We are not going to refer to these as “Predictions” for cyber security in 2023, as in reality, these are all things organisations are currently having to manage.
However, these are some of primary threats that organisations of all sizes need to consider.
Ransomware: Ransomware attacks are expected to continue to be a major threat in 2023, as attackers continue to develop new and more sophisticated methods for delivering and executing ransomware. This is a lucrative business model for them, and that does not look like it is slowing down.
Cloud security: Cloud adoption is through the roof, and more organisations are migrating away from on-premise solutions. Cloud security is expected to become a major concern in 2023. This includes threats such as unauthorised access to cloud resources, data breaches, and misconfigurations.
Internet of Things (IoT) security: As the number of IoT devices continues to grow, IoT security is expected to become a major concern in 2023. This includes threats such as insecure device configuration, weak authentication, and an ongoing lack of software updates.
Supply chain attacks: Supply chain attacks are expected to become more common in 2023, as attackers target vulnerabilities in the software and systems used by organisations’ suppliers and partners.
Artificial intelligence (AI) and machine learning (ML) security: As AI and ML are increasingly used in cybersecurity, the security of these technologies is expected to become a major concern in 2023. This includes threats such as model poisoning, adversarial examples, and bias. In parallel, attackers are turning to AI to help them craft their attacks and evade security controls.
It can be difficult for organisations to know where to start with all of these and the risks they represent to businesses. However, there are existing practices that help reduce the risks associated with these threats.
Implement Multi-Factor Authentication: Using MFA can help reduce the likelihood of external compromise through exposed user credentials or brute force attacks. However, the type of MFA used needs to be considered, as attacks are utilising MFA fatigue attacks to gain access, submitting multiple requests trying to convince users to click approve to make the prompts go away.
Back up your data: Ensuring you have a tried and tested backup of your data, reduces your need to pay a ransom to get your data, and services, back.
Review Cloud Security Settings: Many cloud providers have best practices for securing their services. Review these against the needs of your business.
Patch or Segregate: Ensure your systems are patched and up-to-date. If you cannot patch them, segregate them from the rest of the network and services, limiting internet access.
Categorise and Assess your Third-Parties: Suppliers should be categorised based on the risks they present to your business, such as how critical they are to you and what data or access they have. Review their security maturity and work with them to remediate any issues.
Talk to us today. We can help!