Gazing into the crystal ball
There was no shortage of cybersecurity attacks in the news this year – Fast Company, Uber, Red Cross, and InterContintental Hotels, just to name a few. Then think of all the breaches, attacks, and threats we never heard about. According to Dataport, businesses around the globe face a ransomware attack every 11 seconds.
We saw a lot of both new and familiar types of cyber threats in 2022 and based on the latest trends, 2023 will introduce yet another chapter of cybersecurity-related challenges.
Five of our cybersecurity predictions for the coming year
1. Compromising Collaboration Tools.
While phishing attempts against personal and business email accounts are an ongoing threat already, in 2023 we anticipate cybercriminals will widen their phishing area to target business collaboration tools such as Slack, Google Drive, OneDrive, and Teams. With most organizations maintaining a remote or hybrid workforce in 2023, these tools provide a rich source of sensitive data. A significant amount of business is now done on instant messaging and collaboration channels. Organizations risk compliance and disaster protection unless data management practices catch up with the evolution of information sharing.
2. Increased Attacks on the Public Sector and Critical Infrastructure.
The public sector has become a favorite target for cybercriminals as US, state, and local government agencies have fallen prey to cyberattacks in recent years. Legacy security is proving ineffective against the growing legion of diverse, sophisticated, and confrontational cyberthreats against public agencies that collect and store sensitive data.
Add to that the continued conflict in Ukraine and financially motivated criminal groups are banking on massive payouts and moving their attention to a decentralized infrastructure. Winter is arriving in both the US and Eastern Europe, and we expect attacks on critical infrastructure to increase as temperatures decrease. Unfortunately, this could drive global energy prices up even higher.
3. Mandating Security, Privacy, and Government Regulation.
We anticipate ongoing changes in international consumer privacy requirements along with new security regulations from the SEC. More executive orders, Congressional committee meetings, and more politicians bringing security and privacy issues to the forefront are also likely. Australia has introduced new data breach regulations, and Singapore set up an inter-agency task force to counter cybercrime. We can expect more of the same abroad and at home. The automotive industry has already introduced measures to protect the data of vehicle owners. This is likely to be replicated in other areas of consumer goods that store and process data with the intent of holding manufacturers accountable for security vulnerabilities. We expect to hear a lot about data privacy and data security this year.
4. Hacktivism on the Rise.
Derived from the phrases hacking and activism, hacktivism is the act of accessing a computer system without authorization for political or social purposes. Hacktivists often use distributed denial-of-service (DDoS) attacks, which involve flooding a website or email address with so much traffic that it temporarily must shut down. Other tactics include data theft, website defacement, worms, and hijacking social media accounts. You may have heard of the hacktivist group “Anonymous” which rose to fame with a series of attacks. These include targeting the Church of Scientology, joining forces with Occupy Wall Street, attacking ISIS, and declaring a cyberwar against Russia. The ongoing war in Ukraine along with our own social and political tensions in the U.S. make increased hacktivism likely in 2023.
Hacktivists have also been known to target businesses that engage in activities contrary to their ideology. As businesses become more vocal about their social and political stances, this is important to keep in mind. Additionally, businesses can, unfortunately, become the collateral damage of a hacktivist group when there are widespread disruptions like a countrywide internet outage.
5. Cultures of Resilience and Safety.
Resilience in the cybersecurity context means being able to both resist and recover from business disruptions. Businesses need to treat cybersecurity as a systemic issue that is permeating their workplace and putting them under constant threat. In addition to the technical efforts, we expect to see a renewed focus in 2023 on the human aspect. 95% of cyber security breaches are primarily caused by human error. Fixing human vulnerabilities involves changing the culture. Organizational leaders must reassure staff that it’s okay to develop questioning attitudes and challenge high-risk requests. We anticipate more businesses entering 2023 with the expectation of a cyberattack, developing a culture of safety, and then having plans in place for recovery.
Your New Year’s resolution
Improving your cybersecurity position should be one of your organization’s New Year’s Resolutions. There is an evolving threat landscape in our digital world—one which requires increased diligence and prevention to thwart more sophisticated cyberattacks. As leaders in business, industry, and public utilities, it's essential to not only educate users and employees on best practices but to have in place the best level of protection from hackers. If it's time to shore up your organization's cyber protection, contact the team at Locknet Managed IT. We can help you have peace of mind with an IT strategy that factors in everything 2023 might throw at us.
