4 cybersecurity predictions for 2023 — SANS analysts look ahead

Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Watch now.

After a year of cyber war, geopolitical conflict and unrelenting social engineering campaigns, CISOs and security leaders have been left scrambling trying to prepare their defenses to mitigate the next generation of online (and offline threats). 

While the threat landscape remains uncertain, SANS Institute recently shared with VentureBeat. some of their top cybersecurity predictions for 2023  

Analyst’s predictions included ChatGPT simplifying vulnerability management, vulnerabilities caused by poorly maintained network monitoring tools and the worsening of the cyber skills gap. 

Below is an edited transcript of their responses: 


Intelligent Security Summit

Learn the critical role of AI & ML in cybersecurity and industry specific case studies on December 8. Register for your free pass today.

Register Now

1. ChatGPT will reduce code vulnerabilities and improve productivity 

“ChatGPT (Generative Pretrained Transformer) from OpenAI will likely be a game-changer in the world of cybersecurity and beyond. 

Since its debut in November 2022, ChatGPT, has already demonstrated the capability to identify software vulnerabilities in code with incredible accuracy, as well as the ability to write complex code that would otherwise take significant time to be produced by humans. 

The technology will only improve and likely result in fewer vulnerabilities, as well as a tool for developers to use to write more efficient code, and to speed up productivity. Incidentally, this may require those pursuing a career in certain areas within the field of cybersecurity to be much more adept at their area of focus.” 

Steve Sims, instructor, SANs Technology Institute

“Attackers will increasingly take advantage of network management and monitoring solutions deployed by defenders. There has been an increasing focus on finding and exploiting vulnerabilities in products like anti malware and host monitoring solutions (for example, sysmon). 

M&A activity has often resulted in products that are no longer adequately maintained, and customers implement them without considering that these solutions will also be great tools for attackers to compromise a network after gaining initial access.” 

Johannes Ullrich, dean of research, SANs Technology Institute

3. The Cybersecurity skills gap will widen 

“The skill gap may be shifting from a quantity issue to more of a quality issue. Recent layoffs in large tech companies will result in more applications for information security roles than we had in the past. Many of them will have some relevant qualifications based on their prior careers. 

But many of these qualifications may not be applicable to information security or overstated. Identifying qualified candidates will be more difficult using the traditional domain expertise deficient HR departments and recruiters. 

Investing in internal training programs to elevate the skills of individuals with appropriate aptitude will be even more important.”

Johannes Ullrich, dean of research, SANs Technology Institute

4. Workforce security education will become key to reduce risk 

“Managing risk is no longer just a technological challenge, it is also a people challenge. Security leaders will start integrating human risk management into their overall security strategy. 

As such, we expect to see leaders elevating their security awareness teams to be far more integrated and playing a more strategic role within cybersecurity, focusing not on compliance but truly enabling and securing their workforce.”

— Lance Spitzner, senior instructor, SANS Institute,

Originally appeared on: TheSpuzz