The year 2023 offers lots of promise and a whole lot of insecurity on the digital pathways — both for personal and business encounters.
Technology continues to bring innovative business solutions while it also poses seemingly unsolvable cybersecurity challenges.
Retail website crashes and supply chain disruptions used to be seasonal annoyances. Now they result from targeted cyberattacks. The FBI is keenly concerned by the rapid growth in targeted and sophisticated cyberattacks coordinated by threat actors.
The threat landscape is poised to grow as decentralized work environments drive companies to adopt more web-based tools. As enterprises look to optimize their work environment, how can they make sure to take their browser and communication channel security into the twenty-first century?
Given this litany of runaway cyber threats, it is never too soon for companies and consumers alike to think about how to prepare better for bad actors to snag them with a cyberattack or online fraud scam. The frequency of cyberattacks in 2022 reportedly increased by almost three million, and the average cost of a data breach globally reached an all-time high of $4.35 million.
Annual joint alerts released by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warn businesses and consumers alike about the increased security risks expected in 2023. Still, organizations are choosing to leave their digital doors unlocked for cybercriminals.
Recent findings by Cybereason revealed the majority of companies reduce their security staff by as much as 70% on weekends and holidays, exponentially increasing their risk and the aftermath of a ransomware attack.
CIOs to the Rescue
The flip side of the cybersecurity landscape for this year offers some good news, nonetheless. An October 2022 Gartner report highlights that CIOs are looking to increase their cyber and information security investments in 2023. That prognosis beats business intelligence and analytics goals, in which 55% say they plan to increase investment.
This bodes better for companies and governments worldwide facing ongoing threats and cybercrime damages of US$6 trillion globally in 2021, according to a Homeland Security report. Increased internet connectivity of people and devices has created an ever-expanding attack surface that extends throughout the world and into almost every American home. As a result, cyberspace has become the most active threat domain in the world and the most dynamic threat to the Homeland, according to that agency.
Gartner’s data indicates that worldwide information security and risk-management spending will exceed $188 billion in 2023, up 11.3% from last year, noted Jon Geater, co-founder and chief product officer at Rkvst.
While the economy pushes companies to cut costs, leading enterprises are keeping cybersecurity and risk management budgets intact. Forward-thinking organizations are shifting from a checkbox-based approach to a risk- and outcomes-based method of cybersecurity.
“We see companies and governments around the world waking up to the fact that with data-driven and connected operations now the norm, significant risks can enter their business from their supply chain. The Log4j threat and Kaseya and SolarWinds supply chain attacks have made that very clear,” Geater told TechNewsWorld.
Old-fashioned static checkbox compliance cannot defend against these risks. Geater urged organizations to demand strong, reliable, provenance information from key supply chain partners to more accurately assess and address their risks and implement supply chain integrity, transparency, and trust across all aspects of their operations.
A Matter of Scale
The Cybersecurity and Infrastructure Security Agency warns that cybercriminals are prepared and ready to target online shoppers with fake websites, malicious links, and fake charities. As the nation’s cyber defense agency, its goal is to ensure Americans are safe online, noted CISA Director Jen Easterly.
“By following a few guiding principles like checking your devices, shopping from trusted sources, using safe purchasing methods, and following basic cyber hygiene like multi-factor authentication, you can drastically improve your online safety this year,” Easterly told TechNewsWorld.
“Your cyber safety should be treated like your physical safety. Stay vigilant, take steps to protect yourself, and trust your instincts. If you see something that does not look right, there is a good chance it is not,” she offered.
For consumers, tighter budgets this year make phishing lures more attractive. Plus, shoppers must dodge a hefty onslaught of scam-related deals, warned Melissa Bischoping, director of endpoint security research at Tanium.
“Attackers know that social engineering and phishing are still the most effective initial access point, and they leverage a combination of economic uncertainty and desire for a good deal to prey upon individuals,” Bischoping told TechNewsWorld.
She added that this goes beyond just retail, so be mindful of scams and phishing related to charity donations.
“Instead of blindly clicking on links in emails, be sure to go directly to the official website or app,” she cautioned.
On the Cyber Horizon
Web security will become vital as we increasingly rely on web-based applications and SaaS services, suggested Michael Calev, vice president of corporate development and strategy at Perception Point. In this vein, cyber defenders are seeing problems with phishing, spearphishing, and, more importantly, evasion-related attacks.
“We can expect an increasing number of threat actors to target web users through these vectors [this] year. More cross-channel attacks can be expected, and we will see multi-layered attacks that start at one point and then spread across additional vectors,” Calev told TechNewsWorld.
This will lead to the advancement of extended detection and response (XDR) tools, and more companies will start scanning internal traffic to mitigate attacks as best they can, predicted Calev.
“Unfortunately, ransomware is here to stay, and we will see more double- and triple-extortion attacks. This will be accompanied by a growing number of account takeovers, with threat actors taking hold of legitimate accounts and attempting to mislead users and security vendors,” he warned.
Although other threat vectors will see significant growth in 2023, email will remain the largest, added Calev. Email is where the majority of attacks originate.
Paying Up, Not Fighting Back
According to a Perception Point-Osterman report, organizations pay an average of $1,197 per employee to address successful cyber incidents across email services, cloud collaboration apps or services, and web browsers.
This means that a 500-employee company spends $600,000 on cybersecurity annually. The figure excludes compliance fines, ransomware mitigation costs, and business losses from non-operational processes.
“Changes brought by digital transformation and remote work increased ecosystem complexity. As organizations invest in tools that monitor, detect, and provide information on their IT environment, they should invest in the processes that leverage this information,” Rami Musallam, CEO of CafeX, told TechNewsWorld.
Solutions exist to wage a successful battle against cybercriminals. Consider a recent partnership between CafeX’s incident response solution Challo and CyCognito’s SaaS platform to provide organizations with just that.
CyCognito discovers risk across a company’s attack surface. Challo unifies the relevant people, processes, and information to remediate threats fast, noted Musallam.
The combination lets businesses address threat intelligence and management with a single automated workflow. This optimizes their response activities and cybersecurity postures.
“There is a natural symbiosis between the Challo and CyCognito platforms,” said Josh Hogle, director of Technology Alliances at CyCongito.
2023 a Busy Year for CISOs
This year may prove to be a more volatile year for chief information security officers (CISOs). They deal with the pressures of maintaining a ridged security posture while also dodging the bullet of blame when attacks are successful, suggested Daniel H. Gallancy, CEO and Co-founder of cybersecurity firm Atakama.
“Cyberthreats will continue to proliferate in number and grow in sophistication throughout 2023. While basic security practices will prevent many breaches, organizations will need more advanced solutions to protect themselves from the devastating consequences of a successful attack,” Gallancy said.