What’s In Store For 2023: Cybersecurity Trends

Promotion

As we turn the page on 2022, cybersecurity threats are continuing to create problems for businesses, institutions, and individuals. According to Cybersecurity Ventures, if cybercrime was a country it would be the world’s third largest economy after the US and China. They estimate the cost of cybercrime at $7 trillion in 2022.

Checkpoint says the first six months of 2022 saw a whopping 40% increase in cyber-attacks from the previous year, with ransomware being declared a “state-level weapon.” It has been a never-ending cycle of cyber thieves coming up with new ways to attack and cyber security professionals playing catch up with the solutions.

At CYRIN we also continue to keep up with the threats and find ways to get you on the right track as you prepare your team for whatever cybersecurity brings in 2023.

What did we predict in December of 2021 would be the critical issues in cybersecurity for 2022?

  • Global Focus on Cybersecurity
  • Cybersecurity Talent Shortage
  • Supply-Chain Attacks & Ransomware
  • Privacy Laws
  • Remote Work

So, what might be the top cybersecurity issues for 2023? Here is a look at some critical issues for cyber that experts are urging us to prepare for in the new year.

1. Phishing Threats

Phishing attacks can hit businesses or individuals. It’s one of the most common attacks that criminals utilize to steal information for fraudulent purposes. According to Nahla Davies for AT&T’s Cybersecurity blog: “Phishing is still the most severe security threat on the internet to date — and a majority of the population is at a high risk of falling prey to this threat (it’s said that 97% of the people who have internet access, still cannot recognize a phishing email). Phishing emails and dangerous URLs are still common on the internet, but they are now customized, tailored, and geo-targeted.”

2. Ransomware

Ransomware as a cybersecurity issue has been around for several years and it is still a huge problem. Mostly, it has been an issue for businesses (but individuals can be caught up in it). Ransomware is among the top 10 cyberattacks and is a popular way for attackers to target businesses. This won’t change any time soon; according to the U.S. Department of Homeland Security, ransomware attacks have been increasing across the globe. Unsuspecting users download infected emails or visit websites that are infected, and the criminals are into the system. Companies’ networks are then held hostage until ransoms (usually in cryptocurrency) are paid and there are times when even if the ransom is paid, says Karim Ahmad writing in Makeuseof, “there's no guarantee that your files will be unlocked. In most cases, it's a slippery slope, with ransomware gangs preying on the less tech-savvy and demanding increasing sums of money.”

As reported by Cloudwards.net, ransomware cost the world $20 billion in 2021 and that number is expected to rise to $265 billion by 2030. In 2021 37% of all businesses and organizations were hit by ransomware, 32% of the ransomware victims paid the ransom and got only 65% of their data back. More surprisingly, only 57% of businesses were successful recovering their data using a backup. That’s why Inc. reports that according to the National Cyber Security Alliance, ransomware can have a chilling effect on small businesses, as 60% of them go out of business within six months of a cyber breach.

3. IoT Attacks by Criminals

The Internet of Things (IoT) is huge, and the interconnected devices run the gamut from laptops and mobile phones to refrigerators and smartwatches. AT&T Cybersecurity reports that Oracle estimates there are currently more than 7 billion connected IoT devices, and experts anticipate this figure to expand to 22 billion by 2025. This rapid growth of the IoT has increased the chances for cybercriminals to launch cyberattacks and data breaches. Since there are so many devices available, many with limited security features built in, this industry is extremely vulnerable to threats from bad actors.

4. Cyber Security Regulations/GDPR Compliance

The European Union has made the first move on adopting data protection regulations. The European Commission first drafted the General Data Protection Regulation (GDPR) in 2016. The regulation became active in 2018, providing rules designed to give EU citizens more control over their personal data. Since then, the GDPR has grown in influence as more countries outside of the EU apply it to their regions. The GDPR law aims to provide data security across the EU; and companies that sell to EU residents regardless of where they are located, must follow the regulations. With 99 individual articles, the GDPR is the strongest set of data protection rules in the world.

As remote work has become more entrenched, the need for more regulation on a worldwide basis will become the norm.

There are predictions for cybersecurity regulations to get stricter with time, especially as decentralization of access becomes the norm. More importantly, companies might also be expected to undergo IT audits to ensure that they have taken appropriate measures to protect their networks against cyberattacks.

5. Cloud Security

Over the past few years more and more companies have utilized the cloud to store their information. It is more cost efficient for a company to store information in the cloud then store it on their sites. Although proponents claim it’s secure, there are notable security data breaches. A well-known case involved Microsoft in 2021 when a denial-of-service attack made it difficult to access their cloud service. In their official statement, Microsoft said the attack only lasted 10 minutes and they were able to dodge the worst of it and keep things running. However, it just indicates how even leading companies like Microsoft that practice stringent cybersecurity protocols are not immune from attacks and how small firms and professionals who rely on the cloud can be affected by these attacks.

