Accenture shares 9 cybersecurity predictions for 2023

With a recession potentially looming in 2023, businesses are feeling the pinch to strengthen their cyber resilience to avoid unpleasant surprises, with cyber security experts expecting an increase in cyber crime.

Recently, VentureBeat caught up with some of Accenture’s top cybersecurity analysts, who detailed their security predictions for 2023.

Accenture’s forecasts include growth in: destructive and non-financially motivated cyber attacks; the cybersecurity talent pool; automatic response technology; and “steal now, decrypt later” quantum threats.

Below is an edited transcript of their responses.

1. Geopolitics, economic uncertainty and destructive cyber attacks will lead to intensification challenges

“Economic uncertainty and increased global tensions will fuel a resurgence of cyber attacks from groups that are becoming increasingly structured, organized and destructive,” said Paolo Dal Cin, global leader at Accenture Security. “While the ransomware trend will continue, we believe it will be less focused on profit and more focused on wreaking havoc and destroying data.”

Unfortunately, the barrier to entry for potential threat actors is now even lower because the malware is written using natural language processing (NLP) supported by artificial intelligence (AI), he said.

The seeds of some of these trends were planted with Russia’s invasion of Ukraine, when Accenture’s Cyber ​​Threat Intelligence team uncovered a significant increase in hacktivist activity targeting Western entities.

“The good news: We believe this geopolitical turmoil and the nature of destructive cyber attacks should, and likely will, accelerate allied countries’ efforts to share more threat intelligence information,” Dal Cin said.

Furthermore, the ability and willingness to share information about zero-day vulnerabilities and third-party cyber incidents will become the foundation for security as attackers focus on national infrastructure, he said.

2. Evolving threat tactics require a renewed focus on digital identity

“With more organizations armed with strong endpoint protection software, cyber attack techniques are likely to evolve to evade sophisticated detection technologies,” said Robert Boyce, global cyber resilience leader at Accenture. “As detection technology becomes a standard, threat actors are thinking outside the box.”

In 2023, he expects to see more tactics involving legitimate access to a corporate network that no longer involve the deployment of malware. The focus will be on living off the land techniques to exploit what is already available in the victim environment.

“Threat actors will either buy access or use social engineering techniques to gain access to a network and avoid detection [by] using a standard user profile so that the company can pass as an employee,” said Boyce.

Significant damage can be done without sophisticated malware, he said. So organizations need to think ahead about their identity principles, and how they can implement more detection and protection controls.

“It will be more critical than ever to have a baseline understanding of typical user behavior associated with users or groups of users to identify the anomalies,” Boyce said.

3. Broader talent pools will strengthen cybersecurity

“Given our work, we know well the challenges of hiring skilled professionals to meet market demand, and have learned to adapt what we do to attract and retain the best cybersecurity talent,” said Ryan LaSalle, North -American security leader at Accenture. “To expand the talent pipeline in 2023, employers will expand further to evaluate candidates based on their skills, experience and potential.”

He expects employers to modify job descriptions to reflect what is actually required to enter the cyber workforce. He predicts that leading organizations will invest more in programs that connect with higher education and other industry partners that can work together to identify untapped sources of talent and develop cyber professionals where they may not already exist.

Apprenticeship programs, training programs and public-private partnerships will also play a major role in unlocking cyber talent in the new year, he said. “This will improve diversity in cybersecurity, which in turn will drive increased innovation and better protect our communities.”

4. Protecting people: Cyber ​​security for critical infrastructure will play a central role

“In 2023, critical infrastructure will remain a prime target for cyber adversaries and individual bad actors,” said Jim Guinn, global cyber industry (including OT/IoT) head at Accenture. “Plain and simple, that means more lives will be at stake.”

Critical infrastructure organizations will need to sharpen their focus on regulatory compliance, he said, including creating an enduring program to understand and comply with a growing list of regulations across a growing number of jurisdictions.

“This will require organizations to lean in and work with governments and regulators, including advising working groups and policymakers on industry-specific needs to ensure regulations are as effective as possible without overburdening organizations,” Guinn said.

5. Increasingly, automated responses will become core technology for the cyber-resilient business

“As the cyber threat landscape evolves, we will see the number of cyber opportunities and organizations held for ransom continue to increase,” said James Nunn-Price, growth markets security leader at Accenture. “With this increase, organizations will continue to make significant investments in their situational awareness, threat-based security monitoring, incident response and crisis management practices.”

However, many organizations, including those with mature practices, still rely too much on people, and that can delay detection and responses, he said. For example, Accenture found that even when security monitoring teams took action to mitigate attacks, it was still too late to stop data exfiltration.

Attackers use the latest tools and automated technologies to strike fast and hard – to exploit key data and damage infrastructure in minutes.

“In 2023, more organizations will prioritize fully automated response technology as the impact of a successful breach now far outweighs the risks of these newer technologies, which in turn frees up their people to focus on how the business can become more cyber resilient , Nunn-Price said.

6. Bring to the table: Those at the very top will dive deeper into cyber surveillance and reporting

“As we enter 2023, we expect the growing cyber risk environment and increasingly complex regulatory environment to energize boards,” said Valerie Abend, global cyber strategy leader at Accenture. “They will become much more persistent and deliberate, moving from quarterly or annual updates to regular consideration of cyber risk across all areas of the business and management’s efforts.”

In turn, she said, that will prompt other members across the C-suite to “upgrade their knowledge and active involvement in managing this risk environment.”

7. Lock down cloud security: Seek more innovation and collaboration

“Cloud service providers are providing more security service features that meet compliance standards, and at the same time, third-party cloud security providers are going the extra mile by focusing on product innovation and integration with cloud platforms,” ​​said Dan Mullen, global cloud. and infrastructure security leads at Accenture.

A practical example, he said, is the cloud service provider that manages easy, natural consumption of cloud security services and expands many native security services to a commodity state that causes the backlog of third-party security product features through development roadmaps to remain competitive.

“These complimentary trends will lead to improved security and control coverage – with the added bonus of greater flexibility,” Mullen said.

8. Quantum realities: New computing capabilities will require new levels of security

“Advances in quantum computing bring adversaries ever closer to a ‘cryptographically relevant quantum computer’ that can crack all—yes, all—of the public-key encryption that protects most everything in government, industry, and the Internet,” says Tom Patterson , global quantum and space cybersecurity lead at Accenture.

The growing danger in 2023 will be more “steal now, decrypt later” thefts of fully encrypted sensitive information, he said. The idea is that even if the stolen information cannot be deciphered now, advances in quantum computing will soon crack the keys.

“Fortunately, 2023 will also see the early development and adoption of new post-quantum encryption algorithms, thereby improving resilience, integrity and privacy even in the quantum computing era ahead,” Patterson said.

9. Cyber ​​security training will be applied to specific roles and business environments

“Fundamentally, the industry is struggling to connect the realities of mature cyber security learning best practices with how organizations need to run their businesses efficiently and effectively,” said Shelby Flora, cyber resilience talent and organization head and UK cyber protection at Accenture.

The industry needs to shift to identifying the pockets of the organization that need a little more attention – including focused education and re-skilling – and then reduce friction and give time back to the business in the pockets that show lower human risk. said Flora.

“In 2023, more organizations will begin to shift cybersecurity training content and approaches to a more customized training experience that is targeted to the trainee’s role and their business responsibilities,” said Flora. “That means going beyond ‘how to spot a phishing email’ to more sophisticated education to better build employee awareness.”