In 2022 ransomware attacks increased by more than 130%, and that isn’t expected to decrease in 2023. As the cybersecurity landscape continues to evolve, it’s important to understand how things are changing. Last week we took a look back at cybersecurity in 2022, this week we’re looking forward to knowing in 2023.
Threat actors are working smarter…and harder
In 2022 threat actors continued to rely on tried and true methods of attack. In 2023, we are likely to see an increase in the efficiency and efficacy of attacks by leveraging more sophisticated, technology-aided methods like AI and the use of online service providers to facilitate an attack.
On top of becoming more sophisticated in modes of attack, threat actors’ ability to halt business operations or critical infrastructure is broadening the pool of potential targets beyond Protected Personal Information or Personally Identifiable Information. Victims of ransomware schemes feel increasing pressure to pay attackers to get back to business as usual and minimize the impact on the supply chain or their business partners.
As Dan Nelson shared earlier this year, personal information (PHI/PII), long the perceived focus of threat actors, has oversaturated the nefarious cyber marketplace. A security plan focused solely on the protection of PII or PHI will not suffice in 2023 and beyond.
The shifting focus of attacks also drives a shifting focus in industries targeted. Financial services and healthcare organizations were long thought to be lucrative targets due to the amount of personal information they maintain. With this type of PII’s declining market value, threat actors have broadened their focus to include critical business processes, supply chain attacks, and infrastructure attacks. Fundamentally, this is a shift from “steal data to sell it” to “hold data hostage.”
You left the door unlocked
In the aftermath of a security incident, it’s important to understand how the threat actor gained access to the organization. Even in the most security-minded organizations, a small failure can lead to a breach. Understanding where and how it occurred is essential in strengthening security protocols.
Savvy threat actors have moved beyond sending blanket emails with the hope that someone inadvertently clicks a link. With the wealth of information organizations put on their social media and websites, it’s becoming increasingly easy to craft convincing emails tailored specifically to a target organization, substantially increasing the likelihood of the prey falling into the trap.
As more offices shift to remote or hybrid operations, cloud-based solutions meet new demands for businesses looking to be more efficient across a broader geography. When organizations build more complex tech stacks, they can inadvertently create more opportunities for threat actors to target the APIs that underpin organizational efficiencies.
Downgrading cybersecurity in the putative pursuit of productivity isn’t limited to an increasingly precarious tech stack. As Verizon reports, 52% of workers report sacrificing mobile security to meet a deadline or hit a productivity target.
Many organizations or singular applications implemented multi-factor authentication as a layered approach to security, requiring two or more credentials to verify the user’s identity to login. Short Message Service (SMS) is a common method of multi-factor authentication. If you have an application that sends you a text with a one time code to log in, you’ve used SMS MFA.
SMS authentication services have been a helpful, and common, tool in multi-factor authentication. However, an increasing number of mobile compromises make SMS less secure moving forward.
In addition to these new attack vectors, organizations must also consider existing vectors affecting aging hardware, outdated protocols, and lack of training in their approach to cybersecurity. As the attacker’s menu of options expands, the defender must continue to work both smarter and harder in response.
Compliance will count more than ever
Beyond understanding the potential threats, organizations need to be increasingly aware of their responsibilities related to cybersecurity in the coming year.
New and enhanced regulations mean more security requirements for organizations. California, New York City, and the Federal Government (in the form of the Department of Defense and the Securities and Exchange Commission, among others) are all enacting enhanced security mandates and exploring increased fines following a breach. Understanding these changes and what compliance requires, should be a major focus area for IT teams.
Compliance with new and enhanced regulations will also impact an organization’s cyber insurance coverage. From underwriting to purchasing to use, cyber insurance is getting more challenging to navigate but more important than ever to have. A more mature, robust approach to security is increasingly important to winning the cyber insurance race.
As we’ve looked at the carnage of 2022 and what’s ahead of us in 2023, it’s easy to feel hope fade, but it’s important to remember that organizations can take strategic, practical steps to enhance their security postures even as the threat landscape evolves. A trusted cybersecurity advisory partner can help your leadership team develop an approach that makes sense for your organization.