Security professionals brace for a new wave of emerging cybersecurity threats

Issue 4 2023 Editor's Choice, Information Security, News & Events

Security professionals have their jobs cut out for them, with 74% saying their organisation’s sensitive data was potentially compromised or breached in the last year, according to Forrester.

New research from Forrester shows the percentage of external attacks remained constant, with a slight (2%) increase in internal incidents. However, the firm says while security and risk leaders, including chief information security officers (CISOs), continue to battle existing threats, the rise of generative AI tools, geopolitical threats, and increased cloud complexity are forcing security teams to change the way they defend against these emerging threats.

Forrester’s recently published report, Top Cybersecurity Threats in 2023, explores the top five established and emerging cybersecurity threats organisations will face in 2023 and offers recommendations for defending against each of them.

“Cybersecurity threats continue to plague organisations, multiplying like Mogwai in the 1984 hit movie ‘Gremlins’ (just don’t feed them after midnight). Forrester data shows that almost three-quarters of organisations reported one or more data breaches in the past 12 months,” writes Brian Wrozek, Forrester Principal Analyst and lead author of the report.

Established and emerging threats vie for CISOs’ attention

Forrester’s report highlights the tug-of-war faced by security professionals, saying security teams have to remain vigilant against known threats while still making sure to carve out time to address new threats stemming from emerging technologies. 

The firm believes the top threats of 2023 will be a combination of old and new ones. The top two established threats include:

1. The continued growth of ransomware. The report points out that ransomware remains a key concern although the company says it has evolved. Today, bad actors are doubly extorting their victims, demanding money to prevent the leaking of the stolen data as well as the ransom to decrypt files.

2. The human elements of BEC remaining unaddressed. Business email compromise (BEC) is the combination of social engineering with email and phishing tactics. Forrester warns that although email security technology continues to advance, technology alone is insufficient. The firm points out that the human element in security has either been dismissed or “limited to compliance-driven, outdated, and confusing security awareness and training programmes.”

When it comes to emerging threats, Forrester says that what used to be considered tomorrow’s threats are quickly becoming today’s headaches for security leaders. It has pegged the top three emerging security threats in 2023 as:

1. AI deployments. The power of applications such as ChatGPT is raising concern that bad actors could poison data to alter the outcomes of algorithms. Forrester says this will undermine AI’s reliability and performance. Since so much of our current cybersecurity relies on machine learning and AI for detection, this poses a real and immediate issue.

2. Cloud computing. The growing reach and complexity of cloud environments, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) computing, means misconfigurations and ineffective security controls will lead to more data compromises.

5. Geopolitical uncertainty. Forrester points out that the war in Ukraine shows no signs of abating. The firm adds that this hybrid war ─ involving both the cyber and physical realms ─ sets the tone for future escalations. As such, public and private organisations should prepare for increased threats.

Security isn’t a cost centre, it’s a revenue necessity

Looking at practical ways to help CISOs address these and other emerging threats, Forrester has suggested the closer examination of three externalities for security leaders to protect their budgets from macroeconomic headwinds. In a new report, CISOs Tactics to Win Every Budget Battle, Forrester’s methodology demonstrates how cybersecurity spending directly impacts revenue.

“CISOs already know that cybersecurity is a core competency of their businesses. Other executive leaders may not. This is often in part because security leaders failed to highlight how many externalities force security spending. Those externalities include customers, cyber insurers, and regulators,” writes Jeff Pollard, Forrester VP and Principal Analyst and co-author of the report.

Forrester experts say that when the externalities have been identified, CISOs can begin collecting the information that will help them to overcome budgetary pressures. CISOs will then be better able to prove that cybersecurity is the cost of doing business. Forrester’s Pollard adds, “Cost of sale (CoS) and cost of goods sold (CoGS) do not factor in cybersecurity costs, and CISOs need to change that.”

The Forrester methodology is aimed at helping deliver hard evidence of how cybersecurity spending directly impacts revenue. More particularly, it can assist security leaders in defending their security budgets to the board, C-suite, and other stakeholders, while also ensuring they are adequately equipped to face the rapid growth of new and emerging cybersecurity threats.


Security leaders looking to better understand the new emerging security threats as well as the methodology to help them secure the budget needed to fight them should contact Joan Osterloh ([email protected]), Forrester’s authorised Research Partner for South and East Africa.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

South African fire standards in a nutshell
Fire & Safety Editor's Choice Training & Education
The importance of compliant fire detection systems and proper fire protection cannot be overstated, especially for businesses. Statistics reveal that 44% of businesses fail to reopen after a fire.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
LidarVision for substation security
Fire & Safety Government and Parastatal (Industry) Editor's Choice
EG.D supplies electricity to 2,7 million people in the southern regions of the Czech Republic, on the borders of Austria and Germany. The company operates and maintains infrastructure, including power lines and high-voltage transformer substations.

Read more...
Standards for fire detection
Fire & Safety Associations Editor's Choice
In previous articles in the series on fire standards, Nick Collins discussed SANS 10400-T and SANS 10139. In this editorial, he continues with SANS 322 – Fire Detection and Alarm Systems for Hospitals.

Read more...
Wildfires: a growing global threat
Editor's Choice Fire & Safety
Regulatory challenges and litigation related to wildfire liabilities are on the rise, necessitating robust risk management strategies and well-documented wildfire management plans. Technological innovations are enhancing detection and suppression capabilities.

Read more...
Firexpo 2025 ignites interest in fire safety
Fire & Safety News & Events
Firexpo 2025 showcased fire detection, suppression, and safety tech, drawing professionals eager to explore innovations, gain insights, and connect with suppliers.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Cybersecurity and insurance partnership for sub-Saharan Africa
Sophos News & Events Information Security Security Services & Risk Management
Sophos and Phishield Announce first-of-its-kind cybersecurity and insurance partnership for sub-Saharan Africa. The SMARTpod podcast, discussing the deal and the state of ransomware in South Africa and globally, is now also available.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.