2023 Cybersecurity Threats and Trends
- Written by: Dan Eness
In an already unfavorable economic environment, state-sponsored and criminal cyberattacks made day-to-operations difficult for businesses in 2022. Looking ahead to 2023, encryption technology company NordLocker named 7 cybersecurity threats and trends to watch in the coming year:
- The rise of fileless malware. Because fileless malware does not require its victim to download any files, it is practically undetectable by most information security tools. Malware of this kind exploits vulnerabilities in previously installed and trusted (and usually well-known) software applications. Fileless malware requires significant skills to develop and conduct, but they attack without introducing a foreign file into your system. It sneaks into legitimate operating system processes (especially Windows PowerShell) and works against you. That makes it extremely hard to detect through traditional antivirus software, which works by looking for known file signatures.
- Targeting supply chains. The interconnected world of commerce has a critical vulnerability in the supply network that only becomes more exposed as the interconnectedness grows. By targeting companies that play critical roles in the activities of other businesses, such as raw materials suppliers or logistics firms, cybercriminals can grind an entire supply chain to a halt and apply mounting pressure to make victims meet their demands. We already see this trend in 2022, and these types of attacks are only ramping up. A data breach anywhere in a business’ supply chain can quickly cascade through other organizations, shutting down operations and creating significant costs. That means businesses must take an active interest not only in their own information security posture but in the security of companies they rely on throughout the supply chain.
- Employees will be a weak link in corporate cybersecurity. The human factor is a factor in more than 80% of cyberattacks. This means that companies must improve employee awareness and agency. When most people talk about developing an information security program, they are referring to the administrative, physical or technical controls used to protect information. The reality is that employees manage designing, implementing and following all controls put in place to protect sensitive information. One misstep by an employee can spell disaster in terms of information security. And it often does. The good news is that by supplying effective information security training to end users, we can solve many security issues. Rather than viewing your employees as a weak link to offset, enlist them as frontline defenders against cybersecurity threats. Use our Employee Security Awareness Training Planner to get started.
- Ransomware will become more targeted. Usually, ransomware is spread randomly to numerous targets by phishing or other social engineering methods with the hopes that someone will click the link or supply their credentials. What criminals are developing now, however, is a much more selective, customized approach to social engineering. This means that it is more important than ever that you are actively watching for attacks. If a ransomware actor does get a toehold in your system, spotting it immediately lets you shut down the breach before things get out of hand. IBM reports that it takes 280 days to identify the average breach. You can do a lot better. The latest defense is a Managed Extended Detection and Response solution that constantly monitors activity, uses artificial intelligence to recognize multiple different acts as a brewing attack and actively steps in to shut down suspicious activity.
- Cloud security will become increasingly important. Cloud storage and networking continues to grow. If you’re thinking only in terms of access to office-based computers and servers, you’re several years behind. The rapid switch in 2020 to working from home should cement our understanding that the dispersed workforce is here to stay. Your data probably lives largely in the cloud with access coming from dozens of personal devices and home networks. Your plan and training need to cover all of that.
- The EU threatens interoperability laws, which may make encryption more challenging. In order to encourage greater interoperability between services and devices, the EU put forward a proposal that could weaken encryption laws in Europe, which could have negative effects on encryption worldwide. If it passes, the new law will require digital platforms to scan every single message or file sent through their services for suspicious content. Even if the law is approved, understanding email encryption and figuring out how to balance user security and interoperability is important. The dangers of not encrypting emails are numerous. Not only do you put your clients’ information at a higher risk of being leaked, but you also put your own business at risk. If a criminal were to access private information on your client or your company, they may try to use that information for extortion. They could also utilize certain details found to try and access other areas of your company. With the right data, a threat actor can gain access to systems that are configured securely.
- Reduced cybersecurity spending will expose vulnerabilities. In a recession, many companies and individuals are rethinking their budgets, and cybersecurity spending is often among the first to receive a cut. This presents an opportunity for criminals who will take advantage of the lowered barriers to entry. It is possible that budget-tightening alone could make 2023 one of the costliest and most destructive years for entities affected by cybersecurity incidents, which means that companies should not avoid spending, but instead should be seeking ways to make spending more effective. By keeping it simple, communicating with numbers, getting to the point quickly, using visuals and not making assumptions, the trusted security expert at a company will make cleaner, more persuasive, more efficient advocacy for risk mitigation and network visibility and defense.
HBS’s approach to cybersecurity threats is one that is based on risk, not fear. If you are looking for a trusted cybersecurity partner who can maximize your opportunity to extend your security to meet the demands of 2023, contact us today.