More online fraud, recession-resistant budgets, and continued talent shortages can be expected in 2023, according to cybersecurity professionals.
Online fraud, driven by persistent supply chain shortages and bot proliferation, will continue to rise in the coming year, predicted Benjamin Fabre, co-founder and CEO of DataDome, maker of a bot and online fraud protection solution, in New York City.
“If you look at the volume of threats, they are going through the roof, and it’s not going to slow down,” he told TechNews.
Scarcity caused by supply chain shortages has boosted the prices of many items creating an attractive atmosphere for fraudsters. “We are seeing limited stocks of products creating a bubble around their prices, driving more bot and online fraud activity, which I expect to continue in full force in 2023,” Fabre observed.
Bot usage is gaining momentum going into the new year. “We already started to see this shift lately where a lot of individuals made their own bots to monitor housing price changes, monitor the availability of gaming consoles, and scrape marketplaces with browser extensions,” said Fabre’s colleague, DataDome Head of Research Antoine Vastel.
“We think this won’t stop, as making advanced bots is becoming increasingly easier,” he told TechNewsWorld.
Vastel also forecasts an expansion of scalping activities and the use of scraper bots in 2023.
“While scalping used to affect mostly concert tickets, it has spread to more and more products — sneakers, gaming consoles, GPUs, luxury items,” he explained. “I predict that with the current product shortages and supply chain challenges, scalping will intensify and expand across industries to new items and products, as the potential for resellers to make money increases.”
He also noted that more and more tools are appearing to make it easy to create advanced bots. “Whether it is open-source libraries that enable attackers to forge their fingerprints or bots as a service that make the creation of advanced bots as easy as making an API request, we think this will favor the creation of scraper bots,” he said.
Despite the Cassandra warnings of recession, there remains optimism in the cybersecurity community about spending in 2023. Alberto Yépez, co-founder and managing director of Forgepoint Capital, a venture capital firm in San Mateo, Calif., pointed out that in 2021, cybersecurity spending increased 12% over the previous year to some US$150 billion, and in 2022, spending is expected to break $156 billion.
“This trend will continue in 2023 as the threat landscape grows increasingly more active and complex,” he told TechNews.
“As ransomware continues to skyrocket, organizations will seek support modernizing their defenses and revamping threat detection and response capabilities with the understanding that attacks are now inevitable,” he explained.
The market will be further fueled by regulatory compliance standards, cloud migration, and global digital transformation across business and government, Yépez continued, especially as the hybrid workforce model evolves from a pandemic response to a regular way of doing business.
“All of these components help organizations meet business needs but also simultaneously complicate their cybersecurity posture and create the need for design-to-scale approaches,” he said. “As a result, cybersecurity will continue to cement itself as a key enabler across business functions, and organizations will prioritize proactive investment in 2023.”
Perilous Cost Cutting
Jadee Hanson, CIO and CISO of Code42, a national endpoint security and data protection company, concedes that some organizations will be looking to cut corners by cutting cybersecurity budgets but asserted they do so at their peril.
“Once rumblings of economic uncertainty begin, wary CFOs will begin searching for areas of superfluous spending to cut in order to keep their company ahead of the game,” she told TechNewsWorld.
“For the uninformed C-suite, cybersecurity spending is sometimes seen as an added expense rather than an essential business function that helps protect the company’s reputation and bottom line,” she continued. “These organizations may try to cut spending by decreasing their investment in cybersecurity tools or talent, effectively lowering their company’s ability to properly detect or prevent data breaches and opening them up to potentially disastrous outcomes.
“This should especially be of concern amid persistent ransomware attacks, and 2023 is expected to be another challenging year,” she said. “Companies that maintain efficient cybersecurity resources will fare much better in the long run than those who make widespread cuts.”
Fabre added that he doesn’t see the economy negatively impacting cybersecurity in 2023 because the cost of not investing in cybersecurity is too great. “Companies have too much to lose — financially, reputationally, competitively — if their or their customers’ data is breached.”
“When you consider the increasingly scrupulous legal and regulatory environment companies now operate in,” he continued, “the risk of not being privacy compliant or secure outweighs the short-term benefits of reducing cybersecurity budgets.”
Talent Gap To Continue
As in past years staffing problems will continue to plague the cybersecurity industry in 2023. “We’re starting to accept the cybersecurity talent gap as an ongoing challenge, and this will continue into the new year as we struggle as an industry to encourage younger generations to enter the field,” observed Caroline Vignollet, senior vice president of research and development at OneSpan, an identity security company in Chicago.
“Cybersecurity education is pivotal, and while we see more universities developing cyber courses, they still remain very small in comparison to the critical challenges organizations face daily,” she told TechNews.
“For this new generation to be successful,” she continued, “universities must expand cyber education and provide real hands-on cyber training, not just theoretical training.”
Companies and employees need to do their part, too, she added. “Every person in an organization plays a role — even if it’s just increasing awareness around phishing emails and avoiding insecure links,” she said.
Vignollet urged organizations to support their cyber teams better. “As cyber leaders, we have a responsibility to create safe environments and make this known to anyone interested in the field,” she observed.
“In fact, one of the most important key performance indicators to look for within employee engagement surveys is whether employees feel comfortable talking to leadership,” she noted. “It’s the strongest way to avoid burnout as this widening talent gap continues into 2023.”
By: John P. Mello Jr. A Cybersecurity Writer