2023 Cyber Pulse

Midyear report: TRENDS & PREDICTIONS

2022-2023 State of the Industry

There was a 38% increase in cyberattacks in 2022. 422 million lives were impacted.

Cybercrime is a nightmare for everyone - in fact, more Americans are afraid of a cyberattack than a nuclear attack - but for businesses that are entrusted with highly sensitive data and personal identifiable information (PII), the pressure is on. There were over 4,000 successful data compromises in 2022, including household names and entire countries.

Here are just three examples.


In September of 2022, Uber's company defenses were hacked by an 18-year-old in a social engineering attack. He sent an Uber contractor a two-factor authentication notification urging the user to click a link for verification. Once the user’s account was compromised, the hacker used the company’s virtual private network to access network resources, gaining access to several of Uber’s systems, including AWS, GSuite, and Slack.

While no customer information was leaked, 77,000 Uber employees had their email addresses and Active Directory information exposed. The hacker also exposed source code, data destruction reports, IT asset management reports, logins, and other company information.


Costa Rica

In 2022, Costa Rica declared a national emergency due to a series of ransomware attacks against critical institutions. The first attacks occurred from mid-April to early May and affected 27 government bodies, including the digital tax service and customs control system, as well as the finance ministry. The attacks impacted an estimated 800 servers and resulted in trade losses of $38 million to $125 million per day.

The second attack targeted the Costa Rican Social Security Fund, with an estimated 10,400 computers and more than half of the servers impacted, causing important healthcare systems to go offline and forcing doctors to cancel appointments.



In November 2022, the global communication app was compromised when a hacker uploaded a dataset to a public black hat hacking crime forum containing what they claimed to be up to-date personal information of 487 million WhatsApp users from 84 different countries. In the forum post, the alleged hacker said that the dataset included “very recent mobile numbers” of WhatsApp users and that among the records were details of 32 million U.S. users, 11 million UK users, and six million German users.

These phone number datasets were listed for sale for a mere few thousand dollars, opening nearly 500 million people up to future phishing and smishing attacks.

Not only are the threats of potential cybercrime growing, but the lack of properly educated and equipped individuals to protect us against them remains a key area of concern.

Organizations of all sizes felt the squeeze at the end of last year and in the beginning of 2023. High-profile layoffs have been in the news, and 85% of respondents in a new study indicated that they believe layoffs will continue to be necessary as the economy slows. Nonetheless, it's clear that U.S. businesses are investing in cybersecurity: Cybersecurity teams will be the least affected by staff reductions, as organizations anticipate an increase in cyber threats in 2023.

An AI generated image of a river and pathway curving through mountains

As we navigate the ever-evolving world of cybersecurity, it can be daunting to keep up with the latest risks and trends. With new threats emerging daily, the difficult search for experienced cyber talent, and rapidly advancing technologies, staying ahead of the curve is crucial for businesses.

From growth in open source software to the increasing prevalence of AI, this document will explore key trends that are expected to define the cybersecurity landscape for the rest of 2023 and beyond.

2023-2024 Cybersecurity Outlook

2022 was a busy year in cybersecurity, from Russia’s invasion of Ukraine to landmark elections around the world to the worldwide release of ChatGPT, Midjourney, and other generative AI tools. The remainder of 2023 and the beginning of 2024 will be marked by the convergence of social, economic, and technological aspects of security, which means that companies must cooperate with governments and private citizens to create a more secure ecosystem for all.

Biggest Risks Identified by Cybersecurity Experts

Vulnerability in the cloud
Data breaches
Remote/hybrid work environments
New sophistication in social engineering
The rise of AI

With such diverse risks, public and private organizations must prioritize their approach to cybersecurity to immunize their systems as broadly as possible within given budgets and tight timelines. That’s especially challenging given the economic atmosphere in the U.S. this year, marked by fears of recession and the resulting tug-of-war between industry layoffs and a tight talent market.

