Cybersecurity Challenges Ahead: What Enterprises Need to Know for 2023
In 2023, enterprises will face a range of cybersecurity challenges, from economic instability to stricter privacy laws. Here, we'll explore the top challenges that businesses will have to tackle in the coming year. Cybersecurity experts have identified the following as the biggest challenges for 2023:
Impacts of an Imminent Economic Crisis
The economic fallout from the COVID-19 pandemic has led to widespread financial instability, and this trend is likely to continue into 2023. According to the World Economic Forum, the world is now facing a "polycrisis" that combines the challenges of climate change, pandemics, economic instability, mental health deterioration, social unrest, and general uncertainty. Cybercriminals will capitalize on this uncertainty to launch targeted attacks and exploit businesses and individuals alike for financial gain. In fact, it is a widely known fact that cybercrime tends to increase during times of uncertainty. Cybercriminal activity rose 40% in the two years following the recession’s 2009 peak. And six months into the COVID-19 pandemic, the FBI was seeing a 75% spike in daily cybercrimes.
Akshay Joshi, Head of Industry and Partnerships, Centre for Cybersecurity says that 'Geopolitical and economic uncertainty around the world is exacerbating the threat of potentially catastrophic cyber attacks, increasing the risk for businesses across sectors.'
He warns of 'crippling ransomware attacks' and 'large-scale disruptions', as potential risks to businesses during the year. This is already happening at this moment, as a
global ransomware campaign has been underway since Feb 4th, taking down servers in several countries including Italy, France, Germany, USA, Canada, and UK. The large-scale attack targets VMware servers that use ESXi hypervisors to monitor virtual machines. It has already affected thousands of servers worldwide and is only expected to continue in the coming days.
The economic downturn will also put an increasing pressure on CISOs and security teams to find more cost-effective ways of securing their businesses. Budget constraints have always been a pressing issue when it comes to cybersecurity, and a recession is only going to exacerbate this issue. In the face of such a crisis, the main focus for most CISOs will be to maximize the value of their existing security investments.
“In 2023, there will be increasing pressure for CISOs and security leaders to maximize the value of their existing security stacks due to the pending recession,” said Leonid Belkind, CTO and cofounder of security automation provider Torq, for a
VentureBeat article in December 2022.
Businesses will need to evaluate their existing security stacks and look for areas of improvement, instead of adding new tools to the mix.
Anderson Salinas, Senior Manager, Cyber Risk Advisory at Deloitte said in the same article that 'One of the greatest avenues for improvement is to identify opportunities to automate processes and controls.'
Security automation can play a huge role in enhancing the overall security posture of a business and even solve critical customer challenges. It is the boost that security teams need in such trying times to make the most out of their existing tools. What's more, automation can help to free up security teams to focus on more strategic and higher-value projects and alleviate some of the strain that comes with managing the growing number of threats.
Check out this video below to know why security automation is a 'must-have' for businesses today:
New Technology, Newer and More Dangerous Threats
Additionally, 2023 will also be a time of enormous technological advancement and development. While this is good news for the future of technology and will create many new opportunities for growth, it also presents new challenges for businesses as well as security professionals.
'New technologies are also evolving quickly, and with these come new vulnerabilities, which attackers – some of whom have strong geopolitical motives – are often swift to exploit.', added Akshay Joshi.
New technology like 5G networks, IoT, and artificial intelligence (AI) while being very promising for cyber security, are already putting businesses and data at risk. For instance, one of the major implications of leveraging quantum computing is the risk of 'harvest now, decrypt later' attacks, according to a
Deloitte poll.
Social engineering attacks, such as phishing, continue to be a major threat to organizations, and attackers will use emerging tech to their advantage, using techniques like AI to develop smarter phishing attacks. For example, OpenAI's new chatbot, ChatGPT, is already being used to create and test phishing messages.
In addition to new tech, new programming languages also represent a significant risk, as they open up the possibility of new vulnerabilities and ways to breach systems.
'Using non-standard languages can make malware more difficult to detect as well as provide some unique advantages for the attackers, including development opportunities, control over their intellectual property, and minimization of re-use by other actors.', says Randy Rose, Sr. Director of Security Operations & Intel at the Center for Internet Security (CIS) in this
article about predictions for 2023.
With any new tech, comes the risk of a new attack vector. We've already seen this happen with the cloud, MFA, cryptocurrencies, the internet of things, among many others and this will always be the case as technology evolves.
According to a
Global Cybersecurity Outlook 2023 by the World Economic Forum, 'Awareness and preparation will help organizations balance the value of new technology against the cyber risk that comes with it.'
