The world of cybersecurity is dynamic. It quickly changes because cybercriminals are relentlessly persistent in their goal to breach organizations and steal valuable data. Many of the biggest threats aren’t new, but they evolve as hackers become smarter and the systems to stop them become stronger. In the year ahead, cyber professionals will have the daunting task of defending their domain. So, what cybersecurity trends are on the horizon for 2023, and what strategies will you need to avert them?
Let’s find out.
The Cybersecurity Trends: Existing and Emerging Threats Are on the Calendar
Can you confidently say your cyber team is ready for the rapid changes in cybersecurity and the threat landscape? It’s hard to be certain. In fact, 40% of chief security officers agree they are unprepared. They cite many different reasons—inadequate budgets, talent shortage, and the fast pace of innovation. These and any other barriers will always exist regardless of if you have a blank check and a room full of experts.
To achieve a higher level of confidence in your organization’s ability to defend its digital turf, you must understand what the landscape looks like and admit that you can’t stop everything. Proactive measures to address the risky trends ahead are ideal but not always possible. In the following list of trends, I’ll give you the bad news on risk along with some good news about what to do about it that looks different than what you’ll hear any other cyber experts say.
Hybrid Work Becomes the Norm, and Your Security Footprint Will Only Get Larger
Unsurprisingly, hybrid and remote work models are becoming the norm. Employees want flexibility and autonomy, and employers have to stay in tune with what they want to retain them. Cyber professionals, however, aren’t exactly thrilled with this. They, too, want to work remotely, but it’s expanded the security footprint of every organization.
It’s not the company-issued devices that are the weak link, as you still have control over those, ensuring that anti-malware and antivirus tools are running and that applications are up to date. The problem is personal device usage to check email, engage in chats, and access documents. That’s where incidents are most likely to occur, and you have no idea how protected these devices are or aren’t.
Connecting to networks with these devices could cause employees to be more susceptible to fall for phishing attacks, either by email or text message. These situations can also make a company more exposed to ransomware attacks. So, what is a cyber leader to do with the abundance of employees working from anywhere?
You can develop specific BYOD (bring your own device) rules and require that they use the Outlook App versus the email feature on smartphones. More stringent policies that exclude all personal devices are another option, but they will be met with lots of resistance.
Building a security-aware culture that your cyber employees spearhead could be a strategy that has more sustainability. It also requires your cyber staff to think like a typical user and explore what their day-to-day looks like regarding security. If your team has buy-in to this approach, it will be more authentic and resonate more than some top-down directive that most will disregard.
Persistent Phishing: Hackers Use Many Angles to Hook Users
You likely aren’t surprised that a variation of phishing is on the 2023 cybersecurity trends list. Hackers have become much more sophisticated in how they target phishing attacks. They narrowly focus on a specific organization and keep trying new approaches, hoping they eventually wear down a person’s defenses and get them to respond.
Persistent phishing is the new normal, and cyber criminals do more than just send you an email from a spoofed URL. There are elements of social engineering in these tactics, where a recipient wouldn’t think it odd to receive an email from a company they recently engaged.
These can work, but hackers are taking it to the next level by attempting to impersonate others from a company, often CEOs or other high-profile people, so the user will take notice and respond. Their common sense can out the door when they see an email that appears to be from the CEO.
Another new phishing tactic is sharing Google docs (or other public cloud storage) within emails, which can look legitimate. Many businesses use Google Drive as their file-sharing solution. Unfortunately, the security here is lax at best.
In the new era of persistent phishing, you’ll need to step up employee education to start. You can also use filtering tools to keep these emails from appearing in an inbox. AI tools can assist with this as well.
However, some things will get through your perimeter. Turn to your cyber team to manage this constant barrage of phishing scams and get their perspectives. Make this a regular discussion in team meetings. Look at your data and listen to your team. Not everyone is going to have a new idea. Many will just say to stay the course. You want your technical employees to be innovators, and you must create a space where that’s the culture. If you do, you may get some really good strategies to deploy to lessen the hook of phishing.
IoT Vulnerability Grows
No one would argue that IoT (Internet of Things) devices aren’t valuable. They are generating many quality data crucial in various sectors, from manufacturing to transportation to retail. However, these devices must connect to your network to access and aggregate that data. As a result, they’ve become a target for hackers to infiltrate an enterprise. The more devices you connect, the more potential for a backdoor to open for hackers.
The proliferation of IoT devices is now a part of many companies’ data strategies. The IoT devices consumers use have long had lax security measures in the name of convenience. In the commercial space, security has been more robust. The problem with IoT devices as a vulnerability often arises from the need for them to be interoperable with other applications. Connecting all these points can become burdensome, so there may be slips around security. Additionally, these devices aren’t always under the control of cybersecurity teams because they sit in warehouses, assets in the field, and store locations.
You need to have IoT security protocols in place, but what may be more important is confirming that the devices are continuing to abide by them. That will require your technical folks to communicate with non-technical employees in the field. They’ll need to ask questions and possibly go to the sites where they are. That’s outside the comfort zone of many, and one more reason why developing soft skills for cyber employees is critical. Without effective and consistent communication, you’ll just be counting the days until an IoT security incident occurs.
Hackers Are Still Hungry for Your Data
In most organizations, protecting assets is both digital and physical. The digital ones, being the data about customers, products, analytics, and everything else, have become much more valuable to criminals. The primary goal of hackers is to access your data and sell it. Data breaches are daily headlines now; there’s no surprise when we see the latest one.
Your organization has put all its efforts into protecting this data, but vulnerabilities still exist. It would be impossible to eliminate all of them. So, you’ve learned to live with risk, or have you? The biggest problem I’ve witnessed in my many years in cybersecurity is that those in charge of protecting your most valuable assets can’t admit that they don’t have all the answers. Many of them will do anything to hide uncertainty around this problem, and that mindset is dangerous.
If your cyber team can’t be honest that data breaches are still possible, they’ll be doing little to fortify your protections. They will be averse to applying new tools or strategies and unable to communicate and collaborate effectively. Hackers are the enemy, but the inside threat looms when you have employees that aren’t living in reality.
The best way to address this cybersecurity trend is by breaking norms and getting honest about who on your team is willing to grow and change their mindset. They may not fit the culture you want to cultivate if they can’t. They may have brilliant minds for technology, but their inability to think critically and with transparency means they are more of a risk than an asset.
Addressing Cybersecurity Trends Requires an Agile Team
The risks of modern business will only grow. Digital transformation is accelerating at light speed, and every organization wants to future-proof its technology and infrastructure. You should be on this path as well, with one major caveat. Even more important than the tools you use and the policies you set are the people behind them. You’ll be ahead of the curve if you have cyber talent on your team that’s agile and ready to pivot when needed.
You can learn how to develop this kind of team by following the Secure Methodology™, a seven-step process to help technical folks gain soft skills that can lead to an improved security posture. Learn all about it in my book, The Smartest Person in the Room.