It is fair to say that 2022 has been a tough year in the cybersecurity industry. We are still dealing with the impact of the Covid-19 pandemic and the surge in remote working, as well as the geopolitical and economic fallout of the Russia-Ukraine War.
As the year draws to an end let’s look towards 2023 and consider a few cybersecurity trends that are worth keeping an eye on. Our cybersecurity expert, Greg Nott, has summarised the top trends to follow in 2023.
IoT & Cloud Security
Gartner predicts that there will be 43 billion IoT-connected devices globally in 2023. Security on devices is improving, with more and more devices forcing the removal of default credentials for example. However, IoT devices remain challenging the security community, as more work is needed to combat the risks they propose. In 2023, numerous governmental initiatives are being introduced worldwide to help push for improved security on devices AND cloud services that tie them all together.
Work From Home Security
With remote working a firm part of life post-pandemic, securing newly defined perimeters must become a priority for organisations. It’s no longer just a question of how to secure devices away from the traditional edge, but how to increase security in geographically diverse teams who may have never met in person. A lack of familiarity in this area can lead to an increase in successful impersonation scams. Further, ‘working from anywhere’ is more likely for devices to be left unattended. What are you doing to enforce your Clear Screen policy in the new world?
Artificial Intelligence, Friend & Foe!
The introduction of AI has significantly helped defenders stay on top of the vast volumes of data that must be regularly monitored. This is vital to keep our systems secure and will become more common in 2023. However, AI can just as well be used by the bad guys for their own gain. Cybercriminals can utilise AI to identify vulnerable systems quickly and easily on the internet, create personalised phishing emails, and clone senior executives to conduct hyper-sophisticated vishing attacks! It is predicted that by 2023, the market for AI cybersecurity will be worth $139 billion, but efforts to stay ahead must still come down to a layered approach. By combining innovative controls with good old-fashioned awareness, collaboration, and vigilance you can achieve a unified cyber security strategy.
Building a Security-Aware Culture
This is not something that is new for 2023, but more focus needs to be given to the element of a mature cybersecurity posture. Social Engineering attacks are only becoming more sophisticated and pervasive, with the only constant prevention against them being a vigilant, well-prepared team. Cybersecurity is not just an IT issue. How to handle yourself online, how to take secure information, and how to spot attacks early are all things every member of your team should know. Compared to many other controls, an effective awareness scheme can also be a particularly cost-effective layer of security.
Increase in State-Sponsored Attackers Targeting Businesses
It was historically the case that the most sophisticated cyberattacks came out of nation-state groups targeted at other nation-states. This provided solace to those working in Enterprise and our respective risk registers. Unfortunately, now the lines are getting blurred every day. More and more nation-states are hiring organised crime groups to attack critical enterprises. This includes targeting leading social media organisations, as well as conducting supply chain attack methods to find high-value victims. Many would think they aren’t a likely target for a nation-state, but you may sit in a chain whereby attackers can reach a high-value target. In 2023, more than 70 countries are holding governmental elections, so researchers worldwide expect to see a significant increase in activity that aims to destabilise the democratic process.
MFA continues to be the ‘vegetable’ of cybersecurity!
Like eating your 5-a-day, everyone is aware of the benefits of MFA, but too many organisations aren’t using it! Research indicates that 98% of attacks can be prevented by employing MFA across your systems. The common excuses for not implementing MFA are “it costs too much”, “our users won’t want to use their devices for MFA”, and “it’s too time-consuming”. If we were talking about securing your physical premises, it is likely you would be in favour of implementing this level of security! Nowadays MFA really is the most basic control and there are so many ways to deploy it to suit almost any scenario. It will be interesting to see if there is any great change to adoption in 2023.
Ransomware-as-a-Service will continue to increase
The number of RaaS-based attacks is growing 13% year-on-year and it is only becoming more profitable for cybercriminals. The devastating nature of these attacks has now grabbed the attention of regulators around the world with initiatives being developed to enforce effective responses to attacks. With an increasing number of RaaS attacks now ending in data being stolen and posted publicly online, legislation is being worked on globally to put the responsibility on the Data Processors to do better. Organisations will be forced under threat of legal action to improve their security posture with immutable backups, documented procedures, MFA, email security tools and effective training and awareness programmes.
Quantum Computing Arms Race Will Gain Pace
Quantum computing will change the world on a considerable scale, and with Fujitsu set to launch a commercial quantum computer in 2023, we are getting much closer. From a cyber security point of view, the application of ‘Quantum Cryptography’ will allow us to secure systems and our data like never before. However, the same technology in the wrong hands will make the most secure encryption procedures pointless, even threatening to undermine blockchain networks like BitCoin. The gap between those who can access Quantum Computing technology and the rest of us leaves securing our networks with ‘traditional’ technology at an overwhelming disadvantage. This will encourage burgeoning areas of research such as Post-Quantum Cryptography to be shared quickly.
Cybersecurity professionals are struggling
Every year there is a surging increase in the number of cyberattacks that the security community must with. Microsoft Active Directory log data suggests there were 921 password attacks every second in 2022. Cybersecurity is still a low priority in too many organisations and the ‘cyber skills gap’ is still a very real thing. As such this growth in attacks is not matched by an increase in resources or budget, yet the expectation to ‘keep us secure’ remains the same. Such pressure can weigh heavy on those tasked to defend us and lead to burnout. In 2023, let's all do whatever we can to take some of that pressure of those that work every day to keep us secure.