What’s In Store For 2023: Cybersecurity Trends

Promotion

As we turn the page on 2022, cybersecurity threats are continuing to create problems for businesses, institutions, and individuals. According to Cybersecurity Ventures, if cybercrime was a country it would be the world’s third largest economy after the US and China. They estimate the cost of cybercrime at $7 trillion in 2022.

Checkpoint says the first six months of 2022 saw a whopping 40% increase in cyber-attacks from the previous year, with ransomware being declared a “state-level weapon.” It has been a never-ending cycle of cyber thieves coming up with new ways to attack and cyber security professionals playing catch up with the solutions.

At CYRIN we also continue to keep up with the threats and find ways to get you on the right track as you prepare your team for whatever cybersecurity brings in 2023.

What did we predict in December of 2021 would be the critical issues in cybersecurity for 2022?

  • Global Focus on Cybersecurity
  • Cybersecurity Talent Shortage
  • Supply-Chain Attacks & Ransomware
  • Privacy Laws
  • Remote Work

So, what might be the top cybersecurity issues for 2023? Here is a look at some critical issues for cyber that experts are urging us to prepare for in the new year.

1. Phishing Threats

Phishing attacks can hit businesses or individuals. It’s one of the most common attacks that criminals utilize to steal information for fraudulent purposes. According to Nahla Davies for AT&T’s Cybersecurity blog: “Phishing is still the most severe security threat on the internet to date — and a majority of the population is at a high risk of falling prey to this threat (it’s said that 97% of the people who have internet access, still cannot recognize a phishing email). Phishing emails and dangerous URLs are still common on the internet, but they are now customized, tailored, and geo-targeted.”

2. Ransomware

Ransomware as a cybersecurity issue has been around for several years and it is still a huge problem. Mostly, it has been an issue for businesses (but individuals can be caught up in it). Ransomware is among the top 10 cyberattacks and is a popular way for attackers to target businesses. This won’t change any time soon; according to the U.S. Department of Homeland Security, ransomware attacks have been increasing across the globe. Unsuspecting users download infected emails or visit websites that are infected, and the criminals are into the system. Companies’ networks are then held hostage until ransoms (usually in cryptocurrency) are paid and there are times when even if the ransom is paid, says Karim Ahmad writing in Makeuseof, “there's no guarantee that your files will be unlocked. In most cases, it's a slippery slope, with ransomware gangs preying on the less tech-savvy and demanding increasing sums of money.”

As reported by Cloudwards.net, ransomware cost the world $20 billion in 2021 and that number is expected to rise to $265 billion by 2030. In 2021 37% of all businesses and organizations were hit by ransomware, 32% of the ransomware victims paid the ransom and got only 65% of their data back. More surprisingly, only 57% of businesses were successful recovering their data using a backup. That’s why Inc. reports that according to the National Cyber Security Alliance, ransomware can have a chilling effect on small businesses, as 60% of them go out of business within six months of a cyber breach.

3. IoT Attacks by Criminals

The Internet of Things (IoT) is huge, and the interconnected devices run the gamut from laptops and mobile phones to refrigerators and smartwatches. AT&T Cybersecurity reports that Oracle estimates there are currently more than 7 billion connected IoT devices, and experts anticipate this figure to expand to 22 billion by 2025. This rapid growth of the IoT has increased the chances for cybercriminals to launch cyberattacks and data breaches. Since there are so many devices available, many with limited security features built in, this industry is extremely vulnerable to threats from bad actors.

4. Cyber Security Regulations/GDPR Compliance

The European Union has made the first move on adopting data protection regulations. The European Commission first drafted the General Data Protection Regulation (GDPR) in 2016. The regulation became active in 2018, providing rules designed to give EU citizens more control over their personal data. Since then, the GDPR has grown in influence as more countries outside of the EU apply it to their regions. The GDPR law aims to provide data security across the EU; and companies that sell to EU residents regardless of where they are located, must follow the regulations. With 99 individual articles, the GDPR is the strongest set of data protection rules in the world.

As remote work has become more entrenched, the need for more regulation on a worldwide basis will become the norm.

There are predictions for cybersecurity regulations to get stricter with time, especially as decentralization of access becomes the norm. More importantly, companies might also be expected to undergo IT audits to ensure that they have taken appropriate measures to protect their networks against cyberattacks.

