As we turn the page on 2022, cybersecurity threats are continuing to create problems for businesses, institutions, and individuals. According to Cybersecurity Ventures, if cybercrime was a country it would be the world’s third largest economy after the US and China. They estimate the cost of cybercrime at $7 trillion in 2022. Checkpoint says the first six months of 2022 saw a whopping 40% increase in cyber-attacks from the previous year, with ransomware being declared a “state-level weapon.” It has been a never-ending cycle of cyber thieves coming up with new ways to attack and cyber security professionals playing catch up with the solutions. At CYRIN we also continue to keep up with the threats and find ways to get you on the right track as you prepare your team for whatever cybersecurity brings in 2023.
What did we predict in December of 2021 would be the critical issues in cybersecurity for 2022?
So, what might be the top cybersecurity issues for 2023? Here is a look at some critical issues for cyber that experts are urging us to prepare for in the new year.
Phishing attacks can hit businesses or individuals. It’s one of the most common attacks that criminals utilize to steal information for fraudulent purposes. According to Nahla Davies for AT&T’s Cybersecurity blog: “Phishing is still the most severe security threat on the internet to date — and a majority of the population is at a high risk of falling prey to this threat (it’s said that 97% of the people who have internet access, still cannot recognize a phishing email). Phishing emails and dangerous URLs are still common on the internet, but they are now customized, tailored, and geo-targeted.”
Ransomware as a cybersecurity issue has been around for several years and it is still a huge problem. Mostly, it has been an issue for businesses (but individuals can be caught up in it). Ransomware is among the top 10 cyberattacks and is a popular way for attackers to target businesses. This won’t change any time soon; according to the U.S. Department of Homeland Security, ransomware attacks have been increasing across the globe. Unsuspecting users download infected emails or visit websites that are infected, and the criminals are into the system. Companies’ networks are then held hostage until ransoms (usually in cryptocurrency) are paid and there are times when even if the ransom is paid, says Karim Ahmad writing in Makeuseof, “there's no guarantee that your files will be unlocked. In most cases, it's a slippery slope, with ransomware gangs preying on the less tech-savvy and demanding increasing sums of money.”
As reported by Cloudwards.net, ransomware cost the world $20 billion in 2021 and that number is expected to rise to $265 billion by 2030. In 2021 37% of all businesses and organizations were hit by ransomware, 32% of the ransomware victims paid the ransom and got only 65% of their data back. More surprisingly, only 57% of businesses were successful recovering their data using a backup. That’s why Inc. reports that according to the National Cyber Security Alliance, ransomware can have a chilling effect on small businesses, as 60% of them go out of business within six months of a cyber breach.
The Internet of Things (IoT) is huge, and the interconnected devices run the gamut from laptops and mobile phones to refrigerators and smartwatches. AT&T Cybersecurity reports that Oracle estimates there are currently more than 7 billion connected IoT devices, and experts anticipate this figure to expand to 22 billion by 2025. This rapid growth of the IoT has increased the chances for cybercriminals to launch cyberattacks and data breaches. Since there are so many devices available, many with limited security features built in, this industry is extremely vulnerable to threats from bad actors.
The European Union has made the first move on adopting data protection regulations. The European Commission first drafted the General Data Protection Regulation (GDPR) in 2016. The regulation became active in 2018, providing rules designed to give EU citizens more control over their personal data. Since then, the GDPR has grown in influence as more countries outside of the EU apply it to their regions. The GDPR law aims to provide data security across the EU; and companies that sell to EU residents regardless of where they are located, must follow the regulations. With 99 individual articles, the GDPR is the strongest set of data protection rules in the world.
As remote work has become more entrenched, the need for more regulation on a worldwide basis will become the norm. There are predictions for cybersecurity regulations to get stricter with time, especially as decentralization of access becomes the norm. More importantly, companies might also be expected to undergo IT audits to ensure that they have taken appropriate measures to protect their networks against cyberattacks.
Over the past few years more and more companies have utilized the cloud to store their information. It is more cost efficient for a company to store information in the cloud then store it on their sites. Although proponents claim it’s secure, there are notable security data breaches. A well-known case involved Microsoft in 2021 when a denial-of-service attack made it difficult to access their cloud service. In their official statement, Microsoft said the attack only lasted 10 minutes and they were able to dodge the worst of it and keep things running. However, it just indicates how even leading companies like Microsoft that practice stringent cybersecurity protocols are not immune from attacks and how small firms and professionals who rely on the cloud can be affected by these attacks.
The supply chain that produces our fresh-tasting Thanksgiving dinners is one of the most fragile and fragmented of any industry–and one of the hardest to secure. Sam Curry disclosed on Twitter that he and a group of other white-hat hackers quietly spent 10 days in July 2022 discovering 100 unique vulnerabilities on farming machine giant John Deere’s corporate networks and websites, including exploits that would enable attackers to take over customer accounts or access employee credential information. The company has since patched everything, Curry added, but the exercise speaks to a much larger issue that’s picking up steam in the food and agriculture industry.
Within the last year, multiple food retailers and processing plants across the U.S. have been targeted by ransomware, prompting the FBI to alert the sector of the elevated risk and President Biden to recently sign an executive order protecting America’s food security. States, too, have taken action to protect their food and water from growing cyber threats, including recent action in California and Nebraska to develop response plans and educate farmers.
Mandiant’s 2023 cybersecurity forecast predicts more attacks by actors not associated with nation states or organized groups, motivated more by bragging rights than actual financial gain, more extortion attacks, and the possibility that Europe will overtake the United States as most targeted by ransomware, more destructive attacks, information operations and other cyber aggression from The Big Four: Russia, China, Iran and North Korea.
Is Machine Learning (ML) and Artificial Intelligence (AI) the answer? Well, some people think so. The recent evolution of cyber threats has brought the potential of AI and ML to the front and center of cybersecurity. Many organizations are adopting the power of technology to automate several aspects of their cybersecurity efforts, such as threat detection.
It’s true that automated programs, if trained well, can simplify various processes, and learn how to respond to threats. However, just like you wouldn’t rely on a machine to protect a physical site 24/7 without supervision, you wouldn’t expect your cybersecurity to be run 24/7 without any sort of monitoring or maintenance. Even highly integrated systems need to be monitored and maintained to ensure they’re working properly. That means well-trained humans must be in the loop.
However effective Machine Learning or AI might become, they do not solve all problems. At CYRIN we know that as technology changes, a cybersecurity professional needs to develop the skills to evolve with it. We offer that development with “hands-on” training and our courses teach fundamental solutions that integrate actual cyber tools from CYRIN’s labs that allow you to practice 24/7, in the cloud, no special software required. These tools and our virtual environment are perfect for a mobile, remote work force. People can train at their pace, with all the benefits of remote work, remote training, and flexibility. Cyber is a team effort; to see what our team can do for you take a look at our course catalog, or better yet, contact us for further information and your personalized demonstration of CYRIN. Take a test drive and see for yourself!