New Year, new priorities – does this also apply to cyber security?
Not really, but it is a good time to take stock and learn from recent trends in order to direct the focus for the immediate and near future.
The risks and trends we face are a continuum of what we experienced during 2022.
Keep reading to find out more about the top cyber security trends you can expect in 2023 and some advice to set your cyber security priorities.
Expect more software supply chain attacks
The supply chain has always been an Achilles heel for larger businesses, whereby smaller supply chain partners with fewer cyber security resources do not have adequate systems in place.
A growing trend in supply chain attacks is the software vendor and, in many instances, size doesn’t matter.
Oftentimes, software suppliers either have been breached or had a code vulnerability exploited, resulting in millions of devices being exposed to attack. Some sophisticated attacks, such as Kaseya or SolarWinds, involved malware being propagated as legitimate code via software updates. Microsoft vulnerabilities in Windows OS and Exchange have consistently been exploited.
According to Blackberry research:
- 80% of IT decision-makers stated that their organisation had received notification of an attack or vulnerability in its software supply chain in the last 12 months.
- The operating system and web browser were most affected.
- 59% experienced significant operational disruption
- 58% experienced data loss
- 52% suffered reputational damage
- 90% took up to a month to recover
More sophisticated ransomware attacks are on the cards
The cyber attacker’s mantra is to always look for new technology, techniques and procedures to exploit systems and compromise information.
They only need to be one step ahead of the system or rely on the user to make a mistake or delay doing something that they should have done, like patching. Hackers have the same resource to exploit systems as we do to protect our systems, so it is a real struggle to stay one step ahead of them.
Technology is evolving all the time and while emerging technologies such as quantum computing promise considerable productivity boosts for business, it also promises a massive increase in resources and scale of infrastructure available to the hackers.
Considering £4.10 million was the average cost of dealing with a ransomware attack in 2022, and that, on average, it took 237 days to even identify an attack, we can expect these numbers to increase as technologies like quantum computing become more easily accessible to organisations and hackers alike.
Increasing vigilance and proactivity are a must for those responsible for protecting business assets – namely all of us.
Make the most of your IT resources by adopting zero trust
There is a global shortage of over 1 million cyber security professionals, and it is getting worse. This means that businesses are struggling to apply the basics in terms of implementing and managing cyber security. Never mind viewing, interpreting and actioning system alerts or policy/governance changes.
One way to mitigate as many threats as possible is to adopt a zero trust strategy and protect systems by minimising access and privileges from the off. This will reduce the likelihood of being attacked and may well reduce the number of system alerts that you get – many of which are ignored due to lack of resources or expertise.
Better incident response and emergency communication systems
Because a successful attack is inevitable, businesses need to have well-rehearsed plans in place for this eventuality. The plans need to inform how businesses should respond to an attack as well as allocate key responsibilities.
One very important element of the plan is communication – communicating with staff, customers and other stakeholders, such as the ICO.
MFA needs to be the default
SIM swapping is seriously compromising phone based 2FA that relies on an authentication code similar to online banking security.
Recall that last year the Cisco Talos Cyber Security division was breached by such an exploit in the early hours of the morning when the user was likely in the twilight zone.
The lessons being learned from the many other exploits is that MFA must use device authentication and minimum privileges as entry level security. Where possible, organisation should enable more sophisticated mechanism, such biometrics or behaviour-based authentication.
Leveraging Machine Learning and Artificial Intelligence
Automation and integration will be necessary to make products work together, providing contextual information that is more relevant and reducing the number of false positive alerts.
In excess of 50% of security alerts are ignored because businesses do not have the resources to investigate them.
Machine learning and AI is already being deployed extensively throughout the IT software and services ecosystem. Some use cases of machine learning and AI in cyber security include:
- Cyber Threat Identification
- AI based endpoint protection – benchmarks machine and user behaviour and identifies anomalies
- Fighting ML/AI threats propagated by hackers
- Email monitoring to detect fraud and phishing
Cyber security defence solutions are increasingly incorporating ML/AI technology to keep apace with threats and eke out ahead of the curve. The most advanced threat defence systems use ML/AI to fully automate detection and response to threats.
Businesses looking for cost-effective solutions
Cost effective cyber security solutions will gain more prominence as a consequence of the economic crisis. Businesses will look seriously at getting more value for their money while avoiding compromising on business security, which is now considered as a significant business risk.
However, according to a survey by Capterra, investment in cyber security continues to be a top priority for UK businesses, with nearly 3 in 10 decision-makers identifying managing and preventing cyber threats as one of the biggest challenges in 2023.
Continued growth of phishing
Phishing is a low-cost form of cyber exploit which is still bearing fruits for cyber attackers. It will be a leading factor in compromising identity and gaining access to networks.
Businesses need to take greater steps to protect against phishing, including relentless training of staff.
Apple is becoming more of a target
MACs are no longer immune from cyber attacks. Well, they weren’t immune in the first place, but they were definitely less prone to attacks than Windows devices. Hackers are now offering cross-platform attack frameworks also targeting MAC devices. This is dramatically changing the cyber security landscape for MACs, calling for less complacency and a more rigorous cyber security protection strategy for MACs.
Apple have already started to respond by being more aggressive in encouraging enterprises to patch their devices within 90 days of patch releases.
Your cyber security priorities
The cyber security landscape is constantly changing and businesses need to stay informed on current trends to mitigate the risks against these.
We can see that trends that started to emerge in the last year gain strength and pose a bigger challenge.
However, some basic principles still apply. Having data backups, providing staff awareness training and being prepared to respond to a security event will always be top priorities for businesses that want to increase their cyber resilience.
We can help you secure your business and protect your data, no matter the threat landscape. Get in touch today for a no-commitment quote.
Read our latest insights
In the fast-paced world of business, efficiency and productivity are paramount. Advancements in technology have revolutionised the way we work, providing a plethora of tools
Have you started business planning for 2024? The last few months of the year can get hectic, between trying to close out the end of