Over the coming year a lot of what we see will be a steady evolution of trends already familiar to many. That means:
THE CONTINUED RISE OF RANSOMWARE:
As long as hostile nations harbor threat actors, attacks continue to compromise victim organizations and they continue to pay their extorters, don’t expect ransomware to go away anytime soon. We’ll probably see more innovation on the part of threat actors, to stay ahead of defensive measures and ensure their business models are fit for purpose. Ransomware will therefore remain the number one risk to businesses in 2023 – both in their potential to cause major service outages and serious data theft/leakage.
A SURGING NATION STATE THREAT:
State-sponsored actors continue to flex their muscles in cyberspace, supporting geopolitical goals (China), generating illicit funds for isolated regimes (North Korea) and helping to achieve military objectives (russia). Expect large-scale data theft (espionage), destructive malware, cryptocurrency heists and more.
HUMAN ERROR CONTINUES TO BE A TOP-TIER THREAT:
It’s hard to overstate the significance of human error to cyber risk. It’s the reason why phishing continues to be one of the top threat vectors for malicious actors. Accidental data leaks and misconfigurations will only grow as cloud complexity increases and skills shortages start to bite.
SUPPLY CHAIN RISK:
A recent report claimed that 98% of global organizations suffered a supply chain breach last year. It could come from software providers that are compromised to insert malware into updates, as per the SolarWinds attack. It could be managed service providers that are breached with a view to infect their downstream customers. Or it could be a solitary organization like a law firm targeted for the data it holds on its clients. The continued surge in risk to the supply chain will force CISOs to reappraise their vetting of partners and update risk management practices.
COMPLIANCE GETS MORE ONEROUS:
Gartner predicts that by the end of 2024, 75% of the world’s population will have its personal data covered by privacy regulations. As more countries follow the GDPR’s lead, organizations will struggle to manage the complexity unless they find technology solutions like encryption to reduce the scope and costs of compliance.
SCHREMS 2 ENFORCEMENT INCOMING:
We’ve been waiting a while for GDPR regulators to get tough with transatlantic data flows following Schrems 2 and the death of the Privacy Shield agreement. Once again, encryption and similar technologies could help to reduce legal risk as enforcement action increases.
SIMPLICITY AND CONTROL
As finances come under greater pressure in 2023, CISOs may be asked to find ways to be more efficient. With the average enterprise running 76 discrete security tools today, consolidation would seem like a no-brainer. Done right, it could help them to reduce licensing costs, visibility gaps and the management burden on stretched security teams.
This is the promise of a “cybersecurity mesh” architecture, which will be an increasingly popular way to mitigate the challenges posed by expansive cloud environments. This is also where data-centric security technologies like encryption and tokenization will play an important role, by reducing the risk of costly breaches and compliance fines. Whatever solutions CISOs choose going forward, they’ll need to put ease of integration and platform-based offerings at the top of their wish list.