Throughout 2022, cyber security continued to evolve at pace as both hackers and cyber criminals vied to outsmart each other. As a result, organisations needed to constantly work on cyber security initiatives as the threat landscape constantly evolved and changed. Cyber criminals and methods have now become more and more sophisticated and thus companies need to match or even exceed that level of sophistication to thwart their efforts.
In the UK alone in 2022, 39% of UK businesses identified a cyber-attack, with the most common threat vector being phishing attempts at 83% according to the UK Government. This is startling as phishing attacks, despite their apparent dominance, are deemed as preventable attacks, fitting well with the notion that the vast majority of cyber-attacks are preventable.
According to Forbes, a major data loss typically causes a company to go offline for an average of 22 days, resulting in revenue losses from $10,000 per hour for small businesses to more than $5 million per hour for large enterprises. Therefore, companies should invest a half or a third of those dollars in cyber security initiatives in order to mitigate these threats.
Back in 2020, Thales reported that financial losses from cybercrime now exceeds the total losses incurred from the global trade of all illegal drugs. And now just over two years later, this trend continues to grow. Cyber-attacks not only threaten substantial financial losses, but also company reputation and thus a company’s ability to perform well beyond the occurrence of the attack itself.
With all of this in mind, and the need for businesses to stay one step ahead of the game, what are some of the key cyber security trends for 2023 to look out for?
IoT & Cloud Security
The more devices we connect and network together the more potential entry points hackers can use to get access to our data. In 2023 there is predicted to be 43 billion connected IoT devices globally. However also in 2023, a number of governmental initiatives are due to come in to improve security around connected devices. This includes cloud systems, and the networks that ties them together.
Two of these include the Product Security and Telecommunications Infrastructure (PSTI) Bill in the UK and also a cybersecurity labelling program for consumer Internet of Things devices in the USA. This will be led by the Biden administration in an effort to protect Americans from “significant national security risks.” This labelling system for IoT devices in the US aims to provide consumers with information on the possible security threats their devices may bring into their homes, while the UK PSTI bill sets out a regulatory framework designed to cope with the rapid evolution of cyber threats. In 2022 we saw the legislative framework begin to solidify from arbitrary to mandatory. In the same way GDPR laid out a set regulatory framework for privacy which put companies’ reputation and freedoms at risk, these new regulations will do the same for manufacturers and businesses who use and network IoT devices.
The growing importance of ‘SASE’ – (Secure Access Service Edge)
As mentioned, 2023 will see the rapid adoption of cloud platforms which in turn will rapidly increase the attack surface and exposure, therefore increasing the number of attacks that can be infiltrated on systems and staff. SASE is the convergence and integration of multiple technologies into one package for businesses. It is a modern approach that moves networking and security out of the traditional data centre, and closer to where users work and applications live, in the cloud. SASE attempts to bring together the best of both worlds by converging networking with security, with the objective of this framework, model or architecture being to protect against attacks regardless of location. It seeks to deliver a strong user experience that simplifies processes and systems, whilst easily securing users and applications. First coined by Gartner in 2019, this is not a new term but one which is readily gaining traction and has been earmarked for big moves in 2023 and beyond.
Cyber security and AI
As the number of attacks and the complexity of cyber-attacks increases, it is becoming increasingly difficult for humans to handle them. This is where artificial intelligence (AI) comes into play. AI and machine learning (ML) algorithms can examine vast amounts of data moving across networks in real-time far more efficiently than humans ever could and can recognise suspicious patterns and behaviours in a way that humans are unable. Unfortunately, hackers are also starting to utilise AI from highly personalised phishing attacks, to identifying businesses with weak systems or those that contain valuable data via machine learning algorithms. By 2030 AI cyber security products are set to be worth around $139 billion dollars, a ten-fold increase from the value of the market in 2021. Being able to respond to threats through automation of these systems in imperative, mainly because the longer you wait, the more damage is done. Early detection and prevention through the use of machine learning and artificial intelligence will become ever more important through the coming year.
Fostering a security-aware culture
Instead of limiting cybersecurity responsibilities to the IT and technical departments, businesses need to try and motivate employees to take ownership of their own security, with this awareness becoming a fundamental part of the employment process and job requirements in 2023. Humans are still the weakest link when it comes to cyber security. This is down mainly to phishing and social engineering methods as highlighted above. Technical skills and expertise are not required to build an awareness of these hacking methods and therefore all employees can act as a critical first line of defence against these attacks through knowledge and by taking basic precautions. Effective password management and understanding of 2FA and MFA solutions should also be taught across the board at all levels. Training and education to elicit a cyber-aware culture will play a pivotal role in 2023.
Continued investment despite turbulence
Despite extremely volatile and turbulent economic conditions throughout 2022 and in particular towards the end of the year, most CISO budgets are not decreasing. The industry as a whole has gone from a position of not having enough data to having too much data and this continues to pose a challenge for businesses and security departments. Organisations need to constantly work on cyber security initiatives because the threat landscape is forever evolving and changing. This means that cyber security budgets are predicted not be impacted in the same way other budgets look set to be throughout 2023, with Gartner agreeing that ‘IT spending remains a priority’. This is good news for cyber security solution providers but also for the safety and security of businesses as threat actors remain prominent.
--------------------
swIDch will continue its quest to innovate and pioneer next-generation authentication solutions. To stay up-to-date with the latest trends sign up to our newsletter and check out our latest solutions.
