2023 – Cybersecurity and Privacy Predictions for the Coming Year

Keeping Your Data Secure and Private in 2023 – Cybersecurity and Privacy Predictions for the Coming Year

Cybersecurity and Privacy – A 2022 Recap

These days it can feel as though ways to protect yourself online drastically change from year to year. Of course, there are a few best practices that have — and will — continue to remain valid approaches. However, trends can be identified each year in the cybersecurity and privacy protection world as new methods and techniques become commonplace.

One of the most notable cybersecurity trends during 2022 was the increased adoption of protective DNS services like Quad9. Other cybersecurity and privacy trends that 2022 experienced include advances in AI-powered cybersecurity features, improved public knowledge of ransomware threats, and even some movement on the legislative front regarding cybersecurity regulations. However, as cybersecurity and privacy tools become more readily available, so does the growing threat of malicious actors creating new methods to access your private information. That’s why staying up to date on the latest and upcoming ways of protecting your online presence is more important than ever before. Let’s look at a few cybersecurity trends we expect to see in 2023.

2023 Cybersecurity and Privacy Protection Predictions

Continued Adoption of Protective DNS Services – As mentioned, DNS threats have increased over the past several years. For a deeper exploration of DNS threat growth and impact, we recommend checking out the IDC Global DNS Threat Report. Much to the chagrin of bad actors, adopting protective DNS services is expected to continue its upward trajectory, likely eclipsing 2022 adoption rates.

Hardware-Based Authentication – Although multi-factor authentication tools provide an additional layer of security, they’re far from impenetrable, considering they’re often tied to devices like cell phones, SMS messages, or mobile apps — all of which can be compromised. Given these vulnerabilities, we expect a segue from multi-factor authentication tools to hardware-based authentication. Devices like YubiKey or Titan Security Keys further support the departure from password-based authentication and are paving the way for more robust methods like biometric and hardware-based authentication.

Development of Hybrid Cloud Models – As international privacy laws advance, hybrid cloud models will become the wave of the future, especially for businesses that host users’ private data. With hybrid clouds, companies will likely begin hosting sensitive and/or personal data internally. In contrast, once anonymized, the aggregate of said data will be cloud hosted. This may not appear much different than the original use case of cloud models. Still, the rapid adoption of business cloud models led to a degree of blind trust in the system. For example, a healthcare startup with a few dozen customers will likely have trouble finding an economical HIPAA-compliant cloud. The expected future solution to this scenario is hybrid cloud models. In this example, the startup mentioned above would host sensitive data internally. At the same time, a third-party cloud service would house anonymized data intended to be shared.

Artificial Intelligence & Machine Learning Threat Prediction – Cybersecurity has become an excellent use case for artificial intelligence and machine learning. We expect their use in cybersecurity to continue growing. For example, machine learning — specifically, deep learning techniques — has become pivotal in detecting malicious domain generation algorithms (DGAs). Before this technique, identifying DGA domain names primarily relied on reverse-engineered malware threat lists which can often be inconsistent or lacking in coverage.

How Can Individuals and Businesses Better Protect Their Data in 2023?

Utilizing services like Quad9’s public and free encrypted DNS service and implementing hardware-based authentication tools can reduce the chances of compromising an individual’s online information. Still, we implore users also to consider the aspirational goal of owning their own data. Although the world may be a few years from this being a reality, it is essential to begin conversations around this topic as early as possible. There’s currently a significant gap in trust between individuals and companies that house large swaths of personal data. By allowing users to decide what is shared and what isn’t, this lack of B2C trust could be bridged.

Many of the previously discussed methods will be paramount to businesses protecting their data and users’ data in 2023, along with things like robust employee training surrounding ransomware and phishing threats. The concept of Zero Trust architecture is also poised to see continued adoption. There is no better time than now for businesses to consider potential adverse outcomes or impacts of their actions, be it maintaining poor security practices, jeopardizing private user information, or the slow adoption of the latest cybersecurity and privacy protection tools. As consumers become better informed on cybersecurity best practices, businesses will need to meet the expectations of their users to protect their data adequately. Additionally, many governments are beginning to implement legislation requiring more robust consumer data protection. According to the National Conference of State Legislatures, in 2022 in the US, over 250 bills or resolutions targeting improved cybersecurity were considered by around 40 US states and Puerto Rico. Twenty-four states enacted 41 of those bills. Internationally, legislation surrounding improved cybersecurity measures has also continued to garner momentum. Considering the European Commission estimated that the global impact of cybercrime reached €5.5 trillion at the end of 2020, it is no surprise that 2022 saw several updates to European Union cybersecurity legislation. Improvements include enhanced protection of EU digital infrastructure and stricter information security regulations for mid-sized and large businesses. Legislation requiring firms to provide better cyber safety is a trend that is almost certain to see continued growth in the coming years — meaning companies should act sooner than later to develop and implement improved cybersecurity measures.

References:

_{1.https://www.eccouncil.org/cybersecurity-exchange/career-and-leadership/federal-cybersecurity-laws-june-2022/#:~:text=U.S.%20Passes%20New%20Cybersecurity%20Legislation,two%20cybersecurity%20bills%20into%20law.}

_{2. https://www.efficientip.com/resources/idc-dns-threat-report-2021/}

_{3.https://www.ncsl.org/research/telecommunications-and-information-technology/cybersecurity-legislation-2022637922035.aspx}

_{4.https://digital-strategy.ec.europa.eu/en/library/cybersecure-digital-transformation-complex-threat-environment-brochure}

_{5. https://www.europarl.europa.eu/news/en/press-room/20221118IPR55705/meps-approve-new-rules-to-protect-essential-infrastructure}

_{6. https://www.europarl.europa.eu/doceo/document/TA-9-2022-0383_EN.html}