If someone were to tell you that duelling AI bots, rogue avatars and digital warfare would be a staple of 2023, you might not want to leave the house. But then cybercriminals are also expected to target critical infrastructure that could see your lights go out at any moment, so the cyber threat could reach you there too. Take comfort from the fact that reinforcements are on their way and that the cybersecurity industry is trying to recruit 3.4 million additional professionals to neutralize the threat.
The fact is that the rate of cyberattacks is increasing. There are currently over two million of them per year with an estimated economic cost of $10.5 trillion worldwide by 2025 (up from $3 trillion in 2015 and growing 15% per year).
2023 promises to be a busy year for cybersecurity. Here are the five key trends shaping it:
1. The cybersecurity arms race will accelerate.
With cybercriminals and cybersecurity experts both using advanced technologies like AI to both breach and protect connected systems, the battleground is getting ever more sophisticated. In the case of cybersecurity defense, AI has so far mainly been used to identify patterns of unusual behavior for humans to respond to. Due to the volume of suspicious activity and number of false positives, cybersecurity staff are often overwhelmed.
The good news is that in 2023 and beyond we should be able to put more trust in machines and use AI to automate security controls and response mechanisms – helping us to respond to cyberattacks faster and more accurately, reduce possible downtime, and protect personal and business-critical data.
However, while AI can automate the process of detecting threats and stopping them in their tracks, it is based on an understanding of what is being looked for – an incentive for cybercriminals to dream up never-before-seen attacks, and for companies to continue to keep pace with emerging trends. Then there’s the development of quantum computing which could one day see today’s defenses breached in seconds.
2. We’ll need to be cautious about who we think we’re talking to in the metaverse (while keeping a firm hold of our digital wallets).
2023 is set to be an important year for the metaverse with Meta, Microsoft, Virbela and others counting on virtual worlds going mainstream. At DXC Technology for example, a recent staff survey revealed that 57% of employees have already attended an event in our private metaverse environment, with over a third report being more engaged in their job because of it. In contained, safe environments, the metaverse can add an exciting 3D dimension to work, rest and play. But in any vast, sprawling digital world there is a question of veracity. How do you know that the person you think you are talking to is who they say they are? Especially when their “identity” is that of a digital avatar that may or may not bear any resemblance to their physical being. Digital certificates, perhaps built on the blockchain, could help.
Digital certificates could also help to secure virtual transactions in the metaverse, where users will be tempted to part with hard-earned cash from their digital wallets for services which may be unrendered and unreal. In 2023, as the metaverse continues to expand, so too will our awareness of these risks and the best ways to address them.
3. Geo-political cybersecurity attacks will increase but will also lead to innovation in defense.
Russia’s attack on Ukraine has reminded us in the most stark and brutal way possible that warfare is now hybrid and the risk of geopolitically motivated cyberattacks is very much real. To underscore how worryingly commonplace cyberwar is, we only need reflect on the fact that many cyber insurance policies are now being written to exclude acts of cyberwar, creating challenges for cyber risk mitigation.
With onging geopolitical tensions, the cyberwar threat is set to continue in 2023. In fact, with more than 70 countries set to hold government elections in 2023 (events frequently targeted by state-sponsored actors), it will be a challenging year for cybersecurity defenses.
However, there is a lot that we can learn from what we’ve seen in the last 12 months. Lindy Cameron, chief executive officer at the National Cyber Security Centre, called Ukraine’s cybersecurity response to Russia as “exemplary” saying that there is much that we can learn from it.
4. Cybersecurity attacks will target critical national infrastructure that supports our homes.
When the lights go out or the gas is cut, you are not likely to assume that the local electricity provider or energy grid has just fallen victim to an industrial cybersecurity breach. But it’s a growing threat.
Operational Technology (OT) cybersecurity is the emerging battleground of cyberattacks on the systems that control and automate factories and civil infrastructure like power stations and dams. With many of these systems now connected in some way to the internet, they are becoming more prone to cyberattacks.
In 2022, international cybersecurity authorities issued multiple alerts about malicious Russian cyber operations and potential attacks on critical infrastructure, and the discovery of new OT-specific pieces of malware such as Industroyer2 and InController/PipeDream.
As with cyberwarfare, continuing geopolitical tensions will have an impact here. The OT cyberthreat will grow in 2023, putting pressure on critical infrastructure suppliers to ensure they stay one step ahead and bake in cybersecurity protection across their organizations.
5. Career opportunities in cybersecurity will grow.
Some estimates suggest that the cybersecurity industry globally is short of 3.4 million workers. With growing threats from advanced technologies, the number is only likely to increase.
The cyber skills gap creates career opportunities for people of all ages and backgrounds. In the UK alone, there are currently over 1,100 cybersecurity opportunities for graduates listed on the careers portal GradCracker. But it’s not just graduates who can benefit. Many companies offer the chance for adults to retrain in cybersecurity — a popular option for veterans who are often well suited to be the boots on the ground in our frontline defense against cybercrime.
The inclusivity of the cybersecurity space extends to neurodiversity. For example, DXC’s Dandelion Program helps neurodivergent individuals with autism, ADHD, dyslexia and other neurological conditions to build careers in the IT industry with opportunities in cybersecurity. So, the growth of the cyber threat is creating a myriad of career opportunities for people of all backgrounds.
The cyber threats of 2023 and beyond are many and they are increasing in speed and complexity. But while the threat is increasing, so too is our ability to apply the latest technologies, approaches and talent to tackle them. In the cybersecurity arms race, the right side must win.
Mark Hughes is president of Security for DXC Technology. He is responsible for DXC’s Security business including cyber defense, digital identity, secured infrastructure and security risk management. He previously led DXC's offerings and strategic partners organization. A Royal Military Academy graduate and British Army veteran, Mark serves on the World Economic Forum’s Global Cybersecurity Board. Connect with him on LinkedIn.