What’s In Store For 2023: Cybersecurity Trends

Promotion

As we turn the page on 2022, cybersecurity threats are continuing to create problems for businesses, institutions, and individuals. According to Cybersecurity Ventures, if cybercrime was a country it would be the world’s third largest economy after the US and China. They estimate the cost of cybercrime at $7 trillion in 2022.

Checkpoint says the first six months of 2022 saw a whopping 40% increase in cyber-attacks from the previous year, with ransomware being declared a “state-level weapon.” It has been a never-ending cycle of cyber thieves coming up with new ways to attack and cyber security professionals playing catch up with the solutions.

At CYRIN we also continue to keep up with the threats and find ways to get you on the right track as you prepare your team for whatever cybersecurity brings in 2023.

What did we predict in December of 2021 would be the critical issues in cybersecurity for 2022?

  • Global Focus on Cybersecurity
  • Cybersecurity Talent Shortage
  • Supply-Chain Attacks & Ransomware
  • Privacy Laws
  • Remote Work

So, what might be the top cybersecurity issues for 2023? Here is a look at some critical issues for cyber that experts are urging us to prepare for in the new year.

1. Phishing Threats

Phishing attacks can hit businesses or individuals. It’s one of the most common attacks that criminals utilize to steal information for fraudulent purposes. According to Nahla Davies for AT&T’s Cybersecurity blog: “Phishing is still the most severe security threat on the internet to date — and a majority of the population is at a high risk of falling prey to this threat (it’s said that 97% of the people who have internet access, still cannot recognize a phishing email). Phishing emails and dangerous URLs are still common on the internet, but they are now customized, tailored, and geo-targeted.”

2. Ransomware

Ransomware as a cybersecurity issue has been around for several years and it is still a huge problem. Mostly, it has been an issue for businesses (but individuals can be caught up in it). Ransomware is among the top 10 cyberattacks and is a popular way for attackers to target businesses. This won’t change any time soon; according to the U.S. Department of Homeland Security, ransomware attacks have been increasing across the globe. Unsuspecting users download infected emails or visit websites that are infected, and the criminals are into the system. Companies’ networks are then held hostage until ransoms (usually in cryptocurrency) are paid and there are times when even if the ransom is paid, says Karim Ahmad writing in Makeuseof, “there's no guarantee that your files will be unlocked. In most cases, it's a slippery slope, with ransomware gangs preying on the less tech-savvy and demanding increasing sums of money.”

As reported by Cloudwards.net, ransomware cost the world $20 billion in 2021 and that number is expected to rise to $265 billion by 2030. In 2021 37% of all businesses and organizations were hit by ransomware, 32% of the ransomware victims paid the ransom and got only 65% of their data back. More surprisingly, only 57% of businesses were successful recovering their data using a backup. That’s why Inc. reports that according to the National Cyber Security Alliance, ransomware can have a chilling effect on small businesses, as 60% of them go out of business within six months of a cyber breach.

3. IoT Attacks by Criminals

The Internet of Things (IoT) is huge, and the interconnected devices run the gamut from laptops and mobile phones to refrigerators and smartwatches. AT&T Cybersecurity reports that Oracle estimates there are currently more than 7 billion connected IoT devices, and experts anticipate this figure to expand to 22 billion by 2025. This rapid growth of the IoT has increased the chances for cybercriminals to launch cyberattacks and data breaches. Since there are so many devices available, many with limited security features built in, this industry is extremely vulnerable to threats from bad actors.

4. Cyber Security Regulations/GDPR Compliance

The European Union has made the first move on adopting data protection regulations. The European Commission first drafted the General Data Protection Regulation (GDPR) in 2016. The regulation became active in 2018, providing rules designed to give EU citizens more control over their personal data. Since then, the GDPR has grown in influence as more countries outside of the EU apply it to their regions. The GDPR law aims to provide data security across the EU; and companies that sell to EU residents regardless of where they are located, must follow the regulations. With 99 individual articles, the GDPR is the strongest set of data protection rules in the world.

As remote work has become more entrenched, the need for more regulation on a worldwide basis will become the norm.

There are predictions for cybersecurity regulations to get stricter with time, especially as decentralization of access becomes the norm. More importantly, companies might also be expected to undergo IT audits to ensure that they have taken appropriate measures to protect their networks against cyberattacks.

5. Cloud Security

Over the past few years more and more companies have utilized the cloud to store their information. It is more cost efficient for a company to store information in the cloud then store it on their sites. Although proponents claim it’s secure, there are notable security data breaches. A well-known case involved Microsoft in 2021 when a denial-of-service attack made it difficult to access their cloud service. In their official statement, Microsoft said the attack only lasted 10 minutes and they were able to dodge the worst of it and keep things running. However, it just indicates how even leading companies like Microsoft that practice stringent cybersecurity protocols are not immune from attacks and how small firms and professionals who rely on the cloud can be affected by these attacks.

