Your essential 2023 cyber security trends review
Philip Ridley, Head of Cyber Security at IntaForensics gives his take on the key cyber security trends that could impact your business in 2023.
Trend 1 – ransomware attacks move up the food chain
The increasing threat posed by ransomware continued throughout 2022 but with one big difference. Cyber criminals began attacking larger organisations alongside their typical targets of smaller firms.
Why the change? Because small businesses are less likely to be insured for ransomware and may not be able to afford to pay. So attackers are also focusing on bigger firms that are more likely to be able to pay larger sums. I predict that we’ll continue to see more of these kinds of attacks in 2023.
Trend 2 – the professionalisation of cyber crime
Cyber criminals used to be seen as spotty teenagers in hoodies typing away in their mum’s basement. The reality is that cyber attackers are becoming a lot more professional and even specialised. For example, some attackers will only carry out the first part of an attack, gaining initial access and then – like an insurance broker – selling the data on to another group to action.
This professionalisation has taken the criminal IT industry to new heights over the past few years. And I’m confident that it’s a trend that will escalate into 2023.
Trend 3 – new technologies continue to offer new opportunities for cyber crime
The latest tech buzzword is AI. As with all new technologies, if cyber criminals manage to get hold of these AI frameworks, they have the potential to be exploited.
I could see criminals scaling up the human interface elements of a cyber attack. So instead of having a human bashing away at a keyboard, the cyber criminals can ask evil AI to run a ransomware campaign, generate a well written email and ask it to be sent to large numbers of people.
At the moment, the AI is very tightly guarded. But as more of it becomes open-source and available I do think we’ll see some attackers try to leverage it.
Trend 4 – quantum computing and encryption
A lot of our communications and data are secured using encryption. But there are fears that if somebody comes up with a functional quantum computer it would render all our current encryption obsolete.
The risk in this arena comes from unfriendly states who have research programmes in this area. If they crack the quantum computing Da Vinci code they would have the capability to spy on any state, business or individual.
There’s a lot of work around quantum proof encryption so this is very much an emerging area for 2023 and one to watch over the long term.
Trend 5 – increased cloud migration security risks
Dialling it back from the fantastic world of future technologies, over the last few years, cloud migration has been a hot topic. A lot of businesses worked under the assumption that because their data was in the cloud, its security was taken care of by the cloud provider.
But if you read the small print of your cloud contract it clearly says businesses themselves are responsible for security.
Smaller organisations in particular might not realise what is available to them under the hood. We often deal with customers who’ve had security issues with their cloud solutions simply because they didn’t enable the security features. As increasing numbers of businesses go cloud first, I think we’ll see more of these issues.
Trend 6 – zero trust and proactive cyber security
We’ve seen a step-change in security during 2022 with a lot of our customers shifting from reactive to proactive. This has been a very positive change. Something that I think will continue into 2023 with more people wanting to get ahead of the curve.
This tendency towards more proactive IT security links to the zero trust trend I’m seeing. Originally championed by Google, as the name suggests, you don’t trust anyone outside or inside your organisation to access resources without sufficient proof of identity.
In 2023, I expect the model of zero trust to start maturing with firms asking:
- What does zero trust mean for me?
- Is it a model that suits my business’s way of working?
- And if it does, what do we need to do?
- How do we implement it without impacting productivity and effective data sharing?
Cyber security is a never-ending battle between criminals and their victims. Keeping on top of the latest ways to secure your business continues to be as vital in 2023 as before.