Cybersecurity is a fast-evolving area. Here, we look at the most important trends to watch out for in 2023, including the increased threats from connected IoT devices, hybrid working, and state-sponsored attacks.
In recent years we have seen the topic of cyber security move from the IT department to the board room. As attacks have proliferated and the potential penalties, both regulatory and in terms of loss of customer trust, have increased, it has become a priority at every organizational level.
We often think of cybersecurity as an ongoing battle between hackers and criminals, and security experts, which is constantly escalating due to constant advances in technology. This is the “glamorous” side of the business that we sometimes see depicted in TV shows and movies. And indeed, threats sometimes come from hostile foreign states or devious, tech-savvy criminal masterminds. In reality, however, threats are just as likely to emerge due to improperly secured networks leaving sensitive data accidentally exposed, or unwary or indiscreet employees using non-secured devices while working from home.
A shift to a culture of home and remote working that started during the Covid-19 pandemic and has persisted in many organizations, as well as the spread of the internet of things (IoT) into every area of business and society, means there has never been more opportunity for lax security to cause headaches and expense. Because of this, cybersecurity is top of everyone’s agenda in 2023, so here’s a look at some of the key trends in 2023:
Internet of Things and cloud security
The more devices we connect together and network, the more potential doors and windows exist that attackers can use to get in and access our data. And in 2023, analysts at Gartner predict, there will be 43 billion IoT-connected devices in the world.
IoT devices – ranging from smart wearables to home appliances, cars, building alarm systems and industrial machinery – have often proven to be a bugbear for those with responsibility for cybersecurity. This is because, as they are often not used to store sensitive data directly, manufacturers haven’t always been focused on keeping them secure with frequent security patches and updates. That has changed recently, as it’s been shown that even when they don’t store data themselves, attackers can often find ways to use them as gateways to access other networked devices that might. Today, for example, you’re less likely to find a device shipped with a default password or PIN that doesn’t require the user to set their own, as was frequently the case in the past.
In 2023, a number of governmental initiatives around the world should come into effect designed to increase security around connected devices, as well as the cloud systems and networks that tie them all together. This includes a labeling system for IoT devices set to be rolled out in the US to provide consumers with information on possible security threats posed by devices they bring into their homes.
Work-from-home cybersecurity becomes a priority for businesses
Recently, a cybersecurity priority for many organizations has been to secure the millions of devices worldwide that are being used for home and remote working since the start of the pandemic. Pre-pandemic, when we were all office-based, it was simple enough for security agents, probably based in IT departments, to regularly check and update company laptops and smartphones. This made it relatively simple to ensure they were free of spyware and malware and were running the latest versions of anti-virus software and other preventative measures. In 2023, when workers are more likely than ever to use personal devices to remotely connect to work networks, a new set of challenges has emerged.
Connecting to networks with non-secured devices can lead to employees unwittingly falling victim to phishing attacks, where attackers trick users into divulging passwords. With more people working remotely, it’s increasingly likely we may find ourselves working in teams where we don’t know each other as well and are at risk of falling for impersonation scams. It also enables ransomware attacks, where software is injected into networks that erase valuable data unless users pay a ransom to attackers. The risk of this also increases in remote working situations, where it’s more likely that devices may be left unattended.
International state-sponsored attackers target businesses as well as governments
Nation-states frequently take part in cyber-espionage and sabotage in an attempt to undermine unfriendly or competing governments or to access secrets. In this day and age, however, it's increasingly likely that companies and non-governmental organizations (NGOs) will find themselves targeted by state actors.
Since the 2017 WannaCry ransomware attack, believed to have been perpetrated by hackers affiliated with the government of North Korea, there have been hundreds of thousands of attacks on servers all around the world that security agencies believe can be traced to foreign governments.
In 2023, more than 70 countries are due to hold governmental elections – events that are frequently a target for attack by hostile foreign interests. As well as hacking and cyberattacks on infrastructure, this will take the form of disinformation campaigns on social media. This often involves seeking to influence the results in favor of political parties whose victories would benefit the government of the hostile state. And cyber warfare will undoubtedly continue to form a key element in armed conflict, with one analyst saying of the Russia-Ukraine war that “Digital is an important a part of this war as is the fighting on the ground.”
Artificial intelligence (AI) plays an increasingly prominent role in cybersecurity
As the number of attempted cyberattacks has grown rapidly, it has become increasingly tricky for human cybersecurity experts to react to them all and predict where the most dangerous attacks will take place next. This is where AI comes into play. Machine learning algorithms can examine the vast amount of data moving across networks in real-time far more effectively than humans ever could and learn to recognize patterns that indicate a threat. According to IBM, companies that use AI and automation to detect and respond to data breaches save an average of $3 million compared to those that don’t.
Unfortunately, thanks to the ever-growing availability of AI, hackers, and criminals are growing increasingly proficient at using it too. AI algorithms are used to identify systems with weak security or that are likely to contain valuable data among the millions of computers and networks connected to the internet. It can also be used to create large numbers of personalized phishing emails designed to trick receivers into divulging sensitive information and become increasingly good at evading automated email defense systems designed to filter out this type of mail. AI has even been used to artificially “clone” the voice of senior executives and then to fraudulently authorize transactions!
This is why the use of AI in cybersecurity is sometimes referred to as an "arms race," as hackers and security agents race to ensure the newest and most sophisticated algorithms are working on their side rather than for the opposition. It’s been predicted that by 2030 the market for AI cybersecurity products will be worth close to $139 billion – a near tenfold increase on the value of the 2021 market.
Building a security-aware culture
Perhaps the most important step that can be taken at any organization is to ensure that it is working towards initiating and fostering a culture of awareness around cybersecurity issues. Today, it’s no longer good enough for employers or employees to simply think of cybersecurity as an issue for the IT department to take care of. In fact, developing an awareness of the threats and taking basic precautions to ensure safety should be a fundamental part of everyone’s job description in 2023!
Phishing attacks rely on “social engineering” methods to trick users into divulging valuable information or installing malware on their devices. No one needs technical skills to learn to become aware of these types of attacks and to take basic precautions to avoid falling victim. Likewise, basic security skills like the safe use of passwords and developing an understanding of two-factor authentication (2FA) should be taught across the board and continually updated. Taking basic precautions like this to foster a culture of cybersecurity-awareness should be a core element of business strategy at organizations that want to ensure they build resilience and preparedness over the coming 12 months.
To stay on top of the latest on new and emerging business and tech trends, make sure to subscribe to my newsletter, follow me on Twitter, LinkedIn, and YouTube, and check out my books ‘Tech Trends in Practice’ and ‘Business Trends in Practice, which just won the 2022 Business Book of the Year award.