The close of the year provides an opportunity to look forward with hope to the next, and that is particularly true when it comes to cybersecurity.
2020 and 2021 were rough years in terms of rising cyberattacks because of the remote-working boom amid the Covid-19 pandemic, the developing ransomware and supply chain attacks, and what the Colonial Pipeline attack told us about the risks to critical national infrastructure. 2022 was probably even worse due to the geopolitical and economic fallout from the Russia-Ukraine war.
So, what might 2023 hold? These are some of the cybersecurity conclusions from the Thematic Intelligence Tech, Media and Telecom (TMT) Predictions 2023 report.
Cybersecurity professionals at breaking point
Continuing cyberattacks means that cyber professionals are reaching their breaking points. According to Microsoft Active Directory log data for 2022, there are now 921 password attacks every second—nearly double that of a year ago.
The rising rates of cybercrime, and subsequent media coverage, are putting huge pressure on already hard-pressed cybersecurity teams. The ongoing cybersecurity skills crisis offers little prospect of reducing the immense pressure on those teams, as it is challenging to attract and retain cybersecurity professionals to help keep businesses secure. So, in 2023, it is likely that cyber teams’ mental and physical well-being will continue to be threatened by their workload.
Organizations will prioritize zero-trust capabilities in 2023
Zero-trust means assuming that whatever entity is trying to gain access to an organization’s IT applications is untrustworthy until its identity and hygiene are verified. The US government has mandated that its agencies must migrate to a zero-trust strategy by the end of 2024. This will involve stronger security measures such as phishing-resistant multi-factor authentication and network traffic encryption.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
By the end of 2023, the level of success of implementing zero-trust applications across organizations will become clearer. A key factor will be whether organizations have the necessary cyber recovery and data protection skills.
AI will be the hallmark of a major cybersecurity attack in 2023
The rise in cyberattacks has catalyzed the growing adoption of AI-based security technologies for defensive purposes. AI can swiftly analyze millions of datasets and identify various cyber threats. However, AI will also increasingly become a malicious tool to create advanced cyber threats, with hackers launching increasingly sophisticated attacks. AI can be used to create smart malware programs that alter algorithms at such a speed that reacting to them becomes very difficult. Hackers can also manipulate AI systems to behave insecurely when presented with anomalous or malicious inputs.
Organizations will receive stricter advice on the payment of ransoms
Ransomware is a continuous threat, with its exponents becoming ever more ruthless in their methods and launching more devastating attacks. According to the EU Agency for Cybersecurity (ENISA), the ransomware business model is projected to cost more than $10 trillion by 2025, up from $3 trillion in 2015. In the US, North Carolina and Florida have prohibited state and government agencies from complying with or paying ransomware demands. Clarity must emerge from law enforcement, governments, and regulatory organizations in 2023 to tackle a rise in payments to ransomware-driven cyber attackers.
Multi-factor authentication: The vegetable of cybersecurity
Let us go back to those 921 password attacks a second. A recent article pointed out that basic multifactor authentication (MFA) can protect against 98% of attacks, but most companies are not using it. It is a bit like people not eating their vegetables; everyone is aware of the benefits, but a majority of people do not do it.
Microsoft suggests three reasons for its lack of adoption:
- MFA costs too much. Security team resources are already at a premium, so adding an additional tool to their portfolios can be a tough sell.
- They think their users will hate MFA. Users want to be productive wherever and whenever they are working without sacrificing their organization’s security. Conditional access is one modern approach to MFA.
- MFA is too hard to deploy. But organizations can use conditional access policies to protect cloud implementations, as opposed to relying on a physical server or software.
Ultimately, an enterprise must be able to protect its own operations and users from ongoing cybersecurity threats. And MFA is just one tool in a security team’s kitbag. Only time will tell see if users’ approach to MFA changes in 2023.