If the past 12 months are anything to go by, the biggest cybersecurity prediction for 2023 is to keep the hatches battened down and prepare for the worst.
In 2022, the number of data breaches went up by 167% in the third quarter compared with the second, and the average cost of a data breach rose to $9,44-million, up from $9.05 million in 2021. These numbers from Statista paint a picture of security threat and risk that organisations cannot afford to ignore.
Fortunately, as Martin Potgieter, CIO at Nclose, points out, it has also kickstarted a new trend in cybersecurity – companies are paying attention.
“Organisations have stopped thinking that the attacks are going to happen to someone else and started to think about how to put defences in place,” he says. “It used to be very difficult for security teams and professionals to get through to decision-makers. Now, people are listening, and they are asking the right questions – how can they embed security, what security is the best fit for their business, and how can I train my people?”
This is a good step in the right digital direction, particularly in light of how the other trends for 2023 cybersecurity are shaping up. The first being the rapid increase in successful two-factor authentication (2FA) hacks. Originally touted as the saviour of the weak password, 2FA has now become a cat and mouse game.
“Hackers have found smart ways of bypassing 2FA,” says Potgieter. “One way is to bombard the user with 2FA requests until they get annoyed and accept them, providing the hackers with the information they need to get into the system. Regardless of the hack methodology, it’s clear today that the business cannot rely solely on 2FA.”
Another trend, largely triggered by the ingenuity of the hackers in getting past users, is to increase user training and awareness. Companies have come to realise that the human firewall isn’t that great. Stolen passwords, user error, poor passwords – these are the most common causes of successful attacks on the business which means that users need constant training to remind them of the risks. Hackers are going to continue trying to find ways of exploiting users and companies will have to keep up to keep them out.
“Ransomware, of course, is going to stay prevalent and top of mind in 2023,” says Potgieter. “The attackers are shifting their approaches and methodologies as systems become more secure and intelligent. In the past, hackers would break in, encrypt everything and take a copy of the data and then demand a ransom to decrypt it. Now, they are going straight to stealing the data extorting the victims – it involves less risk with a lower chance of being detected and potentially easier profit.”
In addition to the changing security threat approaches, there is another issue that Potgieter feels important to address – unemployment. The oncoming recession and ongoing economic challenges may see more people turn to cybercrime to make a living and this could result in increased attacks and a far more volatile landscape.
“The upshot is that companies need to be far more vigilant going into 2023 than ever before,” he concludes. “The cybercrime market is rich and evolving with criminals taking advantage of any flaw, vulnerability or mistake that they can. The profit in a hack is high, so the crime won’t stop. Companies have to prepare for the worst and expect the worst, and this means investing into security that can evolve with the business, the threat landscape and the trends.”