Three cybersecurity trends for 2023

2022 was a busy year for both cybersecurity professionals and cybercriminals alike. As the new year begins, I wanted to share my thoughts on three cybersecurity trends that I expect to develop in 2023.

Ransomware proved to be a significant challenge for cybersecurity professionals in 2022 and this is expected to increase in 2023. According to new publication the Verge; ‘in the first two quarters of 2022, there were a total of 236.1 million ransomware attacks globally. These attacks were estimated to be worth $14 billion to cybercrime groups.’ No company is safe from the threat of ransomware attacks or other cyber threats. Samsung, Uber, Microsoft and T-Mobile were all subjected to breaches in 2022. Ransomware attacks happen in two ways: by opportunistic means or by targeting someone or something. Targeted attacks are growing much more sophisticated and specific and they are expected to get even more so in 2023. It will be essential for firms to increase their protection this year and can do so by being protected by a triad of methods. Through a cybersecurity strategy, businesses will need to ensure they are operating in a secured environment whilst also having a plan to recover quickly and efficiently should a breach happen. Should a company fall victim to an attack, they need to have an ongoing security and compliance assurance plan to ensure they are able to continue to operate.

Whilst attacks can arise from outside of organisations, insider threats remain a pressure and concern in terms of cybercrime. It can be incredibly challenging to prove who carried out a breach and this is even more difficult should it be carried out by an insider working for an operation. Human error can be problematic for ensuring cybersecurity for businesses and it is an aspect that I explored throughout my blogs in 2022. Human errors however, are one of the key reasons why businesses experience data breaches. To minimise this risk, we offer teams cybersecurity training. However, intentional corporate malice and espionage can also be problematic for businesses. They are incredibly difficult to prepare for and protect against. Cybercriminals know this and therefore this poses a threat for businesses in 2023. In order to combat this risk, firms must limit privileged access to sensitive information such as trade secrets, financial and customer data and intellectual property. It is critical to have tools in place that layer security access to individuals, so staff can only access what they need to. This level of detail is possible with today’s technical advances. This strategy takes both human and technical awareness, yet it is essential for good governance and practice.

Remote cybersecurity will continue to be a key priority for businesses in 2023. RFA has been supporting clients on their journey to transition into hybrid working since the onset of the pandemic in 2020. This sudden and rapid shift to remote working meant that many companies embraced an ‘act first, plan later’ approach to their operational structures. This exposed companies to greater cybersecurity risks as employees were working from different locations and it became harder to ensure network-centric security for IT teams. Companies now need to ensure they have a well-considered, consistent and highly structured hybrid working strategy put in place that allows all data and working environments to be protected that focuses on a business’ long term goals. It is imperative that strict access controls are put into place so IT teams can manage the company’s cybersecurity posture and fundamentally manage risk. For some firms, it is becoming increasingly apparent that a hybrid model does not satisfy their business needs, and we are seeing some RFA clients limit remote working significantly.

As we look to progress into the new year, investing in an ongoing cybersecurity strategy will be a key priority for all businesses. This should include investing in policies, training and procedures so that staff can carry out work in a conduct that is safe and secure, whilst also creating frameworks that help protect the business from any potential cyberattacks. Budget for cybersecurity should be considered as essential with a high ROI, as although not an income generator it should be viewed as the most important income protector.

Written by George Ralph, Global Managing Director at RFA