As a mission-critical function, cybersecurity is somewhat inured from economic downturn, especially because we know that when the economy goes down, cybercrime goes up.

A higher percentage of companies is investing in cybersecurity consulting and internal employees than ever before. In a global economy marked by disparate, overlapping, and proliferating cyber regulations, U.S.-based companies face increasing pressures and requirements to up their security game.

People Strategy

The cybersecurity talent gap adds to that pressure. Despite last year seeing the highest-ever levels of cybersecurity workers—4.7 million—there is still a need for more than 3.4 million security professionals. But a dearth of cyber-trained workers isn’t the only challenge to closing the gap.

As a bourgeoning field, 62% of cyber professionals in the U.S. have less than four years of experience. Companies naturally seek out industry veterans to lead mission-critical functions, but realistically, some of the most relevant talent in cybersecurity may well be early in their careers.

As a result, companies must consider creative ways to close the gap while the market waits for a new and larger crop of dedicated and trained cybersecurity workers to certify, graduate, and build experience.

4.7 million

cybersecurity professionals worldwide

3.4 million

cybersecurity jobs still vacant


cybersecurity professionals have <4 years of experience

A robust people strategy that succeeds in 2023-2024 must include tactics for:

  • Attracting trained cyber talent, especially diverse cyber talent
  • Upskilling and cross-skilling current employees or candidates to take on cybersecurity roles
  • Increasing overall cyber health by training all employees and third-party vendors on cybersecurity best practices
  • Incorporating automation to replace a degree of manual labor

2023-2024 Focus Areas

For resilience against economic uncertainty, companies should spend this year focused on cyber hygiene—making decisions that bolster their cyber immune system and cover the fundamentals without over investing in technology.

While tools are a vital component of any cybersecurity strategy, they are not a panacea and can even detract from security if not managed with best practices.

Leaping ahead of the fundamentals into fancy tech solutions looks cool, but lacks function. Buying a Ferrari is useless if you haven’t first gotten your driver’s license.

Common Mistakes Organizations Make When Investing in Cybersecurity Tech

Purchasing premium "kitchen sink" solutions with extraneous features that raise cost without addressing specific business needs
Providing generic cyber training that doesn’t cover the organization's specific risks, or the different security responsibilities for different roles
Implementing feature-rich hardware that causes friction for employees or inhibits their work without a change management plan
Purchasing cyber insurance that provides too little coverage for the most common threats, or is too costly for the org's realistic risk level

Focusing on the fundamentals and on tailored solutions, as opposed to leaping to the top of the line, is especially relevant as we look into the next year and the rise of AI in cybersecurity. Machine learning and AI are the very near future in security efforts, but using AI to enhance cybersecurity requires a high degree of maturity within an organization. Before a company can train machines to recognize threat patterns, it must train its people to do the same.

The following pages cover upcoming trends that should drive decision-making in an efficient and effective way that addresses all three pillars of cybersecurity: social, economic, and technological.

1. Open-Source Software and Cybersecurity

Open-source software (OSS) can be quickly defined as computer software whose source code is made available to the public for anyone to view, use, modify, and distribute without restrictions.

The idea behind open source is that by allowing users to freely access and modify the code, the software can be continually improved and developed by a community of developers and users. It's obvious how this availability could pose threats and concerns in the cybersecurity landscape.

Simply put, the inherent problem of popular open-source code is it’s open. The transparency of open source allows anyone, good or bad, to examine the code for holes or gaps without requiring any fixes.

This chart demonstrates the potential risks and rewards for companies debating staying in, or moving into, OSS coding.

Potential Risks of OSS

1. Lack of accountability

Open-source software is often created by a decentralized community of developers who may not have a direct relationship with users. This can make it difficult to hold anyone accountable if there are security breaches or issues.

2. Malicious code

Headings, paragraphs, blockquotes, figures, images, and figure captions can all be styled after a class is added to the rich text element using the "When inside of" nested selector system.

