Cybersecurity continues to be a top concern for companies all over the world. Tech research and consulting firm Gartner estimates that global spending on information security controls and risk management products and services will total more than $188 billion in 2023—an 11 per cent increase over 2022.
So, given the growth in this field, what can you expect in the year ahead?
In this post, we provide an in-depth description of the top projected cybersecurity trends in 2023, including potential threats and common security measures that will likely be widely implemented. We also look at the state of the cybersecurity job market in Canada and highlight a few roles that are in demand right now.
Keep reading to learn about emerging trends that will have an impact in 2023.
TABLE OF CONTENTS
- Software as a Service
- Automotive Hacking
- Zero Trust
- Passwordless Authentication
- Healthcare Sector Security
- AI and Machine Learning
- Supply Chain Attacks
- Cybersecurity Careers in 2023
- 2023 Cybersecurity Salary
SOFTWARE AS A SERVICE
Software as a Service (SaaS) refers to cloud-based business applications that are sold on a subscription model. SaaS applications have become enormously popular for their convenience and easy scalability—especially with the move to remote work accelerated by the pandemic.
However, the surge in SaaS adoption has not always been accompanied by adequate attention to security. In a 2022 survey, 81 per cent of organizations said they’d upped their spending on business-critical SaaS applications, but only 55 per cent had increased their spending on SaaS security staff. The same survey found that nearly two-thirds of respondents had had a SaaS misconfiguration resulting in a security breach or incident.
And when employees take it upon themselves to use SaaS apps that the IT department is unaware of, the security risks increase. This is far from uncommon: some research suggests that 80 per cent of workers use applications that IT never vetted or approved.
Addressing this lack of visibility and devising controls around SaaS applications will be a major challenge for organizations in 2023.
As vehicles integrate more connective technology, the associated security risks also multiply. Anything that connects to the internet can potentially be hacked.
Bad actors can exploit vulnerabilities in application programming interfaces (APIs) to gain remote access to critical vehicle systems, including locking, starting, steering, and braking. That means criminals can hack a car without being anywhere near it.
In late 2022, security researcher Sam Curry discovered a loophole in the Sirius XM app that allowed him and his team to gain control of remotely connected vehicles from multiple manufacturers. All they needed was the car’s vehicle identification number (VIN). The loophole has since been closed, but the incident demonstrates the seriousness of the problem.
Another emerging threat relates to electric vehicles—specifically, the public charging infrastructure. Most EV chargers use firewalls to keep data secure, but a Sandia National Laboratories study found that not all do. The study also found that it was possible to terminate a charging session from more than 50 yards away. That has potentially huge implications not just for individual drivers, but also entire fleets of electric vehicles used for law enforcement and other purposes.
Some electric vehicle charging stations are vulnerable to hacking
While not new, the common cyber threat of phishing attacks will continue to pose a major problem in 2023. Scammers are expected to find even more sophisticated ways of using fake and suspicious email attachments to fool people into revealing sensitive data or clicking on malicious links that download new malware onto their devices.
Phishing is increasingly being done by text (which is sometimes dubbed SMShing or smishing). More than 80 per cent of phishing messages submitted to the Canadian Radio-television and Telecommunications Commission’s spam reporting centre between July and September 2022 were text messages. These messages are often designed to look like they come from government agencies, financial institutions, or telephone or streaming service providers.
Smishing tends to have a higher success rate than email-based phishing because people aren’t as likely to ignore texts, and many people check or respond to texts while distracted. In fact, click-through rates for links in SMS messages are up to eight times higher than for links in emails.
And with more people accessing corporate systems or data from their personal phones, a single smishing attack can result in a major security breach.
Zero trust is an approach to cybersecurity for business that requires all users to be continuously authenticated and validated before being given access to data and applications. This contrasts with the traditional model of network security, which relied on a perimeter and operated on the concept that once a user was inside, they could be implicitly trusted. With zero trust, the motto is “never trust, always verify.”
The idea that even known users should be challenged while on the network has been around for many years. However, it really gained steam during the pandemic, when huge numbers of people began working from home and using their own devices to connect to corporate networks. Perimeter-based security has become increasingly irrelevant in a world of cloud computing and distributed workforces.
You can expect zero trust to remain one of the top technology trends for the next few years. Indeed, Gartner says zero trust is currently the fastest-growing segment in network security, projected to increase by 31 per cent in 2023.
Passwords can actually be a cybersecurity nightmare. Many people use the same credentials for everything or resort to writing passwords down in order to remember them. Plus, any system that relies on passwords is vulnerable to phishing attacks and requires ongoing management.
That’s why passwordless authentication is expected to become even more popular in 2023. In this model, authentication is based not on something the user knows, but on something they possess (i.e. a phone) or something they are (i.e. a biometric measure like a fingerprint).
