Introduction
Key Takeaways
As 2022 comes to a close and we look forward to starting 2023 off on the right foot, here are 6 cybersecurity trends every organization should keep an eye on in 2023.
1. Ransomware is not going away. During the pandemic, we saw an increase in ransomware attacks, driven partly by newly remote teams and rapidly adopting new technologies. While that may have slowed a bit as nation-state actors shifted focus during the outbreak of conflict in Ukraine, it’s likely ransomware attacks won’t go away in 2023. A report from Trend Micro anticipates that attackers are likely to keep the same kill chain, but are likely to change the ransomware payload to seek out ways for additional data extortion.
Tip: Install anti-malware and antivirus software and employ continuous risk assessment, risk management, and vulnerability management best practices.
2. Threat actors will stay focused on the supply chain. Supply chain attacks can lead to big payouts for attackers. The more interconnected systems and operations are, the more damage they may be able to do. Since the outbreak of the pandemic, we’ve seen an increased focus on supply chain attacks and that’s likely to continue, if not increase, in the new year.
Tip: Get to know all levels of your supply chain and their security controls and practices. It’s no longer enough to just take your tier 1 supplier’s word that they’re using industry-recognized security and compliance controls. Include security and compliance requirements in contracts and service-level agreements. Make sure to routinely check in to ensure your suppliers are doing what they say they will do. And, to take it even a step further, encourage your suppliers to adopt the same security practices your organization uses to protect and secure your data.
3. Cloud security focus will be paramount. Organizations are moving more and more critical operations and data off-site and into the cloud. That means traditional security controls segment on-site networks from outside access, and won’t work in a more dynamic cloud environment. And, because of the interconnectivity of the cloud, attackers are likely to keep cloud services in their crosshairs. In 2023, successful organizations will need to shift focus to employ security measures that are built for the cloud.
Tip: Consider adopting zero trust for all of your cloud services and build your security measures into the entire lifecycle of all of your new dev projects, from conception to deployment. The cloud is dynamic and new services and applications are constantly moving into and out of the cloud. By including security controls and processes in your SDLC, you’re building better defenses against potential attacks during and after deployment.
4. Expect more regulations. Across most industries, new data privacy and security regulations are coming into play. In the U.S., at the state level, many are now considering or have already adopted state-specific privacy and security mandates. The federal government is also taking steps to ensure their contractors and agencies employ best practice data privacy and security controls and reporting measures. There are even regulations abroad that have a direct impact on organizations here at home. Expect that to continue to be the case in 2023 and in the future.
Tip: If you’re still managing all of your security controls, frameworks, and regulatory and compliance requirements in spreadsheets or via word processing tools, then you’re going to continue to struggle—and potentially fail—at keeping up with the growing list of regulatory requirements most organizations will face. Instead, consider adopting a SaaS-based cybersecurity framework management platform that can help you manage all of your frameworks, down to a control and sub-control level, all within a single dashboard. The platform also gives you instant insight into how your controls and frameworks are working so you can identify weaknesses and resolve them before an attack.
5. It’s going to be harder to get cyber insurance. Some cyber insurance companies have had big payouts in the last few years and as such, they’re stepping up cybersecurity requirements for those looking for new policies as well as renewing customers. This is likely only going to increase in 2023. Instead of just demonstrating you’ve got specific controls in place, expect a growing number of cyber insurers to take that a step forward and ask you to demonstrate those controls are functioning as you say.
Tip: Adopt a cybersecurity framework management platform that can give you insight into your controls and sub-controls against all of your frameworks from within a single, easy-to-understand dashboard. Use the platform to create customized reports that demonstrate to your insurers you’re doing what you say you are how you said you are. You can even share real-time compliance scoring with them so they know just how well your controls meet compliance requirements.
6. Breaches are going to cost more. In the last few years, we’ve seen a growing number of large-scale breaches that are exposing millions of records within a single breach. While the cost to implement cybersecurity controls and manage them may likely increase, we also anticipate it will cost more to respond to and recover from attacks. Worse yet, as regulatory agencies grow more concerned about lack of compliance, expect those fines to increase in frequency and expense.
Tip: Implement proactive and continuous strategies to identify and address security risks well before an incident happens or an auditor steps in and finds issues for you. By taking a proactive approach to your cybersecurity measures, you’ll have more opportunities to identify vulnerabilities and security weaknesses across your enterprise, prioritize which of those need your focus first, and then address them before a breach can happen.
Follow along in our 12 Days of Cybersecurity on our LinkedIn. Learn more about how Apptega can simplify day-to-day cybersecurity and compliance management and schedule a custom tour of the Apptega platform.