3. Delayed updates

Open-source software may have a slower update cycle, as the community of developers may take longer to identify and fix security vulnerabilities

4. Dependency vulnerabilities

Many open-source software projects rely on other open-source software components, and vulnerabilities in those components could affect the security of the overall system.

5. Exposure of sensitive information

Open-source software may expose sensitive information if it’s not configured correctly or if default settings are left in place.

Benefits of OSS when Properly Managed & Secured

1. Transparency

The source code is freely available, allowing users to examine the code for security issues or bugs and to verify that the software does what it claims to do.

2. Collaboration

Open-source projects encourage collaboration and contribution from a global community of developers, resulting in improved software quality and faster development cycles.

3. Flexibility

Open-source software can run on a variety of platforms and systems, making it more flexible than proprietary software.

4. Rapid Innovation

Open-source software encourages innovation by allowing developers to build upon existing code and create new applications and tools - a necessary endeavor to keep up with emerging risks.

5. Security via "Neighborhood Watch"

The open nature of the code allows for a larger pool of developers to identify and fix security vulnerabilities quickly.

2. Manufacturing Industry Cybersecurity Catch-Up

In recent years, manufacturing has been the most targeted sector for cyberattacks. Though healthcare and government are commonly thought of as the highest-risk sectors, because of the potential large-scale consequences of breaches in these organizations, they tend to have the highest investment in cybersecurity.

Manufacturing has lagged behind in digital transformation efforts and therefore become a target-rich sector for cybercriminals. Because this threat exists, and will continue to grow, the classic manufacturing industry must make big moves over the next 12-18 months to predict and safeguard against cyber threats. The industry has already made great strides to improve cybersecurity maturity:

Why is cybercrime so detrimental to the manufacturing Industry?

Sector Involvement in all Societal Essentials and Goods

The manufacturing ecosystem plays a vital role in creating and distributing goods across industries. Factory lines and logistical networks have evolved into digital and intelligent IoT systems, opening manufacturing businesses up to increased cyber risk. Disruption of service attacks could not only affect people who have data leaked, but have real economical consequences.

Global Connectivity and Ripple Effect

The manufacturing sector is one of the most sophisticated global systems. The USA relies on China for goods, which in turn relies on Greece, and then ships to Australia. All these systems are interconnected and communicate with each other on a minute-by-minute basis. If one system goes down or if a country’s mainframe is hacked, the ripple effect could cause significant harm and financial repercussions, potentially on a global scale.

Leaders in manufacturing this year will continue to invest in:

Role-based access controls
Restrict user permissions based on job roles to secure manufacturing systems and intellectual property
Regularly updated industrial control systems (ICS)
Keep ICS software and devices up to date to prevent disruptions and address manufacturing-specific vulnerabilities
Specialized cybersecurity training
Educate staff on industry-specific threats like production-line ransomware and securing connected machinery
Secure supply chain and vendors
Implement strict security measures and assess third-party vendors to protect manufacturing processes (see next section)
Offline backups and recovery plans
Maintain offline backups and develop robust recovery strategies for critical manufacturing systems, especially in supply chain

3. Collaborative and Rigorous Third-Party Vendor Management

No company is completely insular. In the complex, interconnected ecosystem all organizations now operate in, managing those connections is critical to ensure the safety and security of an organization’s data and systems.

With an increasing number of businesses relying on third-party vendors for critical services, it’s more important than ever to look beyond the perimeter of your own organization and assess the risks and controls in place at these vendors.

Top cybersecurity risks associated with third-party vendors include:

Data breaches

Third-party vendors can be a weak link in your organization’s cybersecurity defenses, potentially exposing sensitive data to cybercriminals in the event of a data breach.

Supply chain attacks

Hackers may target third-party vendors to gain access to your organization’s systems or data.

Lack of oversight

Third-party vendors may not have the same level of cybersecurity controls and oversight as your organization, creating potential vulnerabilities in your supply chain.

