What’s In Store For 2023: Cybersecurity Trends

Uploaded on 2022-12-20 in FREE TO VIEW

Promotion

As we turn the page on 2022, cybersecurity threats are continuing to create problems for businesses, institutions, and individuals. According to Cybersecurity Ventures, if cybercrime was a country it would be the world’s third largest economy after the US and China. They estimate the cost of cybercrime at $7 trillion in 2022.

Checkpoint says the first six months of 2022 saw a whopping 40% increase in cyber-attacks from the previous year, with ransomware being declared a “state-level weapon.” It has been a never-ending cycle of cyber thieves coming up with new ways to attack and cyber security professionals playing catch up with the solutions.

At CYRIN we also continue to keep up with the threats and find ways to get you on the right track as you prepare your team for whatever cybersecurity brings in 2023.

What did we predict in December of 2021 would be the critical issues in cybersecurity for 2022?

  • Global Focus on Cybersecurity
  • Cybersecurity Talent Shortage
  • Supply-Chain Attacks & Ransomware
  • Privacy Laws
  • Remote Work

So, what might be the top cybersecurity issues for 2023? Here is a look at some critical issues for cyber that experts are urging us to prepare for in the new year.

1. Phishing Threats

Phishing attacks can hit businesses or individuals. It’s one of the most common attacks that criminals utilize to steal information for fraudulent purposes. According to Nahla Davies for AT&T’s Cybersecurity blog: “Phishing is still the most severe security threat on the internet to date — and a majority of the population is at a high risk of falling prey to this threat (it’s said that 97% of the people who have internet access, still cannot recognize a phishing email). Phishing emails and dangerous URLs are still common on the internet, but they are now customized, tailored, and geo-targeted.”

2. Ransomware

Ransomware as a cybersecurity issue has been around for several years and it is still a huge problem. Mostly, it has been an issue for businesses (but individuals can be caught up in it). Ransomware is among the top 10 cyberattacks and is a popular way for attackers to target businesses. This won’t change any time soon; according to the U.S. Department of Homeland Security, ransomware attacks have been increasing across the globe. Unsuspecting users download infected emails or visit websites that are infected, and the criminals are into the system. Companies’ networks are then held hostage until ransoms (usually in cryptocurrency) are paid and there are times when even if the ransom is paid, says Karim Ahmad writing in Makeuseof, “there's no guarantee that your files will be unlocked. In most cases, it's a slippery slope, with ransomware gangs preying on the less tech-savvy and demanding increasing sums of money.”

As reported by Cloudwards.net, ransomware cost the world $20 billion in 2021 and that number is expected to rise to $265 billion by 2030. In 2021 37% of all businesses and organizations were hit by ransomware, 32% of the ransomware victims paid the ransom and got only 65% of their data back. More surprisingly, only 57% of businesses were successful recovering their data using a backup. That’s why Inc. reports that according to the National Cyber Security Alliance, ransomware can have a chilling effect on small businesses, as 60% of them go out of business within six months of a cyber breach.

3. IoT Attacks by Criminals

The Internet of Things (IoT) is huge, and the interconnected devices run the gamut from laptops and mobile phones to refrigerators and smartwatches. AT&T Cybersecurity reports that Oracle estimates there are currently more than 7 billion connected IoT devices, and experts anticipate this figure to expand to 22 billion by 2025. This rapid growth of the IoT has increased the chances for cybercriminals to launch cyberattacks and data breaches. Since there are so many devices available, many with limited security features built in, this industry is extremely vulnerable to threats from bad actors.

4. Cyber Security Regulations/GDPR Compliance

The European Union has made the first move on adopting data protection regulations. The European Commission first drafted the General Data Protection Regulation (GDPR) in 2016. The regulation became active in 2018, providing rules designed to give EU citizens more control over their personal data. Since then, the GDPR has grown in influence as more countries outside of the EU apply it to their regions. The GDPR law aims to provide data security across the EU; and companies that sell to EU residents regardless of where they are located, must follow the regulations. With 99 individual articles, the GDPR is the strongest set of data protection rules in the world.

As remote work has become more entrenched, the need for more regulation on a worldwide basis will become the norm.

There are predictions for cybersecurity regulations to get stricter with time, especially as decentralization of access becomes the norm. More importantly, companies might also be expected to undergo IT audits to ensure that they have taken appropriate measures to protect their networks against cyberattacks.

