IT security trends companies should prepare for in 2023

By Niall McConachie, regional director (UK & Ireland) at Yubico.

  • 1 year ago Posted in

2022 was a challenging year for corporate cybersecurity, proven by a myriad of sophisticated and high-profile cyber attacks targeting the NHS, Twitter, Uber, and more. In 2023, companies can expect the rate of sophisticated cyber attacks to increase as phishing-as-a-service and other sophisticated toolkits continue to compromise weak cybersecurity measures. It’s imperative for all organisations to stay aware of emerging trends throughout the cybersecurity landscape, especially for those providing critical public services.

The rise of low-effort tactics by hackers

Bad actors don’t always need sophisticated cyber attacks to compromise their target’s digital environments. In fact, hackers tend to take the path of least resistance by opting for tactics that cost the least amount of time and money possible. This can include simply purchasing attack deployment services and phishing kits via marketplaces on the dark web. In some cases, disgruntled ex-employees have been reported to leak and even sell corporate information to the dark web themselves.

These simple, low-effort tactics have substantially lowered the bar for attackers to obtain corporate login information and compromise critical data, which is the main objective. Yet, while this level of organised crime continues to occur, the rate of corporations’ adoption of countermeasures, like phishing-resistant multi-factor authentication (MFA), is slow to keep up. Indeed, despite these risks, our research revealed that 59 percent of employees still rely on usernames and passwords to authenticate into their online accounts. Additionally, nearly 54 percent of employees admit to writing down or sharing a password, increasing the chances of a data breach to occur. These trends do not bode well for businesses in 2023. With the threat landscape continuing to complexify, organisations should consider adopting modern phishing-resistant MFA solutions and regularly training their workforce on cybersecurity risks and best practices.

Protecting critical public services

Adversaries tend to target organisations where they can cause the most disruption possible. Businesses within critical national infrastructure (CNI) and the public sector – including healthcare, education, utilities, and more – can therefore expect to face the continued rise of targeted cyberattacks in 2023.

The impact of disrupted digital services or complete loss of availability by these critical organisations can result in a scaled impact, affecting a significant portion of the UK population and potentially putting lives at risk. At times, when organisations attempt to restore these vital services, bad actors profit from large ransom pay-outs. And history shows that the willingness to pay a ransom often invites additional interest within and across organised crime.

The number of attack vectors has greatly increased against CNI, as a result of the general adoption of connected sensors at industrial sites and the rise of IoT monitoring devices at power stations. The growing number of attack vectors means there are new ways for cybercriminals to evade existing cyber mitigation tools and protocols. Due to this, public sector and CNI business leaders must do more to enhance their highest-priority baseline measures in order to protect against modern cyber threats.

Zero trust is a priority

One of the most effective threat mitigation measures organisations can adopt is a zero trust architecture (ZTA). In fact, it is so highly effective that many organisations have shifted some of their business-critical applications to ZTA over the last several years. With this in mind, ZTA is likely to remain an ongoing priority for corporations around the world this year.

However, achieving this is largely dependent on back-office applications and services that will require either ZTA support – which don’t quite exist yet – or a migration strategy. Additionally, there has been slow adoption by businesses within financial services, since many still use mainframe technologies for their ledger.

Fortunately, companies are now prioritising more advanced forms of cybersecurity measures, such as ZTA and phishing-resistant MFA, to protect their critical data and digital assets. However, no advanced form of cybersecurity can be fully effective without the cooperation of internal staff and their understanding of the need for better cybersecurity. Only by continuing to prioritise advanced cybersecurity methods and educating the workforce of the need for better cybersecurity practices, can organisations better position themselves for success when mitigating emerging cyber threats.

By Alasdair Anderson, VP of EMEA at Protegrity.
By Eric Herzog, Chief Marketing Officer, Infinidat.
By Shaun Farrow, Security Practice Lead at Bistech.
By Andre Schindler, GM EMEA and SVP Global Sales at NinjaOne.
By Darren Thomson, Field CTO EMEAI, Commvault.