The year 2022 was when the world largely emerged from the pandemic and woke up to a number of changes in the overall business landscape. Commerce had become more digital. Working from home had been normalised. A number of physical assets had merged with digital, artificial intelligence had made its inroads into businesses, and cyber risks stemmed from the Russia-Ukraine war.
What this all means is that cyber security has become riskier, costlier and more complicated for businesses. Let’s look at four cyber security challenges I believe organisations should prepare for in 2023:
1. More Cyber Attacks and Breaches
This likely doesn’t come as a surprise. In 2021, a number of major brands fell victim to ransomware, and 2022 was a record year for cyber attacks and breaches. The fact is, it doesn’t matter if you’re in the public or private sector; in 2023, I believe that, in addition to ransomware and breaches, the world could witness another evolution of cybercrime-as-a-service where cyber mercenaries are hired to carry out sophisticated attacks and breaches on behalf of rogue nations, “hacktivists” and criminal-minded networks.
2. The Supply Chain Risk Bubble Bursts
Businesses might not realise it, but many of them have already moved out or are in a process of moving out their critical information and infrastructure to third parties. As businesses move their data and infrastructure to the cloud and increase their reliance on third-party software applications and service providers, they are significantly increasing their risk of cyber attacks and breaches from third parties. Over the past three years, there’s been a 742% growth in software supply chain cyber attacks, and experts are already predicting attacks on open-source and commercial software to continue rising in 2023.
3. Attackers Poison the Data Well
If one thinks about the way businesses will be using data in 2023 and beyond, we’re likely to see AI and predictive analytics playing a major role. I predict we will be exponentially producing data thanks to technologies such as the Internet of Things, Industrial Internet of Things, edge computing and 5G. We’ll be producing data in a whole range of different environments as well, including in our homes, on the go, in the office and through supply chains. In this new environment, I expect businesses to become more dependent on the integrity of that data to make decisions. Adversaries and cyber-criminals know that, so addressing cyber risk will not only depend on the confidentiality and availability of data but also the integrity of it.
4. The Never Normal
As security teams recover from 2022 and move into 2023, things will likely begin to pile up, including cyber security and supply chain considerations, ethical considerations and regulatory mandates (e.g., storage and use of personal data, use of AI, etc.). This continuous challenge is what the “never normal” is all about.
The “never normal” is also about companies being in a constant state of evolution and transforming all areas of the business to have an agile security strategy. It’s about having a security strategy that can adapt to the direction the business is headed in. It’s about how security teams need to preserve all the different pieces of the security pie that are in line with what the business needs. It’s about adapting security around the macro cyber security environment and where the markets are taking us from an economic and trade standpoint.
How can organisations tackle these cyber security challenges?
While security isn’t a one-size-fits-all solution, there are some broad strategies organisations can leverage to tackle these emerging cyber security challenges:
1. Adopt a cyber resilience framework
Cyber resilience means that organisations are prepared to deal with the inevitable. Identify and prioritise critical assets as they evolve, continuously stress-test the environment and consistently improve your breach-response capabilities. Develop situational awareness and monitor what’s happening across different environments and attack surfaces…