4 Big Cyber Risks in 2023, and How Best to Prepare for Them
Right now, 2023 is a blank slate. While the last few years have shown us we can never plan for all scenarios, understanding current cybersecurity challenges can help you prepare for next year.
When you know what is likely on the horizon, you can be ready to meet future challenges. You can create a budget with money allocated to critical areas and hire staff with the skills to combat expected threats. Perhaps most importantly, you can also begin training your staff to prevent common attacks.
Many security professionals have noted some of the biggest threats organizations will likely face in 2023. Here are the four top cybersecurity threats to be aware of in 2023 and, most importantly, how to prepare for them.
Large global enterprises and critical infrastructure organizations know they are attractive targets for cybersecurity criminals and spend a lot of time and money reducing those risks. It’s tempting for everyone else to assume they are too small to be a target. While that may have once been true, it’s no longer the case. In fact, most of the businesses that experience cyberattacks are small to medium-sized companies. Ransomware attacks now focus on how much the business will pay — not the organization’s size.
Businesses that assume they won’t be breached are far more likely to find themselves in that very situation. When you think you aren’t at risk, you don’t devote the resources, money and training to protect your business. Every single organization should assume that becoming the victim of a cyberattack is a “when, not if” situation — and then make the business decisions to stay protected, regardless of your size or perceived value to cybersecurity criminals.
All businesses rely on other companies for products and services. Unfortunately, you also inherit every single cybersecurity risk and vulnerability of your supply chain. While you can control what happens in your own infrastructure, there is no control or even visibility into what is happening with your vendors. According to the IBM 2022 Cost of a Breach Report, 19% of all breaches are supply chain attacks. The average cost of a supply chain compromise was $4.46 million, slightly more than the average cost of a breach.
Despite these challenges, you can still take steps to protect yourself. Start with a cybersecurity audit of all vendors to fully understand the risks of each one. When deciding to do business with a vendor, consider the amount of risk your organization is willing to accept. Next, you can use a zero trust approach to limit the damage of a supply chain attack. By only providing vendors with the accesses necessary for business purposes, you can limit the amount of possible damage. For example, when you use micro-segmentation, vendors and their products can only access the absolute smallest portion of the network possible. If malicious code is delivered in a software update, the damage will be limited to that tiny portion of the infrastructure.
Instead of individual groups targeting organizations on their own, cyber criminals are banding together. This means that criminals share expertise, resources and insider knowledge. For example, Ransomware-as-a-Service is now on the market. Groups are selling their ransomware for a cut of the profits, giving more criminals access to the best hacking tools in the world.
There is power in numbers, and cyber criminals are now taking advantage of that fact. This isn’t an easy challenge to overcome. As a result, organizations need to keep cybersecurity a top business priority. As threat actors work together, arrests and disbandments will not prevent groups from re-forming or passing their knowledge on to others. Threats will only increase — in number and sophistication — as these collaborations continue.
In the past, cybersecurity focused on protecting the perimeter and then reacting to attacks. This strategy is no longer effective. With hybrid and remote work, there is no longer a set perimeter to defend. Additionally, the increasing number and sophistication of attacks make it nearly impossible to stop all threats. Organizations that are still in reactive mode are fighting a losing battle.
It’s not easy to change decades of mindset and infrastructure, but moving from a reactive to a proactive approach has multiple benefits. With this mindset, organizations can even prevent many attacks from happening in the first place. Using a zero trust approach, you can reduce non-credentialed or stolen credentials users or devices from accessing the network. And if someone slips through, you can significantly reduce the damage they cause. Organizations without a zero trust approach experienced $5.40 million in average breach costs — more than $1 million higher than the global average, according to the 2022 IBM Cost of a Breach Report.
No doubt 2023 will have its own share of surprises. There will be new threats, new technology and new business challenges that we may not see coming. But when you’re prepared for the majority of risks, it’s easier to make the changes needed when surprises occur. If you proactively plan for everything you possibly can, you’ll only react to the unexpected.
The last few weeks of the year are busy — really busy. But by taking the time to review your current plans for 2023 and consider your vulnerabilities and risk, you can make sure that your organization is prepared for whatever 2023 brings.
Jennifer Goforth Gregory is a freelance B2B technology content marketing writer specializing in cybersecurity. Other areas of focus include B2B, finance, tec…
4 min read – As with many other aspects of life and business, 2022 held fewer overall surprises in cybersecurity than in recent years — thank goodness. Instead, many trends brewing over the past few years began to take clearer form. Some were unexpected,…
5 min read – 2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets…
3 min read – The White House’s National Security Council (NSC) is working on an ambitious project to improve consumer Internet of Things (IoT) security through industry-standard labeling. If successful, the labeling system will replace existing frameworks across the globe. Modeled after the EPA’s…
Recently, the U.S. government has focused on increasing cybersecurity in industries that are vital to the country. After the Colonial Pipeline ransomware attack shut down a critical fuel pipeline, which led to significant gas shortages, officials realized the importance of protecting the U.S. infrastructure. In response to the growing threat, leaders put the spotlight on fortifying the security of those industries. President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022. The Act affects…
On October 5, 2022, a newly unsealed federal grand jury indictment charged Ukrainian national Mark Sokolovsky, 26, for his alleged role in a global cyber operation known as Raccoon Infostealer. For years this malware has infected millions of computers, compromising at least 50 million credentials across the globe. Racoon Infostealer Operator Awaits Extradition As of late October, Sokolovsky was being held in the Netherlands awaiting an extradition request by the United States. As per the DOJ, Sokolovsky is accused of…
The Pentagon plans to implement a zero trust architecture across its entire enterprise by 2027, according to DoD CIO John Sherman. “What we’re aiming for is by 2027 to have zero trust deployed across the majority of our enterprise systems in the Department of Defense in five years,” Sherman said at a recent FedTalks keynote presentation. “That’s an ambitious goal for those of you familiar with zero trust, but the adversary capability we’re facing leaves us no choice but to…
From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to an advanced cyberattack on a Defense Industrial Base (DIB) organization’s enterprise network. During that time frame, advanced persistent threat (APT) adversaries used an open-source toolkit called Impacket to breach the environment and further penetrate the organization’s network. Even worse, CISA reported that multiple APT groups may have hacked into the organization’s network. Data breaches such as these are almost always the result of compromised endpoints…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.
4 Big Cyber Risks in 2023, and How Best to Prepare for Them – Security Intelligence
