Funnel overlay image

Blog | 10-minute Read

Cyber security trends to watch out for in 2023

Mat Richard profile headshot

Mathew Richards

Head of Mobility and Security

Published: 08 December 2022

Countering cybercrime is a constant game of cat and mouse. We’ve taken a look into the cyber trends you need to be aware of in 2023. Be the cat and not the mouse.

Cybercriminals never rest.

And their opportunities to infiltrate and compromise your organisation’s applications, data, and resources have never been greater.

2022 has seen a rise in malware and ransomware attacks. Social engineering has grown in complexity. Hospitals and other critical infrastructure are now falling prey to cyber attacks.

2023 is going to see a continuation and expansion of these trends. Let’s explore these in a little more depth and keep you ahead of the game.

The cyber trends that will shape 2023


Malware (and in particular ransomware) has been a scourge of 2022. Russian based cyber attacks were launched on Costa Rica’s Ministry of Finance.

With a managed service provider (MSP) for the NHS also falling victim to a ransomware attack, it’s clear that no target is safe.

Maintaining good digital hygiene should be a critical first line of defence.

Robust mail filtering, enabling multi-factor authentication (MFA) at all vulnerable access points, and installing security updates promptly can go a long way in protecting against the most common attacks.

Yet, it’s also clear that a mass change in attitude and adoption of zero-trust principles is sorely needed. We’ll see that this is going to become a recurring theme.

Increasing attacks on critical infrastructure

The war in Ukraine has been a visible example of a growth in critical infrastructure attack.

Russia has attacked Ukraine’s banks, power grids, and internet infrastructure for years. Now, the conflict has become physical, and Ukrainian government and military systems are targets for Russian cyber weapons.

Any government looking to protect critical infrastructure should implement a zero trust policy. They should also double down on their security fundamentals. Segmenting or air-gapping their network adds even more security.

And don’t forget the importance of good physical security.

It’s all well and good having a network locked down tighter than Fort Knox, but that water company field office is a physical location.

If anyone can get into it, then anyone can get into the systems it’s connected to.

The increasing importance of identity and access

Identity remains the starting point and the last word of an organisation’s security.

It’s still the most common attack vector. Compromised identity is the easiest way in. Why throw brute force at a robust security system when you can use an employee’s identity and bypass it?

quote icon

34.7 billion identity threats were blocked by Microsoft from June 2021 to July 2022.

Microsoft Digital Defence Report 2022

Wherever there’s a way into the company, there should be a check verifying the identity of the person or workload trying to gain access.

It will also come as no surprise that implementing zero trust policies should form the backbone of your security, identity, and access.

tag icon

Sign up today!

Get the latest cyber security advice straight to your inbox

Join the Kocho mailing list and keep pace with the latest cyber trends. You’ll get:

  • Demos on the latest cyber technologies
  • Invites to exclusive events and webinars
  • Resources that make your job easier

Social engineering

The human element is the weakest link in the identity security chain.

For example, MFA is incredibly secure, but it can be bypassed by spamming multiple MFA requests, until you absent-mindedly approve one.

Congratulations, you’ve just let a villain into your system!

Organisations should also be cognisant of other forms of social engineering. These can take the form of spam and phishing emails. Also, be wary of volunteering too much personal information on social media sites.

Employees need training in social engineering. This includes how they could be vulnerable to it and how threat actors might manipulate them into willingly giving away identity credentials.

Again, implementing a zero trust (there’s that phrase again!) mindset is crucial to successfully resisting most social engineering attempts.

Sarah Armstrong Smith, Microsoft’s Chief Security Advisor tells us more about the threats we should be aware of in the following video:

play icon 00:03:42 Play Evolution of the cyber threats landscape video

A version of the Kocho butterfly logo
Speech mark icon

Companies need to be very mindful about social engineering techniques… How they can manipulate people to take action. That can include an MFA bypass; getting a user to willingly give up their credentials.

Sarah Armstrong-Smith

Chief Security Advisor for Microsoft

Complex attacks

The more robust we make security measures, the more cybercriminals develop creative ways to get around them.

Hacking is now a multibillion-dollar enterprise. Hacking groups have large institutional hierarchies and R&D budgets.

Attacks have been growing in complexity and sophistication, and attackers now use advanced tools, such as artificial intelligence, machine learning, and automation.

The same tools used to keep us safe.

Worse still, all of the familiar threats in the digital landscape are still there, including malware and phishing.

But now, with the benefits of new technologies, they’re becoming more complex and more targeted.

This problem is exacerbated by the cyber skills gap in the workforce. If you can’t hire the right people, with the right skills, how are you going to manage?

Working with local universities is really important. Not just for scoping upcoming talent, but also supporting them in ensuring their cyber-based courses are industry relevant. Organisations can have input into those through lunch-and-learn events and guest lectures.

While it’s worrying that the very tools we turned to for protection have been turned against us; utilised correctly, these tools are still the best defence against attackers.

For everything else, it comes down to practicing good digital hygiene, and yes, you guessed it: implementing a zero trust framework and policies.

Speech mark icon

We saw hackers weaponizing the tools meant to keep us safe in 2022. We're going to see more of this in 2023, especially as passwordless sign-in becomes the norm.

Anna Webb profile headshot

Anna Webb

Head of Security Operations, Kocho


2023 is going to see a continuation of the trends we’ve already seen in 2022. But those trends will become more pronounced. Malware continues to be a scourge, but it’s now more sophisticated. And threat actors are not above using it to attack once sacred critical infrastructure.

With attacks becoming more complex, we can see that it’s going to be an escalating arms race of machine learning and AI tools attacking and repelling each other.

More than anything, identity, and attempts to compromise it – or bypass it all together with social engineering – will be the biggest battlegrounds for any organisation looking to keep themselves safe.

Keeping identity protected and verified at every stage of an interaction not only keeps you safe, it keeps your organisation safe. It’s the most common route of attack, and that’s why so much effort has been put into attacking it in 2022.

Expect more of the same in 2023.

Key takeaways

  • Malware and especially ransomware will continue to be a problem. It will be more complex and targets will be more wide-ranging.

  • Attacks are becoming increasingly more complex. Machine learning and AI tools will get around more robust security measures.

  • Critical infrastructure, such as utilities, hospitals, and other government institutions, will find themselves under attack.

  • Social engineering will continue to be a thorny issue. It must be combated by good digital hygiene and adopting a zero trust mindset.

  • Identity, and keeping it secure, will remain the key battleground in the cyber security landscape throughout 2023.

tag icon

Microsoft Guide

Supercharge your security operations with SIEM and XDR

Security team overworked and overwhelmed? Worried you won’t spot an attack quickly enough?

Download your free Microsoft guide. Learn how:

  • Automation could reduce your SOC work by over 75%
  • Your threat response time could be reduced by 88%
tag icon

Great emails start here

Sign up for great content and exclusive invites

Subscribe to the Kocho mailing list if you want:

  • Demos of the latest Microsoft tech
  • Invites to exclusive events and webinars
  • Resources that make your job easier
Butterfly overlay image
Mat Richard profile headshot


Mathew Richards

Mat is Kocho’s Head of Mobility and Security. He leads a team of consultants and architects that live and breathe secure transformation – delivering excellence across Microsoft 365 and Azure.

Butterfly overlay image

We’re here to help you on your journey towards becoming greater.

Get in touch to find out how.