The Most Pressing Cybersecurity Challenges of 2023
The global cost of cybercrime attacks is rising and reached an estimated €5.5 trillion in 2021. Ransomware attacks alone hit organizations somewhere in the world every 11 seconds. Our use of and dependence on technology grows each day and with it the opportunities for criminals to profit from emerging vulnerabilities. Despite increased awareness and growing spending by organizations to protect themselves and to build resilience in the event of a successful attack, specific cybersecurity threats will continue to rise in 2023. Cybersecurity risks will have to be mitigated by managing direct threats, but sufficient resources will be needed to navigate an increasingly complicated regulatory and operational environment in the coming year.
Biggest Threat: Cybersecurity Collateral Damage Caused by State-Sponsored Threat Actors
State-sponsored cybercrime and attacks are now one of the most prominent forms of cybercriminal activity, and will continue to rise in 2023. Nation-states take advantage of our increased dependence on technology to use cybercrime for espionage, sabotage or to sow misinformation. Meanwhile, some are turning a blind eye to cybercriminal groups within their borders that target the private sector, as long as those targets are in other countries.
In 2021, only a quarter of cyberattacks reported in Europe were directed at public administrations, while more than half targeted private-sector companies in a broad variety of sectors. The reasons targets are chosen are not always clear. For example, last month 14 U.S. airports suffered a denial-of-service (DoS) cyberattack that disrupted websites featuring flight information. Russian-speaking attackers took credit for the attack but the reasons for their actions remain unclear.
Private companies will need to closely monitor potential collateral damage caused by state-sponsored threat actors whose motives may not be obvious.
Attacks on Global Supply Chains
Globalization has dramatically increased the flow of goods throughout the world, but the rising interdependence for supplies and manufacturing processes also means that supply chains are stretched over greater distances and have become especially vulnerable to disruption. Already weakened from pandemic bottlenecks, the manufacturing sector has become an attractive target for attackers. In 2021, the number of supply chain intrusions rose 16% from the previous year.
Manufacturers and service providers often adopt new digital technology to quickly enhance productivity, but sometimes do so without paying sufficient attention to security issues. The introduction of robotics and the internet of things has provided attackers with new avenues to explore and exploit. One recent example is Toyota’s suspension of its Japanese production line last February due to a cyberattack directed not at Toyota itself but at one of its suppliers. The company had to delay the production of 13,000 vehicles as a result.
Ransomware Attacks: The Continued Rise
Cybercriminals monetize their activities via ransomware, and the tactic, which blocks access to systems or data until a ransom is paid, is being used on an ever-broader range of organizations and companies of all sizes. In 2021, there was a record 623 million ransomware attacks; far more than in previous years. Broader adoption of digital tools and remote working during the pandemic helps to explain the rise of attacks. More and more, criminals are using sophisticated phishing scams and targeted deep fakes, and the ubiquity of digital communication means attackers have more windows of opportunity to exploit.
Malicious Insiders Become More of a Threat
Financial companies are prime targets for cybercriminals and frequent targets of cyberattacks. Financially motivated criminals attempt to infiltrate systems using tactics like server access, misconfigurations and fraud, often monetizing their activities through ransomware.
Almost one-third of successful breaches in the sector come from internal actors, in some cases employees unaware they are putting their company at risk. Adequate cybersecurity awareness training is key to avoiding incidents.
Insiders who knowingly aid cybercriminals, on the other hand, can be difficult to identify. To mitigate the threat from malicious insiders, cybersecurity systems need to take into account a broad range of information and be able to detect unusual or erratic user activity. Processes and controls must be established for granting access to sensitive data and followed closely at all times. User and entity behavior analytics (UEBA) can be critical to properly vetting new hires and keeping an eye out for unusual practices in the workplace.
The Shifting Regulatory Environment
The sense of alarm is growing among policymakers and regulators throughout the world of the threat to critical infrastructure and businesses that cybercrimes present, not to mention the risks to private citizens. New legislation to improve resilience and try to stem the growing tide of cyberincidents is beginning to appear which will require greater attention to an evolving regulatory landscape for cybersecurity.
Pressured into action by high-profile cybercrimes involving businesses and infrastructure, such as the Colonial Pipeline hack in 2021, the U.S. passed the Strengthening American Cybersecurity Act of 2022 in March 2022. The new legislation obligates companies to notify the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of discovering a cybersecurity breach and within 24 hours of paying ransom to hackers. The law targets companies that provide critical infrastructure, but details of which companies the law will apply to and how it will be enforced have yet to be fully defined.
The new Digital Operational Resilience Act (DORA) was adopted by the European Parliament in November 2022 and introduced a comprehensive framework for the digital operational resilience of the financial sector. Almost all regulated financial institutions are in scope of DORA and will have to implement sufficient safeguards to protect against cyber and other ICT-related risks.
As the implications of these new laws become clearer and more countries follow with their own requirements, meeting the increasing cybersecurity-specific regulatory requirements across all countries and regions where companies operate will be a growing challenge for cybersecurity managers in 2023.
Ongoing Challenge: Attracting and Retaining Cybersecurity Expertise
Unfortunately, the increased use of technology and the rise of cybercrime attacks has not brought with it an increase in the number of qualified cybersecurity professionals available to address the problems. Attracting and retaining the right talent has been a challenge for companies and will continue to be in the future.
Recruiting professionals with the needed skill set is critical, but just as important is retaining talent once they are on board. Many cybersecurity professionals want to work at organizations where their opinions will be taken seriously by top management, where well-defined cybersecurity governance and automation are in place and where cybersecurity training and investment throughout the organization is a key priority. Many want to feel challenged to design new solutions and to connect with the core purpose of the company they work for. Organizations have to focus not just on filling their specific needs but on meeting the expectations for career development and purpose of the cybersecurity talent they depend on.
Overcoming the cybersecurity threats and attacks that lie ahead will take more than stamina to confront the day-to-day battles. Broad vision is critical in order to keep up with an environment in constant evolution and to cultivate adequate resources to help in the fight.