It’s not technically the same as having a one-time code texted to your phone. In true passwordless authentication, passwords and PIN codes are never used, not even as backup.
Instead, you sign in to apps or digital services via a secure key that’s generated by your device. The key only works after the device verifies your identity through a fingerprint or facial scan. There are no passwords to remember or reset. And since logging in requires access to a physical device, passwordless systems are harder to hack.
A growing number of companies are adopting this more secure system as a form of authentication. Notably, Apple and Google are planning to implement passwordless authentication options across all of their platforms by the end of 2023.
HEALTHCARE SECTOR SECURITY
One of the most disturbing technology trends is the rise in attacks on the healthcare system. According to a Check Point report, the healthcare sector saw a 60 per cent increase in cyber attacks during Q3 in 2022 compared to a year earlier—the largest increase of any industry. Unfortunately, this trend is expected to continue into 2023.
In particular, the healthcare sector is a frequent target of ransomware attacks, in which an attacker uses malware to encrypt an organization’s files and then demands a ransom to restore access. Such digital attacks often work because people’s lives hang in the balance; healthcare providers need access to records and systems to treat patients, so many organizations opt to pay up rather than sacrifice care.
Medical records are also a gold mine for hackers because the information can be used to obtain medications, file insurance claims, and more. One report found that cyber criminals can make $50 for even partial patient data compared to $1 for a stolen credit card number.
The need for beefed-up cybersecurity measures in the healthcare sector will be a major theme throughout the coming year.
Ransomware attacks often target the healthcare industry because medical providers are more likely to pay
AI AND MACHINE LEARNING
Artificial intelligence (AI) is expected to play a larger role in cybersecurity in 2023. Machine learning algorithms can take data analytics to a new level, detecting patterns that could indicate an imminent threat. For instance, they can analyze linguistic patterns and help identify the code words hackers use for their techniques.
While AI won’t replace human analysts just yet, it will help those analysts predict, detect, and respond to attacks more quickly and accurately. A 2022 report from IBM found that companies that used AI spent far less time dealing with data breaches compared to organizations that didn’t use the technology—an average of 74 fewer days per attack.
However, it’s not only the good guys who have access to AI and machine learning tools. Malicious actors can also use the technology to identify computer network systems with security holes that are ripe for exploitation. AI can also be used to create malware that gets around firewalls or phishing emails that are extremely personalized and effective.
So while cybersecurity won’t be fully automated in 2023, it will likely rely more on AI-enabled tools.
SUPPLY CHAIN ATTACKS
Another emerging trend involves bad actors getting into enterprise networks through third-party vendors in the supply chain. For instance, vendors might implement software updates meant to bolster security, but those updates may unintentionally introduce new loopholes. Attackers might also create malicious code disguised as the company’s trust certificate and put it on the network.
Hackers like to target supply chains because compromising a piece of software that’s used by multiple companies gives them a chance to infiltrate every organization that uses it.
Tomas Smalakys, CTO of NordLocker, believes supply chain attacks are among the biggest cybersecurity issues going into 2023. “By targeting companies that play critical roles in the activities of other businesses, such as raw materials suppliers or logistics firms, cybercriminals have an ability to grind an entire supply chain to a halt and apply mounting pressure to make victims meet their demands,” he said in a press release. “We already see this trend in 2022, and these types of attacks are only ramping up.”
Targeting suppliers can be highly lucrative for hackers
CYBERSECURITY CAREERS IN 2023
Canada is grappling with a shortage of cybersecurity professionals that is expected to continue. On any given day, there are around 4,000 vacant jobs in this field that need to be filled.
Below are a few examples of cybersecurity roles that have hundreds of job openings across the country right now, according to TECHNATION:
- Operational Technology Systems Analyst: Develop and maintain cybersecurity solutions for systems that control industrial operations
- Security Automation Engineer: Research, develop, and implement automated security solutions
- Supply Chain Security Analyst: Collect data on supply chain vulnerabilities and recommend ways to reduce risks
- Security Architect: Oversee the network and computer system infrastructure for an organization and ensure proper defensive measures are in place
2023 CYBERSECURITY SALARY
PayScale data shows that overall, for jobs in cybersecurity, the salary average in Canada is $83,000. Depending on your specific role, your level of experience, and the company you work for, you could make anywhere from $49,000 to $140,000.
PREPARE YOURSELF FOR THE TOP CYBERSECURITY TRENDS OF 2023
Want to develop the skills you need to defend against the latest attacks and help organizations protect their critical data?
Have a look at the cybersecurity diploma offered by Herzing College. The program takes just 12 months to complete and includes a five-week internship for real work experience.
Click below to learn more about the program and chat live with a friendly admissions advisor who can answer your questions. We’re here to help!