5. Cloud Security

Over the past few years more and more companies have utilized the cloud to store their information. It is more cost efficient for a company to store information in the cloud then store it on their sites. Although proponents claim it’s secure, there are notable security data breaches. A well-known case involved Microsoft in 2021 when a denial-of-service attack made it difficult to access their cloud service. In their official statement, Microsoft said the attack only lasted 10 minutes and they were able to dodge the worst of it and keep things running. However, it just indicates how even leading companies like Microsoft that practice stringent cybersecurity protocols are not immune from attacks and how small firms and professionals who rely on the cloud can be affected by these attacks.

6. Food Security

The supply chain that produces our fresh-tasting Thanksgiving dinners is one of the most fragile and fragmented of any industry–and one of the hardest to secure. Sam Curry disclosed on Twitter that he and a group of other white-hat hackers quietly spent 10 days in July 2022 discovering 100 unique vulnerabilities on farming machine giant John Deere’s corporate networks and websites, including exploits that would enable attackers to take over customer accounts or access employee credential information. The company has since patched everything, Curry added, but the exercise speaks to a much larger issue that’s picking up steam in the food and agriculture industry.

Within the last year, multiple food retailers and processing plants across the U.S. have been targeted by ransomware, prompting the FBI to alert the sector of the elevated risk and President Biden to recently sign an executive order protecting America’s food security. States, too, have taken action to protect their food and water from growing cyber threats, including recent action in California and Nebraska to develop response plans and educate farmers.

7. Hackers

Mandiant’s 2023 cybersecurity forecast predicts more attacks by actors not associated with nation states or organized groups, motivated more by bragging rights than actual financial gain, more extortion attacks, and the possibility that Europe will overtake the United States as most targeted by ransomware, more destructive attacks, information operations and other cyber aggression from The Big Four: Russia, China, Iran and North Korea.

What Can be Done?

Is Machine Learning (ML) and Artificial Intelligence (AI) the answer? Well, some people think so. The recent evolution of cyber threats has brought the potential of AI and ML to the front and center of cybersecurity. Many organizations are adopting the power of technology to automate several aspects of their cybersecurity efforts, such as threat detection.

It’s true that automated programs, if trained well, can simplify various processes, and learn how to respond to threats. However, just like you wouldn’t rely on a machine to protect a physical site 24/7 without supervision, you wouldn’t expect your cybersecurity to be run 24/7 without any sort of monitoring or maintenance. Even highly integrated systems need to be monitored and maintained to ensure they’re working properly. That means well-trained humans must be in the loop.

See What CYRIN Can Do

However effective Machine Learning or AI might become, they do not solve all problems. At CYRIN we know that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. We offer that development with “hands-on” training and our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. These tools and our virtual environment are perfect for a mobile, remote work force.

People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN.

Take a test drive and see for yourself!

 

 

 

 

You Might Also Read

CYRIN Launches New Docker Lab:

 

 

« Ways Governments Can Better Protect Public Data
Deploying NDR To Transform Threat Detection »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

Centrify

Centrify

Centrify’s Next-Gen Access is an identity & access management solution that uniquely converges Identity-as-a-Service, enterprise mobility management and privileged access management.

SEC Consult

SEC Consult

SEC Consult is a leading European consultancy for application security services and information security.

PECB

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards in a range of areas including Information Security and Risk Management.

ERNW

ERNW

ERNW is an independent IT Security service provider with a focus on consulting and testing in all areas of IT security.

WetStone Technologies

WetStone Technologies

WetStone develops software solutions that support investigators and analysts engaged in eCrime Investigation, eForensics and incident response activities.

ICTSecurity Portal

ICTSecurity Portal

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

WISeKey

WISeKey

WISeKey is a leading cybersecurity company currently deploying large scale digital identity ecosystems for people and objects using Blockchain, AI and IoT.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

Netsurion

Netsurion

Netsurion powers secure and agile networks for highly distributed and small-to-medium enterprises and the IT providers that serve them.

Porto Research, Technology & Innovation Center (PORTIC)

Porto Research, Technology & Innovation Center (PORTIC)

PORTIC brings together several research centers and groups from P.PORTO in a single space, forming a superstructure dedicated to research, technology transfer, innovation and entrepreneurship.

RiskOptics

RiskOptics

RiskOptics (formerly Reciprocity) equips organizations with one of the most intuitive and powerful information security and cyber risk management solutions in the market.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.

Autobahn Security

Autobahn Security

Autobahn Security is a growing team of 80+ experts from 25+ nationalities, established in 5 countries. We’re working hard to make Autobahn Security the No. 1 solution for improved hacking-resilience.