Cyber

Predictions for 2023

by Mark Rowe

Richard Walters, CTO of the cyber firm Censornet, sees 2023 as the year that geopolitical and economic clouds collide to create the ‘perfect storm’ in cyber crime.

One thing is clear as we enter 2023: criminal and state actors operate outside of regulatory frameworks. Over the last year, we’ve seen an unstable geopolitical situation drive a rise in state actors. Russia and its neighbouring countries are seen as the worst and most aggressive offenders, according to the National Cyber Security Centre (NCSC). At the same time, a blind eye is often turned to cyber activity in these countries, where policing structures lack focus on tackling cybercrime.

To slow down the spread of ransomware, there needs to be a move away from data protection and privacy discussions. Instead, we need a renewed focus on global partnerships and cooperation. Progress has been made but international agencies still need to interact, share, and cooperate faster and better.

Mid-market

The top targets for ransomware remain larger organisations in the education and healthcare sector. However, the mid-market is also coming under growing levels of attack. For too long, many have failed to recognise their supply chain vulnerabilities. Or, operated in the belief that they’ve got nothing worth stealing. However, cyber – in particular, ransomware – has become a systemic risk for companies of all sizes.

In 2023, the threats that the mid-market face will be the same threats that enterprises face. The difference is the reduced availability of internal resources, budgets, and expertise to manage these risks. To protect themselves effectively, mid-market companies will increasingly need to recognise their security challenges and look for security platforms that simplify protection. In particular, platforms that make complex technologies more affordable, accessible, and easy to implement and maintain.

Artificial intelligence (AI), machine learning (ML), Operational Technology (OT) and Internet of Things (IoT)

We now live in an age where we can’t trust anything we see or hear. Algorithms can mimic tone of voice and create highly targeted phishing or social-engineered attacks that have much higher success rates. New image generation technology has led to the rise of deep fakes. Governments need to recognise the problem and regulate the release of powerful algorithms into the public domain. While some AI and ML technology is beneficial to the public, it is also incredibly dangerous in the wrong hands. Control over AI and ML technology is escaping, and the law needs to catch-up quickly before the problem gets out of control.

It’s also becoming clear that businesses are failing to learn the lessons of the past. At the turn of the century, insecure wireless routers were plugged into office networks because it was convenient. Yet it compromised security and gave unauthorised users access to computer networks. Now businesses are introducing insecure IoT and OT devices into the IT environment without enough consideration. The reality is that security is often an afterthought for the organisations producing these powerful connected devices. In 2023, we urgently need to see international standards that regulate and govern OT and IoT.

Economic concerns

Economic concerns will remain top of mind, while inflation is creating an environment where prices are getting out of control. In response, many businesses will be tempted to put new cyber projects on hold and compromise on levels of protection. For example, businesses tend to rely on ubiquitous solutions for email and phishing protection. With the high volume of emails sent today, there is recognition that no system can stop absolutely everything. Businesses have accepted a certain loss of efficacy due to concerns about the cost of change and the disruption it can cause. However, cybercriminals also recognise this. Malicious actors are writing phishing attacks and ransomware-as-a-service that has been deliberately designed to get past the most prevalent defences.

Over the next year, the threat landscape will continue to accelerate and become more dangerous due to the turbulent geopolitical landscape. This will drive businesses to question whether they should continue relying on existing large-scale providers to avoid the cost of change. Or, whether they should switch to specialist providers who can deliver a better level of protection.

Businesses will re-evaluate insurance

With the increasing volume of successful cyber-attacks has come an exponential increase in the cost of cyber insurance policies – with increasingly limited cover. Part of the challenge is that cybercrime remains the wild west. Threats are evolving rapidly, and businesses have varying levels of cyber maturity, with digital supply chains introducing new risk factors. All of which make it difficult to price risk and build a line of business that is effective and profitable for insurers.

As businesses battle inflation and a global downturn, many will start to weigh-up whether to invest less in cyber insurance. Instead, they may seek to reduce their risk exposure by introducing preventive controls that identify, protect and adapt to new threats in real-time.

About the firm

Censornet’s clients include Macmillan Cancer Support, Fever Tree, Radius Payments, Newlife Disabled Children’s Charity, National Portrait Gallery, Hallmark Hotels and Thatchers Cider. Visit https://www.censornet.com.

Related News

  • Cyber

    Predictions for 2020

    by Mark Rowe

    It’s approaching the end of year, a time for reflection and for asking; what will next year bring? Gerald Beuchelt, Chief Information…

  • Cyber

    Costs of a breach

    by Mark Rowe

    For UK senior executives who admit their organisations have suffered at least one significant cybersecurity breach within the past two years, the…

  • Cyber

    IoT top target

    by Mark Rowe

    IoT devices – estimated to soon number in the billions – are now cybercriminals’ top attack target, surpassing web and application services,…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing