Cybersecurity: What to Expect in 2023
2022 saw continued supply chain disruptions, the evolving pandemic, the Russia-Ukraine war, rising inflation, rising energy costs, and a looming recession that impacted business operations and plans. Despite these challenges, or perhaps because of them, businesses have continued to invest in digital transformation to adapt to changing demands and fluctuating market dynamics. With more connectedness between devices and workplaces and cities that can seamlessly transmit data to one another comes more easy access to sensitive data than ever before, particularly for cybercriminals who seek data for profit. According to a recent study, global data breaches were up 70% in Q3 of 2022, compared to the previous quarter.
Underscoring the reality that no company is immune to a data breach, big names such as Medibank, Rockstar Games, American Airlines, and Cash App were recently attacked. And for organizations that have adopted some form of remote working model, the average cost of a data breach was $4.99 million, almost $1 million more than organizations where remote work is not a factor. While the growing frequency of such hacks are concerning, so too is the amount of time it takes to detect a breach, well north of six months – and the longer a breach remains undetected, the higher the financial impact will be.
To get a beat on what to expect in 2023 with respect to cybersecurity trends and budgeting priorities, Thrive’s CISO Chip Gibbons shares his pick list of what organizations should keep in mind from a people and process perspective:
End Users Are the Top Cybersecurity Target in 2023
Business Email Compromise (BEC) will continue to be a top attack method from cyber attackers and the easiest way into an organization. With the increase in zero-day attacks, people are going to be looking at reducing their externally available footprint. Multi-Factor Authentication (MFA) will be ubiquitous and nothing should be externally available without it.
Budgeting Security in 2023
Currently the economy is in flux and many tech companies are laying off employees or not hiring new ones. Cybersecurity budgets will continue to rise, but not as quickly. Companies know and can see the risk due to ransomware and other attacks, but they will need to be more careful in how they spend their money.
Be Cautious of the Internet of Things (IoT)
IoT devices continue to pose threats as many companies that create these devices are focused on getting to market quickly and security is an afterthought. There are real-life implications of IoT hacks such as being locked out of your house via a smart lock, being unable to access your car via a connected keyfob, or malfunctioning smart appliances – meaning that hacked IoT devices pose real safety and monetary threats at the individual level.
Know Where Data Lives No Matter What Industry
Financial institutions, law firms, healthcare providers, and other companies that deal with sensitive customer data should already understand that threats in 2023 will be complex and constant. But even for those companies that aren’t typically managing lots of data, it’s crucial to know where your data lives and how to protect it. Increased ransomware attacks, which will get through in zero-day attacks, as well as account compromises will happen to make it vital to have multiple layers of protection to stop an attack and potential data exfiltration if one layer fails.
Work From Home Is Here to Stay
Most companies have embraced some form of work-from-home policy and there was a large scramble to get people secure and situated at the beginning of the pandemic. Companies should continue to evaluate their end-user workstation security and work on securing with DNS filtering, EDR, and email filtering.