Example: 2013 Target Breach

A classic - and significant - third-party vendor cautionary tale

The 2013 Target breach highlights the potential risks that can arise through third-party vendors. Cybercriminals accessed Target's systems by stealing an HVAC subcontractor's login credentials and exploiting trusted access to infiltrate Target's network. Using sophisticated malware, the attackers stole payment card data from around 40 million customers during the holiday season, including names, credit card numbers, expiration dates, and CVV codes.

The control a company has over third-party vendors has historically been limited. However, in the era of open-source and AI-enhanced cybersecurity, expect vendors to partner with buyers to put up a united front against cyberattacks. Partnering with vendors and effectively managing third-party vendor risks can greatly enhance an organization’s cybersecurity posture, ensuring a more robust and resilient defense against potential cyber threats for all companies involved.

Leaders in this area will do the following to promote healthy and secure third-party vendor relationships:

Identify and assess vendor risks
Conduct a thorough risk assessment of third-party vendors to identify potential vulnerabilities and risks and continue to monitor vendors for suspicious activity or security incidents.
Request system and organization controls reports
SOC reports from third-party vendors help identify deeper nth-party relationships, highlight potential risks and exposure arising from those relationships, and identify relevant operational and security controls.
Implement security controls
It’s no longer an inconvenience, but an expectation for third-party vendors to implement security controls and comply with companies’ cybersecurity best practices.
Establish incident response plans
Have dedicated incident response plans on hand in the event of a cybersecurity breach or incident involving a third-party vendor.
Conduct regular cyber training for vendors
Training doesn’t end at the office door. Providing regular cyber training to third-party vendors is a solid investment that promotes a culture of cybersecurity throughout the ecosystem.

4. Critical Infrastructure Protection via Government Economic Controls

We’re seeing a growing trend towards using economic controls as a tool to enhance cybersecurity, with the aim of promoting national security and protecting critical infrastructure from cyberattacks. In a global economy with growing dependence on technology and the IoT, it makes sense that governments are getting involved.

In 2023, increased economic controls signal a shift towards a more proactive approach to cybersecurity, in which governments are taking steps to mitigate cyber threats before attacks occur and limit the potential impact of cyberattacks on the economy and society at large.

However, economic controls are not without their drawbacks. Critics argue that they can stifle innovation and competition, limit access to essential technologies, and lead to the development of fragmented and protectionist markets. It will be critical for governments to strike a balance between promoting cybersecurity and maintaining an open economy.

EU Cybersecurity Act

Aims to establish a common framework for cybersecurity certification across member states and promote a more secure digital single market.

May 2021 Executive Order

Restricts American companies from doing business with certain Chinese tech firms due to concerns over national security and cybersecurity risks.

Cybersecurity-related economic controls will particularly impact organizations working with:

Critical infrastructure sectors

Companies in critical infrastructure sectors like finance, energy, and transportation are subject to additional and increasing cybersecurity requirements and regulations imposed by government.

Global supply chain

Organizations operating in a global supply chain must ensure that partners and suppliers also comply with government cybersecurity regulations and standards.

Scrutinized technologies

If a government imposes restrictions on the use of certain types of technology or services due to cybersecurity concerns, companies relying on those may need to find alternative solutions or risk losing access to critical resources.

5. Social Pressure that Pits Cybersecurity Against Free Expression

Social influence has a major impact on policy, and balancing security with freedom of expression creates a difficult dynamic. In today’s interconnected world, social media can be a powerful tool for activism and organizing, but it can also pose significant risks to cybersecurity.

3 Examples of Social Influence that Impacts Cybersecurity

Russia’s war in Ukraine

“Humanity’s first Native Analog vs. Native Digital war”

Social media has played an enormous part in Ukraine’s defense since Russia’s invasion in 2022—not only in rallying policy changes, fundraising efforts, and refugee support, but also by using user-generated content (UGC) in a grassroots cyber campaign to pinpoint Russian positions and equipment.