Regulatory Compliance
Privacy laws and regulations such as GDPR, CCPA, and PCI-DSS are making companies more accountable for their data and the way it is used. Many companies are already taking steps to ensure that their data is protected, and that they are compliant with the privacy laws and regulations. In 2023, these laws are expected to be more stringent and will continue to evolve as per the latest requirements.
However, the speed at which new technology emerges surpasses the speed at which cyber-security professionals can assess and understand it, and make regulations to govern the use of the technology. This makes it difficult for businesses to keep up with the rapidly evolving requirements for data privacy and protection.
Gartner predicts that privacy rights are to cover
5 Billion citizens and 70% of global GDP by 2023. Nader Henein, research vice president at Gartner says that “With more countries introducing modern privacy laws in the same vein as the General Data Protection Regulation (GDPR), the world has reached a threshold where the European baseline for handling personal information is now the de facto global standard.”
This will put more pressure on companies to comply with more regulations and be more vigilant in protecting their customers' data.
Here are
5 significant
events that are coming up in 2023 that you should be planning for:
1. California Privacy Rights Act (CPRA) and other major US-based legislation coming into effect
2. New privacy regulations in China
3. Transitioning away from third-party cookies
4. Stricter requirements for cross-border data transfers
5. New directives coming out of the EU
Compliance has always been a challenge for businesses, considering that regulations are often highly complex, differ from country to country, and are time-consuming and costly to implement. But with the increasing volume of data collected by companies, the growing threat of cyberattacks, and the increasing awareness of customers, compliance is now a critical success factor for companies. The good news is that more and more businesses now agree that enforcing regulatory requirements more effectively is beneficial to their cyber resilience.
See how SMBs can get started with a compliance program in our
ebook.
Cyber Insurance
Cyber insurance is a type of insurance that covers businesses against cyberattacks, data breaches, and the costs associated with the recovery of data and damage to reputation.
Cyber insurance is already a significant investment for businesses and is often overlooked for the exact same reason. And this year, cyber insurance is predicted to become even more expensive. This is primarily due to the increase in cyberattacks.
'Cyber insurance will become more difficult to obtain and maintain. We expect cyber insurance premiums to increase, alongside deductibles, while we see the actual coverages and payouts for claims shrink', Randy Rose added.
This will make cyber insurance even more expensive for businesses, which will further drive them to cut corners or cut out cyber insurance altogether. However, completely ignoring the need for cyber insurance will not be the best course of action for a business as they will only incur more expenses in the event of a cyberattack.
Closing Thoughts - How Can Enterprises Prepare for the Future?
As cloud-based applications become more popular among businesses, and multi-cloud adoption set to become the norm, businesses will need to prioritize cloud security.
Cloud environments are still largely plagued by security misconfigurations and access control issues, data leakage and other such security risks. In fact, according to
Gartner, 80% of all data breaches are a result of security misconfigurations.
Identity and Access Management (IAM)
is another area of concern that businesses need to be mindful of in the coming year. As we move to newer authentication methods for cloud services, and more third-party partners, the number of potential access points and threats to valuable company data will only increase.
Wait, There's More..
These are just a few of the most significant new challenges businesses and security teams are about to face this year. As these new difficulties arise, businesses continue to look for solutions that will help them solve existing problems. Among such threats, here are a few that should be on your radar this year:
Securing remote workers continues to be a concern for most organizations today. A recent
study found that nearly 25% of the American workforce is going to be remote by the end of 2023. That means that businesses will need to find a way to stay secure in a borderless work environment.
Supply chain attacks will increase in 2023 and beyond is the single most extensive prediction for 2023, according to
Security Week's Cyber Insights 2023 on Supply Chain Security. This threat will continue to grow as businesses become more reliant on third parties to grow faster.
Last but not least, businesses will continue to face the growing skills shortage in cybersecurity. To understand this more clearly, and learn how to retain cybersecurity talent, head over to our blog post -
Bridging the Divide: Understanding the Cybersecurity Skills Gap.
Conclusion
So, what does all of this mean for businesses?
According to the WE Forum's
Global Security Outlook 2023, Professor of Cyber Security at the University of Oxford, Sadie Creese, says that “We need to accept that this is really about cyber resilience. There is no such thing as a hundred percent security. It's about resilience in the face of insecurity.”
A good security posture is not simply about keeping the bad guys out, it's about having the processes and tools in place to enable you to deal with the threats that do get in.
To know more about cybersecurity trends in 2023, check out our
blog on the same.
How Can Threat Intelligence Help?
At Threat Intelligence, we understand the importance of staying updated on cybersecurity trends and the need to get ahead of these trends before they start affecting your business. Our enterprise-grade solutions are designed to meet the evolving demands of your business while keeping you and your customers safe. To know more about how we can help you,
schedule a consultation with one of our cybersecurity experts today.
