Four cyber risk trends to watch in 2023 and how companies can mitigate them

Steve Durbin is CEO of Information Security Forum. He is a frequent speaker on the council’s role in cybersecurity and technology.

In 2022, the world largely emerged from the pandemic and woke up to some changes in the overall business landscape. Commerce had become more digital. Working from home was normalized. A number of physical assets had merged with digital, artificial intelligence had entered businesses, and cyber risks emerged from the war between Russia and Ukraine.

What this all means is that cybersecurity has become more risky, more expensive and more complicated for companies. Let’s take a look at four cybersecurity challenges I think organizations should be preparing for in 2023:

1. More cyberattacks and breaches

This probably comes as no surprise. In 2021, a number of major brands fell victim to ransomware and 2022 was one record year for cyberattacks and breaches. The fact is that it doesn’t matter if you are in the public or private sector; in 2023, i believe that, in addition to ransomware and breaches, the world could witness a new evolution of cybercrime-as-a-service, hiring cybermercenaries to carry out sophisticated attacks and breaches on behalf of rogue states, “hacktivists” and criminal networks .

2. The supply chain bubble bursts

Companies may not realize it, but many of them have already moved or are in the process of moving their critical information and infrastructure to third parties. As companies move their data and infrastructure to the cloud and become increasingly reliant on third-party software applications and service providers, they significantly increase the risk of third-party cyberattacks and breaches. In the past three years there has been one 742% growth in software supply chain cyberattacks, and experts already are to predict Attacks against open source and commercial software will continue to increase in 2023.

3. Attackers poison the data well

If you think about how companies will use data in 2023 and beyond, we will probably see AI and predictive analytics playing a major role. I predict that we will produce data exponentially thanks to technologies such as the Internet of Things, Industrial Internet of Things, edge computing and 5G. We will also be producing data in a variety of different environments, including at home, on the road, in the office and across supply chains. In this new environment, I expect companies to become more dependent on the integrity of that data to make decisions. Bad actors and cyber criminals know this, so tackling cyber risks will depend not only on the confidentiality and availability of data, but also on its integrity.

4. The never normal

As security teams recover from 2022 and move into 2023, things are likely to begin to pile up, including cybersecurity and supply chain considerations, ethical considerations, and regulatory mandates (e.g. storage and use of personal data, use of AI, etc.). This constant challenge is what “never normal” is all about.

The “never normal” is also about companies that are in a constant state of evolution, transforming all parts of the company to have an agile security strategy. It’s about having a security strategy that can be adapted to the direction the business is going. It’s about how security teams should keep all the different pieces of the security pie aligned with what the business needs. It’s about adjusting security around the macro cybersecurity environment and where the markets are taking us from an economic and trade standpoint.

How can organizations overcome these cybersecurity challenges?

While security is not a one-size-fits-all solution, there are some broad strategies organizations can use to address these emerging cybersecurity challenges:

1. Establish a cyber resilience framework.

Cyber ​​resilience means organizations are prepared for the inevitable. Identify and prioritize critical assets as they evolve, continuously test the environment under stress, and consistently improve your response to breaches. Develop situational awareness and monitor what is happening in different environments and attack surfaces.

2. Focus on risk management, governance and compliance.

Organizations need to have a sound governance framework in place so they can identify regulatory changes as they happen and make course corrections in their business and security efforts. Prioritizing is also key; take a step back and realize that not all data needs to be protected 100% of the time. Protecting the confidentiality, availability and integrity of all data is like trying to boil the ocean. Work with business units to identify crown jewels first, start small, understand your data lifecycle and be specific (not generic) with your security strategy.

3. Build integrity in the supply chain.

Every organization must communicate regularly and effectively with key suppliers. Continuously assess your risk and exposure to supply chain threats and perform the appropriate level of due diligence to ensure that your suppliers secure data to an acceptable standard of security.

4. Focus on people.

The world of work has changed. Organizations must adapt their security policies and procedures accordingly. adapt and implement safer ways of working; pay special attention to cyber fatigue and mental health; provide security awareness training to employees and explain their responsibility and accountability to the company.

Resilience is hard to achieve when there is a lack of alignment between security teams, senior management, employees and the extended ecosystem. For a security strategy to be successful in 2023 and beyond, it must not only be closely aligned with the business, but also provide assurance that cybersecurity is treated as a business risk rather than a purely technical issue.

---

businessroundups.org Business Council is the premier growth and networking organization for entrepreneurs and leaders. Am I eligible?

---