In recent years we have seen the topic of cyber security move from the IT department to the boardroom. As attacks have proliferated and the potential penalties, both regulatory and in terms of loss of customer trust, have increased, it has become a priority at every organizational level.
We often think of cybersecurity as an ongoing battle between hackers and criminals, and security experts, which is constantly escalating due to constant advances in technology. This is the “glamorous” side of the business that we sometimes see depicted in TV shows and movies. And indeed, threats sometimes come from hostile foreign states or devious, tech-savvy criminal masterminds. However, threats are just as likely to emerge due to improperly secured networks leaving sensitive data accidentally exposed, or unwary or indiscreet employees using non-secured devices while working from home.
A shift to a culture of home and remote working that started during the Covid-19 pandemic and has persisted in many organizations, as well as the spread of the internet of things (IoT) into every area of business and society, means there has never been more opportunity for lax security to cause headaches and expense. Because of this, cybersecurity is top of everyone’s agenda in 2023, so here’s a look at some of the key trends in 2023:
Internet of Things and cloud security
IoT devices – ranging from smart wearables to home appliances, cars, building alarm systems and industrial machinery – have often proven to be a bugbear for those with responsibility for cybersecurity. This is because, as they are often not used to store sensitive data directly, manufacturers haven’t always been focused on keeping them secure with frequent security patches and updates. That has changed recently, as it’s been shown that even when they don’t store data themselves, attackers can often find ways to use them as gateways to access other networked devices that might. Today, for example, you’re less likely to find a device shipped with a default password or PIN that doesn’t require the user to set their own, as was frequently the case in the past.
In 2023, a number of governmental initiatives around the world should come into effect designed to increase security around connected devices, as well as the cloud systems and networks that tie them all together. This includes a labeling systemfor IoT devices set to be rolled out in the US to provide consumers with information on possible security threats posed by devices they bring into their homes.
Work-from-home cybersecurity becomes a priority for businesses
Connecting to networks with non-secured devices can lead to employees unwittingly falling victim to phishing attacks, where attackers trick users into divulging passwords. With more people working remotely, it’s increasingly likely we may find ourselves working in teams where we don’t know each other as well and are at risk of falling for impersonation scams. It also enables ransomware attacks, where software is injected into networks that erase valuable data unless users pay a ransom to attackers. The risk of this also increases in remote working situations, where it’s more likely that devices may be left unattended.
International state-sponsored attackers target businesses as well as governments
Since the 2017 WannaCry ransomware attack, believed to have been perpetrated by hackers affiliated with the government of North Korea, there have been hundreds of thousands of attacks on servers all around the world that security agencies believe can be traced to foreign governments.
In 2023, more than 70 countries are due to hold governmental elections – events that are frequently a target for attack by hostile foreign interests. As well as hacking and cyberattacks on infrastructure, this will take the form of disinformation campaigns on social media. This often involves seeking to influence the results in favor of political parties whose victories would benefit the government of the hostile state. And cyber warfare will undoubtedly continue to form a key element in armed conflict, with one analystsaying of the Russia-Ukraine war that “Digital is an important a part of this war as is the fighting on the ground.”
Artificial intelligence (AI) plays an increasingly prominent role in cybersecurity
Unfortunately, thanks to the ever-growing availability of AI, hackers, and criminals are growing increasingly proficient at using it too. AI algorithms are used to identify systems with weak security or that are likely to contain valuable data among the millions of computers and networks connected to the internet. It can also be used to create large numbers of personalized phishing emails designed to trick receivers into divulging sensitive information and become increasingly good at evading automated email defense systems designed to filter out this type of mail. AI has even been used to artificially “clone” the voice of senior executives and then to fraudulently authorize transactions!
This is why the use of AI in cybersecurity is sometimes referred to as an "arms race," as hackers and security agents race to ensure the newest and most sophisticated algorithms are working on their side rather than for the opposition. It’s been predictedthat by 2030 the market for AI cybersecurity products will be worth close to $139 billion – a near tenfold increase on the value of the 2021 market.
Building a security-aware culture
Phishing attacks rely on “social engineering” methods to trick users into divulging valuable information or installing malware on their devices. No one needs technical skills to learn to become aware of these types of attacks and to take basic precautions to avoid falling victim. Likewise, basic security skills like the safe use of passwords and developing an understanding of two-factor authentication (2FA) should be taught across the board and continually updated. Taking basic precautions like this to foster a culture of cybersecurity awareness should be a core element of business strategy at organizations that want to ensure they build resilience and preparedness over the coming 12 months.
To stay on top of the latest on new and tech, Microsoft, cybersecurity trends, make sure to subscribe to our newsletter.