What are the cybersecurity challenges that businesses can expect to face in 2023? Every year brings a new wave of cyberattacks as bad actors evolve their schemes to circumvent security measures and trick users. This look at what some security experts see as possible future problems for business cybersecurity can offer insight into some of the topics and threats that businesses need to stay on top of to stay out of trouble in 2023.
Read more cybersecurity news stories and in-depth analysis every Wednesday in The Week in Breach
Businesses & IT pros face a world of stress and uncertainty
We surveyed 675 IT professionals from around the world about their IT needs and perspectives for the Kaseya Security Insights Report 2022, gaining insight into their biggest concerns.
Security pressure on businesses and their IT teams won’t relent
About half of the businesses that we surveyed told our researchers that they have been the victim of a successful cyberattack or security breach (49%). For one in five of our survey respondents, that successful cyberattack or security breach occurred in the past 12 months. That’s a powerful illustration of the security pressure that businesses and IT professionals are under in today’s turbulent cybersecurity landscape – pressure we expect will continue to grow in 2023. It will be beneficial for security professionals to partner with a managed detection and response service through a managed security operations center (SOC).
Mitigating phishing risk will continue to be paramount for businesses
Over half of the survey respondents pointed to general phishing as their biggest security concern (55%). That squares with the current threat landscape where the nastiest cyberattacks like business email compromise tend to be phishing based. Ransomware, also often a phishing-based cyberattack, came in second place, with nearly one-quarter of our respondents naming it as their biggest security concern (23%). Overall, that tells us that 78% of IT professionals are extremely concerned with phishing risk. Strengthening email security by putting extra protection in place with an antiphishing solution in addition to the onboard security in Microsoft 365 or Google Workspace can go a long way toward mitigating phishing risk. However, only about half of businesses are doing that. MSPs have room to maneuver here.
Companies aren’t ready to face the consequences of a ransomware attack
In today’s volatile security landscape, businesses need to be prepared for trouble at any moment. Unfortunately, far too many businesses aren’t. Almost two-thirds of our survey respondents said they believe their organization would incur expensive downtime and suffer data loss if they fell victim to a ransomware attack (63%). For another 4%, the consequences would be even more dire – these respondents indicated that they’d “be in big trouble” if faced with a ransomware attack. Businesses must engage in incident response planning and prepare for the worst before it happens, including investing in solutions like SaaS/cloud backup and business continuity and disaster recovery (BCDR).
Learn the ins and outs of today’s wide variety of phishing attacks & how to stop them in Phishing 101. DOWNLOAD IT>>
Forbes Magazine predicts several 2022 trends will continue
Forbes Magazine has released its list of the top cybersecurity trends their experts are anticipating for 2023. Those predictions include:
Regulations may help solve some Internet of Things challenges
The general thinking here is that the more connected Internet of Things (IOT) devices someone has, the more avenues that offers attackers to strike. Gartner analysts predict that there will be 43 billion IoT-connected devices in the world in 2023. That’s a lot of possible attack vectors to exploit. A number of government initiatives around the world are expected to come into effect in 2023 that are designed to increase security around connected devices and the cloud systems and networks that tie them all together. In the U.S. that will take the form of stern warnings on IoT devices to inform users about the risk they present to security.
Artificial intelligence (AI) will steadily increase in prominence in cybersecurity
It’s no secret that AI has been transformative in the cybersecurity space. These technologies help companies solve major security problems, from adjudicating phishing messages to reducing It team workloads. Forbes predicts that this trend will continue, citing the tremendous savings that automation and AI enablement provides in the case of a data breach as one attraction of AI security. However, they also caution that the bad guys are also making use of AI to mount sophisticated attacks and even create deepfakes.
Strengthening a company’s security culture will continue to be important
A strong security culture, underpinned by regular security awareness training, is a powerful weapon against security incidents and cyberattacks. It reduces employee blunders, encourages regulatory compliance, and builds a foundation for avoiding future security pitfalls. In fact, companies that engage in regular training have up to 70% fewer incidents than companies that don’t train. Forbes says that “the most important step that can be taken at any organization is to ensure that it is working towards initiating and fostering a culture of awareness around cybersecurity issues.” Teaching employees to resist phishing doesn’t require teaching them any advanced technical skills. Getting everyone onboard with identity and access management controls like two-factor authentication and safe password habits is also critical for every employee.
Is your email security solution really getting the job done? This checklist helps you find out! GET CHECKLIST>>
Gartner analysts predict evolution in cyberattacks & defensive technology
In a recent article in Venture Beat, analysts at Gartner laid out some predictions for cybersecurity trends that they expect in 2023 including:
Supply chain risk and nation-state activity will be big topics
Analysts predict that supply chain risk will continue to be a problem for businesses. Adding another wrinkle, nation-state cybercrime may have some overlap with the supply chain attack problem. Experts point to an increased risk for malware, data theft and cloud infrastructure attacks for enterprises among other risks that can be categorized as resulting from continuing geopolitical cyber jockeying. Deploying access controls is suggested as a smart step to take for businesses that want to be ready for this kind of trouble.
Human-operated ransomware may haunt businesses
While the bad guys have been making strides with adding automation and AI to their cybercrime toolkit, the re-emergence of a more old-school cyberattack technique may also be just around the corner. Human-controlled cyberattacks like ransomware look set to cause problems and bad actors look for ways to circumvent increasingly tough security measures. Analysts advise that security teams need to be prepared to adapt their strategies to this scenario quickly. Bolstering security using solutions like endpoint detection and response (EDR) may help mitigate this risk.
Security automation will continue to grow in prominence
Just like AI, security automation is also continuing to grow in importance and value. Companies can turn to automation to alleviate the cybersecurity skills shortage and maximize their IT team’s productivity without making a huge upfront investment, an especially appealing prospect in an uncertain economy. While experts predict that the shift from generalized to more specialized security automation uses like EDR and Security Incident Event Management (SIEM) will continue, they also warn businesses to be selective about ensuring that they’re really making security improvements that they’re prepared to leverage when investing in new automated technology.
Get the guide that helps you detect dangerous BEC attacks & keep your company out of trouble. DOWNLOAD>>
Graphus is up to today’s email security challenges and tomorrow’s too
Graphus is the world’s first AI-driven email security solution that automatically protects organizations from email-based cyberattacks. The patented AI technology of Graphus creates a wall between organizations and cyberattacks, mitigating phishing attacks before it reaches their systems. It automatically monitors communication patterns between people, devices, and networks to reveal untrustworthy emails, making it a simple, powerful, and cost-effective automated phishing defense solution for companies of all sizes.
- Graphus blocks 99.9% of sophisticated phishing messages before they reach an employee inbox.
- Puts 3 layers of protection between employees and dangerous email messages.
- Seamlessly deploys to Microsoft 365 and Google Workspace via API without big downloads or lengthy installs.
- Provides intuitive reporting to help you gain insights into the effectiveness of your security, level of risks, attack types, and more.
- Future-ready and cloud-native
If you wish to know more about the Graphus platform, book a demo here.