5. Cloud Security

Over the past few years more and more companies have utilized the cloud to store their information. It is more cost efficient for a company to store information in the cloud then store it on their sites. Although proponents claim it’s secure, there are notable security data breaches. A well-known case involved Microsoft in 2021 when a denial-of-service attack made it difficult to access their cloud service. In their official statement, Microsoft said the attack only lasted 10 minutes and they were able to dodge the worst of it and keep things running. However, it just indicates how even leading companies like Microsoft that practice stringent cybersecurity protocols are not immune from attacks and how small firms and professionals who rely on the cloud can be affected by these attacks.

6. Food Security

The supply chain that produces our fresh-tasting Thanksgiving dinners is one of the most fragile and fragmented of any industry–and one of the hardest to secure. Sam Curry disclosed on Twitter that he and a group of other white-hat hackers quietly spent 10 days in July 2022 discovering 100 unique vulnerabilities on farming machine giant John Deere’s corporate networks and websites, including exploits that would enable attackers to take over customer accounts or access employee credential information. The company has since patched everything, Curry added, but the exercise speaks to a much larger issue that’s picking up steam in the food and agriculture industry.

Within the last year, multiple food retailers and processing plants across the U.S. have been targeted by ransomware, prompting the FBI to alert the sector of the elevated risk and President Biden to recently sign an executive order protecting America’s food security. States, too, have taken action to protect their food and water from growing cyber threats, including recent action in California and Nebraska to develop response plans and educate farmers.

7. Hackers

Mandiant’s 2023 cybersecurity forecast predicts more attacks by actors not associated with nation states or organized groups, motivated more by bragging rights than actual financial gain, more extortion attacks, and the possibility that Europe will overtake the United States as most targeted by ransomware, more destructive attacks, information operations and other cyber aggression from The Big Four: Russia, China, Iran and North Korea.

What Can be Done?

Is Machine Learning (ML) and Artificial Intelligence (AI) the answer? Well, some people think so. The recent evolution of cyber threats has brought the potential of AI and ML to the front and center of cybersecurity. Many organizations are adopting the power of technology to automate several aspects of their cybersecurity efforts, such as threat detection.

It’s true that automated programs, if trained well, can simplify various processes, and learn how to respond to threats. However, just like you wouldn’t rely on a machine to protect a physical site 24/7 without supervision, you wouldn’t expect your cybersecurity to be run 24/7 without any sort of monitoring or maintenance. Even highly integrated systems need to be monitored and maintained to ensure they’re working properly. That means well-trained humans must be in the loop.

See What CYRIN Can Do

However effective Machine Learning or AI might become, they do not solve all problems. At CYRIN we know that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. We offer that development with “hands-on” training and our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. These tools and our virtual environment are perfect for a mobile, remote work force.

People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN.


Take a test drive and see for yourself!


 

 

 

 

You Might Also Read

CYRIN Launches New Docker Lab:

 

 

« Ways Governments Can Better Protect Public Data
Deploying NDR To Transform Threat Detection »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

Privacy Analytics

Privacy Analytics

Privacy Analytics enables healthcare organizations to unleash the value of sensitive data for secondary purposes without compromising personal health information.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Fujitsu

Fujitsu

Fujitsu is the leading Japanese global information and communication technology company, offering a full range of products, solutions and services including Managed IT Services and Cyber Security.

Harel Mallac Technologies

Harel Mallac Technologies

Harel Mallac Technologies is a Mauritian organisation that has developed a strong network of ICT specialists with nodes across the African continent.

Aricoma

Aricoma

Aricoma are Architects of Digital. We aim to become a major player in end-to-end IT services and digital transformation in Europe.

Featurespace

Featurespace

Featurespace is a world-leader in Adaptive Behavioural Analytics and creator of the ARIC platform for fraud and risk management.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

INE

INE

INE is a premier provider of Technical Training for the IT industry.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

Visory

Visory

Great businesses depend on great technology. We make sure our clients go to market with enterprise-level technology and world-class security for their data and infrastructure.

American Technology Services (ATS)

American Technology Services (ATS)

American Technology Services provides unparalleled services in information technology to support small and mid-sized business. From top-level strategy, to managed services and infrastructure support.

View

View

View is the leader in smart building technologies including OT cybersecurity to securely connect buildings to the cloud and manage building networks and OT devices.

Relatech

Relatech

Relatech is a Digital Enabler Solution Knowledge (D.E.S.K.) Company that offers digital services and solutions dedicated to the digital transformation of businesses.

IT Voice

IT Voice

IT Voice specializes in Managed IT and VoIP solutions. Our focus is simplifying the technology so our customers can stay focused on what they do best.