafi.

The predictions include insights from Bocek; Matt Barker, president of cloud native solutions; Yana Blachman, threat intelligence specialist; Sitaram Iyer, senior director of cloud native solutions; and Pratik Savla, lead security engineer, on the year ahead. Highlights include:

1. “The ransomware cash cow may stop mooing in 2023, forcing hackers to pivot to other revenue generators – like selling stolen machine identities. We’ve already seen a high price for code signing machine identities on dark web markets, and groups like Lapsus$ regularly use them to launch devastating attacks. Their value will only increase this coming year.” – Kevin Bocek
2. “In 2023, we will see continued efforts to manage the risk posed by software supply chain attacks, with more start-ups and open source tools – like cosign and sigstore – designed to help in this area. Biden’s SBOM initiative has helped bring attention to the requirement, with The OpenSSF leading the charge. As a result, we expect to see some positive movement in this space.” – Matt Barker
3. “Russian cyberattacks will aim to disrupt the West’s greatest asset – their economies – as Russia is excluded from the international finance community. Cyber-enabled economic warfare will be crucial to Russia’s geopolitical strategy, with the aim of either generating revenue or disrupting rival economies. We’ve already started to see this with recent attacks on the US Treasury.” – Yana Blachman
4. “Nation state attacks will become more feral as ground war tactics become more untamed and unpredictable, bringing the cyber and physical worlds into a collision course. These will have the potential to spill over into other nations, as Russia becomes more daring, trying to win the war by any means – and could be used as a distraction to target other nations with cyberattacks.” – Kevin Bocek
5. “The rise of the platform engineering team will be one of the big trends of 2023. Cloud Native reimagines how companies think about building and operating infrastructure; they require a totally new team to build and support it. Platform engineering teams will build on the learnings of DevOps culture, encompassing every persona needed to build and run IT infrastructure – including Dev, Security and Operations.” – Matt Barker
6. “As we build our knowledge of cloud risk, we’ll start to uncover breaches we knew nothing about. We’ll find that threat actors are ahead of the curve and have already infiltrated cloud networks – perhaps weeks, months or even years ago.” – Yana Blachman
7. “There will be more failed audits in regulated industries as multi-cloud, multi-cluster complexity causes companies to breach compliance requirements. The increased volume of machine identities in cloud native environments will make compliance with regulations on machine identity management a real challenge. If this process isn’t automated via a control plane, failed audits will become commonplace.” – Sitaram Iyer
8. “With cloud costs predicted to rise by as much as a third in the coming year, we will see an increased focus on FinOps – i.e., financial operations – a management practice to promote shared responsibility for an organization's cloud computing infrastructure and costs. How FinOps is implemented in Cloud Native and which tools you should use to help manage it, including security solutions, will come into sharp focus in 2023.” – Matt Barker
9. “In 2023, API security will rise to the top as one of the biggest concerns and priorities for enterprises as organizations increasingly move to an API-first software development approach. This exponential adoption of APIs will exacerbate security concerns, with the potential to cause significant security breaches.” – Pratik Savla
10. “As recession bites, we expect to see more everyday people turning to cybercrime as a source of income in 2023. Ransomware-as-a-Service (RaaS) and Malware-as-a-Service (MaaS) will rise, as they enable people that don’t have technical skills to launch attacks.” – Yana Blachman