Attention, CISOs and security pros: If there’s one thing we can say this early in the year, it’s that 2023 is a shift in cybersecurity. Last year broke records for the number of cyberattacks, phishing scams and data breaches. And, with major advancements like ChatGPT and Bard, we now have to understand what generative AI means for cybersecurity.
With that dark prologue, many organizations are using this year to refocus their cybersecurity defenses.
Today, no one is immune from the threat of an attacker. Each organization needs to be ready in an evolving environment, from small businesses to enterprises. Organizations of all sizes must defend themselves and understand the evolving cybersecurity landscape. Importantly, the ramifications of cyberattacks are no longer limited to the digital world. We see increasing evidence of digital attacks having real impact on the physical world.
So, what to prepare for? How to prepare? Here are some of the top trends for cybersecurity in 2023 — including the ways companies can improve their defenses.
Ransomware attacks will increase, become more professionalized
Ransomware attacks have skyrocketed over the past few years and show no signs of slowing down. Splunk’s annual State of Security uncovered that 79% of surveyed organizations experienced ransomware attacks last year.
Targeted ransomware is an issue that most industries cannot ignore. Any large organizations, even nonprofits, are at risk of an attack. For example, educational institutions, especially K-12, are at high risk of an attack: education and research organizations experience 2,297 attacks each week, 44% higher than the previous year.
Last year, we saw an increase in Cybercrime-as-a-Service as ransomware gangs (aka ransomware families) became more professionalized. Hackers have become faster and more efficient. In this ecosystem, groups sell individuals the tools or services they need to carry out attacks — so that amateurs have the sophisticated tools that used to be limited to only a few bad actors.
(Read our ransomware attacks explainer.)
The next attack vector? Machine learning
As artificial intelligence and ML become more advanced, automation permeates every aspect of business. From coding to writing to customer service, machine learning (ML) makes automation smarter and faster than ever. However, this year will also see ML becoming another attack vector.
Since ML pipelines are part of new software systems organizations use to defend themselves from attack, leaders must also protect their ML models. ML transparency is essential for an ethical and trustworthy model. Leaders need to understand what is happening and how their ML models produce outputs to provide adequate security.
(Read more about the ethics of AI.)
Deglobalization pressures turn cybersecurity local
Digital tools have connected our world more — today, that trend is starting to reverse. Between growing political tensions, concern over security and a global pandemic, governments are increasingly concerned with restricting the flow of data. France, Austria and South Africa are just a few of over 50 countries aiming to limit data flow from their country.
And it’s not just governments seeking to limit data movement. The private sector also wants to contain its data in anticipation of more stringent data privacy regulations. For example, companies serving European clientele must anticipate heightened data residency regulations. GDPR and CPA no longer lead the way for data privacy. Companies are more able to regulate their own data ahead of regulations and develop more advanced cybersecurity.
As a result of deglobalization, organizations increasingly need to focus on the local. Driving a single global solution footprint is ineffective — different regulations, various market maturities and the cost of moving data physically. International companies must create distinct local cybersecurity strategies to remain effective and ensure security.
Despite the layoffs, it’s still a great time to work in cybersecurity
While Big Tech may be all over the news for massive layoffs, cybersecurity workers still have very in-demand skills. 80% of tech workers found a new position just three months after starting their job search.
Other industries desperately need cybersecurity workers to protect their websites, apps and business infrastructure. In fact, 59% of tech workers work outside of the tech industry. As a result, tech workers still have the upper hand in the job market.
Since Big Tech companies have proven unreliable, cybersecurity workers are no longer attracted solely to large paychecks and big names. Instead, they want purpose- and mission-driven companies that they can embrace. Larger organizations will have to compete with small start-ups with strong value-based missions. As a result, corporations need to take more actions to support their social and environmental statements to attract and retain talent.
Many cybersecurity workers may question their career path as each corporation announces layoffs. However, they are still in a strong position and have many job options available. The worker’s market will transform corporations that need their cybersecurity skills to protect their business.
Omnichannel attacks are on the rise
Cyberattacks are no longer limited to the desktop. Phishing and other hacking schemes have become omnichannel, reflecting the years-long shift in modern business communication. Bad actors are learning to hack into systems using social media, direct messages, chat, phone calls and SMS — social engineering attacks. Users may respond on one channel only to receive a deluge of communication on other channels. Using multiple channels can lull users into a false sense of security as it projects authenticity.
These expanded attacks mean cybersecurity must broaden its protection to cover more than just emails. Protecting users from social engineering is a new challenge for cybersecurity professionals in 2023. Because messages don’t contain explicit threats, such as a malicious link or attachment, until the last step of the attack, it is difficult to weed them out early.
(Learn about attack surface management.)
The role of CISO is expanding
The union of data and tools around different IT cyber resilience functions also significantly impacts leadership, especially the chief information security officer role. CISOs are now responsible for more than simple InfoSec — a key responsibility is resiliency, including ensuring performance and preventing security attacks.
Critical decision-makers within the organization, CISOs are at the forefront of moving their companies toward overall resilience. As companies seek to break through data siloes and use tools that enable security to observe the entire organization, CISOs are better positioned to combat all IT system threats. They have the tools and visibility to tackle a broader definition of incident — which means the role’s scope and responsibilities continue to expand.
Requirements for cyber insurance will increase
As organizations struggle to keep up with increasingly sophisticated threats, many use cyber insurance to protect their business in case of an attack. Cyber insurance evolves with the new landscape, and leaders are finding obtaining and retaining their coverage increasingly more challenging and expensive.
More insurance companies require businesses to show they have an adequate level of protection. However, many organizations find this challenging because there is no industry standard on an appropriate amount of security measures.
Organizations need to prove that they don’t present uninsurable risks to meet these increasing standards. Companies need to:
- Put strong authentications in place.
- Build their technology base of security.
- Earn certifications where available and as applicable.
Businesses that outsource their IT must choose a provider with robust security. For example, a cloud partner should have SOC 1, 2, and 3, and ISO 27001 certification. In addition, partners should also have industry-specific compliance, HIPAA at a minimum, for healthcare.
Companies that offer strong evidence of protection will have better coverage options and ensure they continue to remain insured even as requirements evolve.
Zero-trust architecture is the new norm
For a long time, the zero-trust security model was the gold standard that only the most technologically advanced companies, such as Microsoft, could implement. However, zero-trust architecture will soon become the norm as companies grapple with increasing security threats and more sophisticated attacks.
The zero-trust security model eliminates the outdated cybersecurity assumptions that bad actors exploit. Many traditional security models assume that everything (and everyone) within the network is trustworthy. Once hackers gain access to the network, they can immediately access everything and withdraw data. Zero trust eliminates this trust, requiring continuous validation.
Creating a zero-trust architecture requires complete visibility and control over traffic and users. IT teams must identify what’s encrypted, monitor and verify traffic and leverage multifactor authentication to maintain security. As companies try to maintain security in an increasingly threatening environment, more will turn to this approach to mitigate risk.
(See what security strategist James Young has to say about zero trust.)
Summarizing 2023 cybersecurity: Meeting threats in a new environment
To remain secure in the face of increasing threats, 2023 will be marked by a modern cyber-defense that requires flexibility to meet the evolving cybersecurity landscape. Companies must prepare themselves and seek security-centric partners to maintain their boundaries and lower their risk of attack both now and in the years ahead.
What is Splunk?
This posting does not necessarily represent Splunk's position, strategies or opinion.