Mahsa Amini protests

The clash of guerrilla social media sharing and support with state-sponsored suppression

Since September 2022, social media has played a critical role in organizing and mobilizing Iranian protesters, allowing them to quickly respond to developments on the ground and bypass government censorship. On the other hand, it has also enabled the Iranian government to monitor and suppress dissent.

TikTok hearings

Grappling the desire for entertainment and social engagement with concerns about data privacy and national security

TikTok has been accused of sharing user data with the Chinese government, which has led to bipartisan calls for bans and restrictions on the app. The proposed ban, and the March 2023 Congressional hearing on the app’s data privacy and protections, caused an uproar from influencers and TikTok users despite security concerns.

Promoting cybersecurity in the face of a public that values social sharing and convenience is challenging. There are, however, several strategies that companies and government alike can use to encourage better cybersecurity practices among their constituents.

Here's what we expect to see throughout 2023 and into 2024:

Increased emphasis on tangible benefits of cybersecurity, such as protecting personal information and avoiding financial losses, to motivate individuals to take it seriously
More user-friendly and convenient cybersecurity practices, including easy-to-use two-factor authentication and measures to simplify password management
Education and awareness campaigns via social media with bite-sized, digestible, and even gamified information, similar to government-sponsored public health campaigns in 2020
Renewed emphasis on maintaining secure and localized environments for social media applications (such as Project Texas)

Practical Next Steps &
How to Protect Your Business

Cybersecurity is an essential aspect of modern society - one that has to work with and around all other aspects of modern society.

These five trends shaping the future of cybersecurity demonstrate clearly how society, economy, and technology converge with security. Moving forward, widespread cooperation is key to answering individual concerns about transparency and free use while maintaining data integrity, national security, and a thriving global economy -especially as we reckon with an AI revolution that could change how all aspects of society work and interact.

The impending changes AI brings reinforce the importance of getting the fundamentals right. A solid understanding of risk, a fully-fledged risk management plan, and an updated people strategy that creates a cybersecurity movement within an organization are foundational to preparing for new challenges - and new opportunities - that lie ahead.

So, where do you start? By getting a handle on your cyber health and hygiene:

1. Know your cyber posture

You can’t build up your defenses if you don’t know where they’re weak. Start by undergoing a cyber assessment to understand where your company stands.

2. Use Multi-Factor Authentication (MFA)

MFA adds an extra layer of security by requiring users to provide multiple forms of identification before gaining access to a system. This can help prevent unauthorized access to sensitive data, even if a password is compromised.

3. Keep software up to date

Consistently backing up data can help mitigate the damage caused by a cyberattack. If data is lost or compromised, having a recent backup can help restore systems and minimize downtime.

4. Back up data regularly

Cybercriminals often exploit vulnerabilities in outdated software to gain access to systems. Keeping software up to date with the latest patches and security updates can help prevent these types of attacks.

5. Train employees on cybersecurity

Employees are often the weakest link in a company’s cybersecurity defenses. Providing regular training on cybersecurity best practices, such as identifying phishing emails and creating strong passwords, can help prevent cyberattacks.

6. Implement a Security Information and Event Management (SIEM) solution

A SIEM solution can help detect and respond to security incidents in real-time. This can help prevent attacks from escalating and minimize the impact of a breach.

7. Conduct regular security audits

Regular security audits can help identify vulnerabilities in a company’s cybersecurity defenses. This can help prioritize efforts to improve security and prevent future cyberattacks.

Envision your future state of cybersecurity

Wherever you are on the road to cyber hygiene, a 2-3 hour Future State Workshop will help you prepare for the next 2-3 years - including emerging techs and threats and the roles of AI in next-gen cybersecurity.
Learn More
Launch Consulting Logo
Part 01
2022-2023 State of the Industry
Part 02
2023-2024 Cybersecurity Outlook
Part 03
5 Cybersecurity Trends to Watch
Part 04
Practical Next Steps