Top Cybersecurity Trends | Spiceworks 1
Cybersecurity will continue to be a major focus for company leaders as they bolster their digital defenses in 2023 and beyond. Taylor Hersom, founder & CEO of Eden Data, shares the top cybersecurity trends for 2023.
Several factors will influence how corporate leaders strengthen their digital defenses in 2023, and cybersecurity remains a top priority. Ransomware attacks are rising, zero-trust models are becoming more popular, and there are more state-sponsored attacks than ever before because of the ongoing conflict in Ukraine.
More companies are using online technologies to automate their operations, which has resulted in an abundance of data on the internet. However, moving online brings a pandora’s box of internet security risks, including data breaches and theft—this is common for small businesses, individuals, and big companies alike. Over 90% of data breaches in Q1 2022 resulted from cyberattacks.
Those in charge of security and risk management are at a turning point as a company’s digital footprint grows, rendering centralized cybersecurity control useless. Consequently, new threats have been posed by the hybrid labor trend and digital business operations in the cloud. Meanwhile, sophisticated ransomware, cyber-attacks on the digital supply chain, and deeply ingrained weaknesses have revealed technical gaps and a lack of skilled workers to combat the challenge.
Understanding the key tendencies in the cybersecurity world can help individuals better confront emerging dangers and advance their roles. Let’s dive into what those trends are.
The most common security risk facing the IT industry is phishing attempts, with many people still falling for phishing emails. Hackers utilize increasingly sophisticated techniques to generate well-executed business email compromise attacks (BEC) along with malicious URLs. Hackers have enhanced their sophistication by starting to investigate.
At the same time, attackers have become more sophisticated with their methods. They have started investigating potential victims to gather the information that will increase the likelihood that their phishing assaults will be successful as they strive to make them more targeted and effective. One method attackers use to test email addresses and see who would react is bait attacks.
According to a recent report, around 35% of the 10,500 firms examined were the subject of at least one bait attack in September 2021, with one of these messages arriving in an average of three different mailboxes per business. Additionally, between August 2020 and July 2021, corporate assaults on infrastructure, transport, financial services, and other organizations accounted for 57% of all ransomware attacks, up from only 18% in their 2020 research.
Luckily, filtering technology has improved significantly. Emails typically originate from a trustworthy source such as a Gmail account and include no malicious payload. This is why it’s crucial to educate staff to recognize attacks clearly and not reply. Defense based on AI is far more effective. To be able to defend against such assaults, it makes use of information that has been gathered from a variety of sources, including communication graphs, reputation systems, and network-level analyses.
The Digital Supply Chain Problem
A supply chain assault occurs when the products, services, or technology a vendor provides to a client has been hacked, posing a danger to the customer base. This could be in the form of a supplier’s email account being used fraudulently for social engineering purposes or to raise the likelihood of malware infection. More complex attacks can make use of a supplier’s network’s privileged access to breach the target network.
One such example came from the software provider, SolarWinds, who learned of a supply chain assault on one of its software systems in late December. The attackers modified signed versions of the supplier’s software with malware, which they then exploited to infect 18,000 private businesses and government agencies. Once it was installed in the target environment, the virus spread across a greater attack vector.
According to Gartner, by 2025, three times as many firms as in 2021 could face assaults on their software supply chains. To prioritize digital supply chain risk and put pressure on suppliers to show security best practices, security and risk management professionals must work with other departments.
The Cybersecurity Mesh and Distributed Approach
Whether assets are on-site, in data centers, or in the cloud, a dispersed company can deploy and integrate security using the cybersecurity mesh method: a contemporary conceptual approach to security architecture. By implementing a cybersecurity mesh architecture, businesses can minimize the cost-effectiveness of individual security events by an average of 90% in the next few years.
The concept will become even more crucial as more businesses transfer their activities to cloud infrastructures and multi-cloud environments. Cybersecurity meshes are structurally composed of several layers of security controls that cooperate to shield a company from various dangers, including malware, viruses, phishing attacks, and others. In theory, a mesh can offer better IT security and protection from cyber threats the more levels it has.
Typically, a cybersecurity mesh is built by combining several distinct technologies, including on-premises firewalls, cloud-based security services, and externally managed security service providers. These solutions may be used in conjunction with one another to cover every aspect of the organization. In contrast to conventional point solutions, the objective is to achieve continuous visibility into traffic across the whole network, which offers superior protection.
To support the goals of the digital company, and with the growing workload falling under the singular position of a Chief Information Security Officer (CISO), leading businesses have moved towards creating CISO offices to support dispersed cyber decision-making. While cybersecurity executives are positioned in various corporation sectors to decentralize security choices, the CISO and the centralized function could still be in charge of setting policies.
It’s imperative to remember that most data breaches still involve human mistakes, proving that conventional methods of security awareness training are still inadequate. With the right budget in place, modern businesses must move away from old-fashioned compliance-based awareness efforts in favor of comprehensive behavior and culture change initiatives that encourage safer working practices.