In 2022, 21 percent of global organizations experienced a ransomware attack. Of those, 43 percent experienced a significant impact on their business operations. The war in Ukraine led to increased cyber warfare by Russian actors, and the global threat of cyberattacks has increased 16 percent since the conflict began in February 2022.
10 Cybersecurity Trends for 2023
- Securing both remote and hybrid workers
- Adapting security for increased cloud dependency
- Visibility, control, protection and remediation in response to supply chain attacks, IoT attacks and ransomware
- Preventing ransomware attacks
- Increased popularity of SaaS security solutions
- Spotlight on chief information security officers’ liability
- Building cyber resilience
- Governments prioritizing critical infrastructure
- Government and industry collaboration across countries and industries
- Realization that people are and will remain the main causes of attacks
To counteract this increased threat, Congress passed cybersecurity legislation mandating the reporting of cyber incidents in March 2022. Also in March, the UK government added rigid telecom security laws to the country’s existing Telecommunications (Security) Act, passed in late 2021. These laws show that cybersecurity has become a top priority for both nations in recent years, but also that we have a long way to go in building global cyber resilience.
My company, Resilience, is a next-generation cyber risk company on a mission to help make the world cyber resilient. This past year has proven the importance of protecting your organization’s data by integrating technology, economics and behavior to work together to reduce cyber risk. We believe that for companies to be successful in 2023, they must now be cyber resilient — integrating their risk mitigation and risk transfer in a way that it can take a digital hit without it affecting its material ability to deliver value.
Through our expertise in both cyber security and insurance, we have compiled this list of 10 trends we expect to see in 2023.
More Security for Remote and Hybrid Workers
In 2023, we will see an increased effort in securing remote and hybrid workers as organizations decide on long-term in-office requirements. Since the start of the Covid-19 pandemic in 2020, workers have migrated from cyber-secured offices to their home networks. Incidentally, this caused the risk of a cyber attack to increase, due to weaker networks, working in public spaces and the use of work devices by uneducated users who unintentionally let in bad actors.
Resilience security experts believe that 2023 will see a push toward educating remote or hybrid workers on the best cybersecurity practices and how to keep their devices safe.
Blurred Line Between Cloud and Cyber Security
The line between cloud and cyber security will continue to blur. According to Radware’s 2022 Application Security in a Multi-Cloud World report, 99 percent of organizations now use cloud computing. As the usage of public cloud environments increases, cloud security will become pivotal to an organization’s overall cyber security.
The threat of ransomware attacks will make data exfiltration a top concern for organizations. A successful ransomware attack is an existential threat to businesses. “Organizations of all sizes need a holistic approach to cybersecurity that integrates everything from anti-malware to email-security and vulnerability-assessment capabilities,” said Candid Wüest, Acronis vice president of cyber protection research, in this feature on ransomware attacks. “Cybercriminals are becoming too sophisticated and the results of attacks too dire to leave it to single-layered approaches and point solutions.”
As ransomware threats continue to grow more complex and prevalent, it will become imperative for all organizations to establish strategies around building cyber resilience.
SaaS Solutions Will Outpace API Solutions
Software as a service (SaaS) security solutions will outpace API security solutions in 2023. SaaS security received massive funding and attention from investors in 2022, which will continue into 2023. As security organizations continue to sell their products as a service, SaaS Security Posture Monitoring (SSPM) services and building infrastructure to monitor the security of your software applications will become a new priority for organizations. Monitoring the security of third-party vendors, applications and software will become a more widely discussed component of fostering cyber resilience.
Focus on IoT Security
Visibility, control and remediation in response to supply-chain and Internet of Things (IoT) will become a prime focus. With 43 billion people connected to the internet, manufacturers need to ensure their internet-connected devices are built with strong security credentials in mind. Poorly configured cameras, microphones and sensors pose additional security threats to all internet users.
Supply chain attacks against manufacturers are growing more popular among bad actors because of the access they provide to partner vendors. The urgency to resume supply operations means manufacturers often pay their ransoms more quickly than other organizations. In 2023, both manufacturers and security providers will take these considerations more seriously.
Spotlight on Chief Information Security Officers
The role and liability of CISOs will be spotlighted following some of the past years’ most notorious data breaches, such as the attack against Uber in mid-2022. Cyber attacks are unpredictable, and even the most ethical and secure organizations with highly trained CISOs can experience a damaging attack. However, responsibility for an effective attack will continue to fall on CISOs. We encourage CISOs to educate themselves continuously by staying up to date on security events, maintaining the most current licenses. and managing and assessing their organization’s cyber risk holistically.
More Cyber Resiliency
Organizations need to be more than cyber-insured or cyber-secured; they need to become cyber resilient. As hackers’ techniques become more advanced, organizations need to manage and assess their cyber risk holistically. When managing your risk holistically, security tools are implemented in a strategic way that will impact your eligibility for risk transfer. Cyber resilience means establishing a proactive strategy that combines behavior, financials and technology to prepare your organization to recover from any attack and anticipate risk to avoid an incident altogether.
Protecting Critical Infrastructure
Protecting critical infrastructure (CI) will continue to be a top priority for European and U.S. governments as the Ukraine/Russia conflict persists into 2023. Bad actors in Russia have been targeting CI, exemplified by the Colonial Pipeline and Solar Winds attacks in 2022.
The World Economic Forum declared cyberattacks a top concern on global CI in 2020, and industries such as healthcare, transportation, manufacturing and energy are at high risk for attacks in 2023. European and U.S. governments are working to stay one step ahead of these actors, but it is the responsibility of every individual to take precautionary measures to prevent an attack.
Government and Industry Collaboration
Global governments and industries will continue to work together to prevent and remediate attacks against critical infrastructure. Information sharing is a pivotal tactic for understanding the ever-evolving landscape of cyber threats. As critical industries experience damaging and politically motivated cyber attacks, the government’s role in recovering these industries grows more prevalent. Similarly, European and U.S. governments must continue to collaborate and share information to stay ahead of our mutual adversaries.
Focus on Humans
Humans will continue to be the main entry point for bad actors. Despite increased cybersecurity awareness, protocols, training and regulations, human error will remain the weakest link in the chain of security tools in all organizations. No matter how tedious or redundant security training may seem, it must be implemented regularly and organization-wide to help reduce the risk of a successful phishing attack.
Overall, 2023 will see an increased concern in protecting global cybersecurity, particularly in critical infrastructures and against ransomware attacks. While American and European governments work to implement legislation to protect online data, it is the responsibility of all of us to stay educated on malicious trends and best security practices.
There is no way to predict the future of cybersecurity with perfect accuracy. However, our experts are confident that awareness of these assumptions will help your organization become cyber resilient in the coming year.