6. Food Security

The supply chain that produces our fresh-tasting Thanksgiving dinners is one of the most fragile and fragmented of any industry–and one of the hardest to secure. Sam Curry disclosed on Twitter that he and a group of other white-hat hackers quietly spent 10 days in July 2022 discovering 100 unique vulnerabilities on farming machine giant John Deere’s corporate networks and websites, including exploits that would enable attackers to take over customer accounts or access employee credential information. The company has since patched everything, Curry added, but the exercise speaks to a much larger issue that’s picking up steam in the food and agriculture industry.

Within the last year, multiple food retailers and processing plants across the U.S. have been targeted by ransomware, prompting the FBI to alert the sector of the elevated risk and President Biden to recently sign an executive order protecting America’s food security. States, too, have taken action to protect their food and water from growing cyber threats, including recent action in California and Nebraska to develop response plans and educate farmers.

7. Hackers

Mandiant’s 2023 cybersecurity forecast predicts more attacks by actors not associated with nation states or organized groups, motivated more by bragging rights than actual financial gain, more extortion attacks, and the possibility that Europe will overtake the United States as most targeted by ransomware, more destructive attacks, information operations and other cyber aggression from The Big Four: Russia, China, Iran and North Korea.

What Can be Done?

Is Machine Learning (ML) and Artificial Intelligence (AI) the answer? Well, some people think so. The recent evolution of cyber threats has brought the potential of AI and ML to the front and center of cybersecurity. Many organizations are adopting the power of technology to automate several aspects of their cybersecurity efforts, such as threat detection.

It’s true that automated programs, if trained well, can simplify various processes, and learn how to respond to threats. However, just like you wouldn’t rely on a machine to protect a physical site 24/7 without supervision, you wouldn’t expect your cybersecurity to be run 24/7 without any sort of monitoring or maintenance. Even highly integrated systems need to be monitored and maintained to ensure they’re working properly. That means well-trained humans must be in the loop.

See What CYRIN Can Do

However effective Machine Learning or AI might become, they do not solve all problems. At CYRIN we know that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. We offer that development with “hands-on” training and our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. These tools and our virtual environment are perfect for a mobile, remote work force.

People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN.


Take a test drive and see for yourself!


 

 

 

 

You Might Also Read

CYRIN Launches New Docker Lab:

 

 

« Ways Governments Can Better Protect Public Data
Deploying NDR To Transform Threat Detection »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

Intrusion

Intrusion

Intrusion provides IT professionals with the most robust tool set available for performing in-depth research and analysis of network traffic.

Invensis Learning

Invensis Learning

Invensis Learning is a professional training and certification company providing IT Service Management, IT Security & Governance, DevOps, Cloud Computing and Digital Awareness training.

Cyber London (CyLon)

Cyber London (CyLon)

CyLon is a leading cyber security accelerator and seed investment programme. We help entrepreneurs from across the globe to build cyber security businesses, raise investment, and develop partnerships.

Myra Security

Myra Security

Myra technology monitors, analyzes, and filters malicious internet traffic before virtual attacks can do any real harm.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

Taqnia Cyber

Taqnia Cyber

Taqnia Cyber specializes in the fields of cyber security, intelligence, operations, and training. It offers its services and consultations to both public and private sectors.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

Alyne

Alyne

Alyne is a Munich based 2B RegTech offering organisations risk insight capabilities through a Software as a Service.

3Elos

3Elos

3Elos operates in the Information Technology market with a focus on research, development, consulting, marketing and implementation of Information Security solutions.

Rezilion

Rezilion

Rezilion is a stealth mode cyber-security start-up developing a cutting edge technology that makes cloud environments self-protecting and resilient to cyber-attacks.

apiiro

apiiro

apiiro invented the industry-first Code Risk Platform™ that uses developers and code behavior analysis to accelerate delivery and automatically remediate product risk.

Intersistemi Italia

Intersistemi Italia

Intersistemi is a leading Italian company in the field of information technology integration and digital transformation including cybersecurity.

SolCyber

SolCyber

SolCyber, a Forgepoint company, is the first modern MSSP to deliver a curated stack of enterprise strength security tools and services that are accessible and affordable for any organization.

Hush

Hush

Hush is a premium privacy service that gives people unprecedented visibility and control of their digital footprint. Hush assesses threats, and goes to work to eliminate digital risks on your behalf.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.