Three Cybersecurity Predictions for 2023

Dec. 19, 2022
Mark Houpt, Chief Information Security Officer at DataBank, looks at 2022, how geopolitical events have led to new cybersecurity risks, and three trends he believes the entire industry should continue to focus on in 2023.

About this time last year, I was interviewed by Forbes as part of an article on 8 Crystal Ball Predictions About Cyberattacks in 2022. At the time, I predicted that we’d all have to be much more vigilant in defending against cyberattacks from state-sponsored groups around the world. It was a real concern then and I believe it will continue to be in 2023, especially as a growing number of countries and independent groups now possess powerful cyber capabilities and have demonstrated a willingness to use them. As we all know too well, these capabilities can be used to deploy ransomware, distributed denial of service (DDoS), or other cyberattacks against specific companies, critical infrastructure, or commercial systems.

Fortunately, the U.S. government or American companies were not affected to the level in which they were in 2021, by any major cyberattacks from nation-states in 2022, but I still believe this is a major concern and, collectively, we should not let our guard down now. Tensions around the globe are increasing in areas such as Northeast Asia, the Middle East, and Eastern Europe. So many different parts of the world now represent a powder keg, just waiting for a small spark to explode—leading to major implications for the U.S. and our interests.

For example, consider where an Iranian patrol boat attempted to user lasers blind the eyes of personnel on the bridges of two U.S. Navy ships in the Strait of Hormuz and took other unsafe and unprofessional actions on December 5, 2022. While this may have had something to do with the United States’ defeat of Iran in the World Cup, it’s the perfect example of how relatively minor actions could have provoked a larger response and started a domino-effect chain of events with global geopolitical repercussions that include cyber responses. Cyber responses are frequently an easy avenue to express rebuke or aggression as they are many times under the wraps of the Internet and not as deadly as kinetic warfare.

While many of the 2022 predictions represented valid concerns, the good news is that we simply did not experience all of them in the way we envisioned. Yet, one stood out: the fact that cybercriminals will continue to adopt more sophisticated cyber strategies to do harm as they try to stay a step ahead. With this in mind, I have three additional cybersecurity predictions for 2023.

Prediction #1: New Conflicts Will Begin as Cyber Events

We’ve officially reached the point where modern warfare will most likely start as a cyber event rather than a physical (kinetic) demonstration of force. While not widely reported, this happened to Ukraine in February 2022: Russian-sponsored cybercriminals hit Ukraine’s infrastructure and other systems with crippling DDoS and other cyberattacks more than a week before the high-profile Russian land invasion on February 24, 2022.

I believe this will now become the norm. If there is a major conflict or an advance in an existing conflict, the first waves will be cyber—cyberattacks against critical infrastructure, service providers, and essential government entities. This can be an extremely effective way to disrupt communications and take important operations and services offline as well as prove a capability.

Prediction #2: The Increased Weaponization of Social Media

I also believe that we’ll see Twitter, Instagram, and other social media platforms start to be used as an actual weapon. This will evolve past the standard ways that social media platforms are used to distribute information, share videos, and solicit support and assistance during times of war and conflict. Now virtually anyone can use social media and other technology to track and target the opposition. We’ve already seen examples in the current war in Eastern Europe where both sides have used open-source intelligence from social media sites as well as IP address tracking to develop very effective bombing campaigns.

Fortunately, the United States is not in such a conflict, but the takeaway is still important for our cybersecurity defenses. Companies need to be very careful about what information they or their employees share and protect other technical details as much as possible to bolster their cybersecurity defenses.

Prediction #3: Banning of Foreign Equipment and Technology

I think we’ll start to see more scrutiny related to sanctions and even banning foreign-made equipment and technology in the United States and possibly even within NATO countries. For example, recreational drones are becoming more popular in the U.S. today, and now offer the latest advances such as high-resolution cameras that are so accurate they can use geolocation data to identify and track images within just a few feet.

However, there’s a real concern about the data these products collect, and more specifically, if it could be sent back to the countries that manufacture them. If so, what is the purpose, and what is this data being used for? It’s similar to the dilemma we’re currently facing with TikTok: Should this app be completely banned due to data security concerns, or should the United States require TikTok to establish new U.S.-based entities that won’t be allowed to share any data with their country of origin? This is a real debate inside the FCC and Congress as this article is being written.  

Again, this prediction has real cybersecurity implications for government organizations, the industrial sector, and private companies. Imagine if a foreign power used data collected from products and technology that were strategically placed in the United States as part of a powerful cyberattack. It’s possible a rogue nation-state or other group could target vital infrastructure such as power and energy, gas pipelines, telecommunications, water, or even roadways—which could be devastating.

Stay Vigilant

In many ways, 2022 has been a turbulent year, and unfortunately, one where global geopolitical developments could potentially put U.S. companies at more risk. For data center providers and their customers, this means now is the time to thoroughly assess their existing cybersecurity defenses. There’s a saying in the cybersecurity industry today: “It’s not if you’ll come under attack, but when.” Knowing this, while also considering where new cyberattacks could come, may help give you the upper hand against new adversaries in 2023.

Mark Houpt brings over 30 years of extensive information security and information technology experience in a wide range of industries and institutions. He is Chief Information Security Officer at DataBank.

About the Author

Voices of the Industry

Our Voice of the Industry feature showcases guest articles on thought leadership from sponsors of Data Center Frontier. For more information, see our Voices of the Industry description and guidelines.

Sponsored Recommendations

Tackling Utility Project Challenges with Fiberglass Conduit Elbows

Explore how fiberglass conduit elbows tackle utility project challenges like high costs, complex installations, and cable damage. Discover the benefits of durable, cost-efficient...

How Deep Does Electrical Conduit Need to Be Buried?

In industrial and commercial settings conduit burial depth can impact system performance, maintenance requirements, and overall project costs.

Understanding Fiberglass Conduit: A Comprehensive Guide

RTRC (Reinforced Thermosetting Resin Conduit) is an electrical conduit material commonly used by industrial engineers and contractors.

NECA Manual of Labor Rates Chart

See how Champion Fiberglass compares to PVC, GRC and PVC-coated steel in installation.