Cyberattacks and what to expect.
Cyberattacks in numbers.Let’s start with a breakdown of cyberattacks in 2022 according to a 2022 report:
|
Trends in cyber attacks.
Cybersecurity is a critical issue for companies and governments alike as individuals are using a growing number of varied and even their own personal devices for work, adding to the number of potential vulnerabilities and attack points.
Even less sophisticated attacks will continue to intensify in 2023, according to a report by Global Corporate & Specialty (AGCS) published in October 2022. In 2022, attacks went up 28% compared to 2021, and this growth does not appear to be slowing down in 2023.
Compromised mailboxes, identity theft and MFA bombing, ransomware and phishing continue to be highly popular attack vectors.
Companies’ security teams must be wary of the human factor and take a proactive stance on security to effectively protect their organisations’ assets.
How will companies defend against cyberattacks?
The emergence of AI and ML.
Artificial intelligence (AI) and machine learning (ML) are making significant inroads in cybersecurity to help sniff out attacks and identify suspicious activity. AI and ML applications are constantly evolving and enable a much faster and more precise detection of threats.
The mean time to detect (MTTD) and respond (MTTR) remain critical KPIs for an effective corporate defence system that can adapt to a changing threat landscape and enables swift implementation of appropriate measures.
Blockchain.
Blockchain enables data to be stored in a decentralised and secure manner. In cybersecurity, this technology is used to protect sensitive data and online transactions. However, blockchain requires stringent controls to ensure optimum data protection.
The internet of things (IoT) and exposure to attacks.
The internet of things (IoT) is expanding all around us, significantly increasing the attack surface. The proliferation of new technologies always goes hand in hand with a surge in attacks. The development of the 5G network invites perpetrators with an exploding number of potential entry points.
That’s why companies must implement specific security measures to protect their IoT devices, including encryption technology and make sure they always have the latest software updates deployed (MFA).
While passwords will likely decline in usage in the future, they are still an essential component of the security landscape. With account security being high up on the agenda for 2023, there could be an increasing demand for password managers, which in turn will put these solutions on the list of targets.
Cloud computing.
Cloud computing has made an impact on a lot of things, and cybersecurity is certainly one of them. In 2023, we expect to see the security of cloud computing bolstered, in particular through the introduction of purpose-built security solutions.
The goal is to mitigate the risks associated with cloud computing by enabling new strategies to prevent downtime and more secure data protection infrastructures, e.g. a contained environment where data are analysed before they leave the data centre, and thoroughly checked for malware.
Regulations.
Regulations governing cyber security will be tightened over the course of the year, in particular with respect to critical sectors such as finance, healthcare, transport and energy.
The European Council and Parliament have agreed on a new directive that will replace the current directive on security of network and information systems in May 2022. Key points of the new directive include:
- Stronger risk and incident management and cooperation among relevant authorities.
- Widening of the scope of the rules.
The new directive is expected to be approved soon, and member states have 21 months to incorporate its provisions into their national law.
Awareness.
Awareness should remain a top priority in 2023. Companies must continue to train their employees in IT security best practices to mitigate the risk of human error that can lead to breaches, either through providing in-house training or leveraging the services of specialised training providers.
Governments often launch initiatives to promote cybersecurity in companies, such as the France Relance plan, or frequent publications from ANSSI, the French National Agency for the Security of Information Systems.
As you can see, cybersecurity is not something to be taken lightly by anyone, including companies and governments worldwide. What we expect to see in 2023 is that ongoing advancements in technology will continue to play a key role in securing information systems, which in turn means that organisations must keep their employees up to date on new risks and how to meet them.