6. Food Security

The supply chain that produces our fresh-tasting Thanksgiving dinners is one of the most fragile and fragmented of any industry–and one of the hardest to secure. Sam Curry disclosed on Twitter that he and a group of other white-hat hackers quietly spent 10 days in July 2022 discovering 100 unique vulnerabilities on farming machine giant John Deere’s corporate networks and websites, including exploits that would enable attackers to take over customer accounts or access employee credential information. The company has since patched everything, Curry added, but the exercise speaks to a much larger issue that’s picking up steam in the food and agriculture industry.

Within the last year, multiple food retailers and processing plants across the U.S. have been targeted by ransomware, prompting the FBI to alert the sector of the elevated risk and President Biden to recently sign an executive order protecting America’s food security. States, too, have taken action to protect their food and water from growing cyber threats, including recent action in California and Nebraska to develop response plans and educate farmers.

7. Hackers

Mandiant’s 2023 cybersecurity forecast predicts more attacks by actors not associated with nation states or organized groups, motivated more by bragging rights than actual financial gain, more extortion attacks, and the possibility that Europe will overtake the United States as most targeted by ransomware, more destructive attacks, information operations and other cyber aggression from The Big Four: Russia, China, Iran and North Korea.

What Can be Done?

Is Machine Learning (ML) and Artificial Intelligence (AI) the answer? Well, some people think so. The recent evolution of cyber threats has brought the potential of AI and ML to the front and center of cybersecurity. Many organizations are adopting the power of technology to automate several aspects of their cybersecurity efforts, such as threat detection.

It’s true that automated programs, if trained well, can simplify various processes, and learn how to respond to threats. However, just like you wouldn’t rely on a machine to protect a physical site 24/7 without supervision, you wouldn’t expect your cybersecurity to be run 24/7 without any sort of monitoring or maintenance. Even highly integrated systems need to be monitored and maintained to ensure they’re working properly. That means well-trained humans must be in the loop.

See What CYRIN Can Do

However effective Machine Learning or AI might become, they do not solve all problems. At CYRIN we know that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. We offer that development with “hands-on” training and our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. These tools and our virtual environment are perfect for a mobile, remote work force.

People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN.


Take a test drive and see for yourself!


 

 

 

 

You Might Also Read

CYRIN Launches New Docker Lab:

 

 

« Ways Governments Can Better Protect Public Data
Deploying NDR To Transform Threat Detection »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Caliber Security Partners

Caliber Security Partners

Caliber Security Partners is a full-service information security company, with a wide range of security services for clients with varying levels of security maturity.

Becrypt

Becrypt

Becrypt is a trusted provider of endpoint cybersecurity software solutions. We help the most security conscious organisations to protect their customer, employee and intellectual property data.

Cloud Foundry Foundation (CFF)

Cloud Foundry Foundation (CFF)

Cloud Foundry supports the full application development lifecycle, from inception, through all testing stages, to deployment.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Boxcryptor

Boxcryptor

Boxcryptor encrypts your sensitive files before uploading them to cloud storage services.

Falanx Cyber

Falanx Cyber

Falanx Cyber provides enterprise-class cyber security services and solutions. We deliver end-to-end cyber capabilities, either as specific engagements or as fully-managed services.

HDI Global SE

HDI Global SE

HDI Global SE provides customised insurance solutions for industrial and commercial clients worldwide including Cyber Liability insurance.

Advanced Software Products Group (ASPG)

Advanced Software Products Group (ASPG)

ASPG offers a wide range of innovative mainframe software solutions for Data Security, Access Management, System Management and CICS productivity.

Radiflow

Radiflow

Radiflow is a leading provider of cyber security solutions for critical infrastructure networks (i.e. SCADA), such as power utilities, oil & gas, water and others.

Valtori

Valtori

Government ICT Centre Valtori provides sector-independent ICT services for the central government, while taking into account the special requirements related to security and preparedness.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

Zorus

Zorus

Zorus provides best-in-class cybersecurity products to MSP partners to help them grow their business and protect their clients.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

SGTech

SGTech

SGTech is the leading trade association for Singapore's tech industry, offering focused support and development to both strategic and emerging sectors in the industry.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

Robosoft Technologies

Robosoft Technologies

Robosoft Technologies is a full-service digital transformation partner. We provide end-to-end digital transformation services in areas including cybersecurity.