Last year was challenging for businesses in terms of cyber security. Globally, more than 4000 data breaches occurred in 2022 and companies were forced to increase their cyber security budget, according to cyber security advisory KuppingerCole.
Following the major cyber attacks on Medibank and Optus that captured public attention, businesses are on edge and are upping their efforts to protect business and customer assets.
Entering 2023, cyber security is set to be an ongoing issue.
"We can't predict the future, but one certainty remains: the number of cyber attacks will continue to increase in 2023," KuppingerCole said.
"The costs of cyber attacks will also increase due to several factors: worldwide inflation, energy crisis, geopolitical conflicts, and expansion of the organisations' attack surfaces.
"On the other hand, crises can sometimes be seen as opportunities, leading security vendors to innovate in order to provide better products and services. Moreover, organisations will demand new and more powerful solutions to face cyberattacks and reduce the risks."
Challenges and opportunities
While the pandemic has changed the daily reality of many workers, there has been a certain democratisation of the concept of work from anywhere (WFA), according to KuppingerCole.
Securing employee and contractor equipment outside of the office will continue to be a challenge for cyber security teams.
“Human errors, vulnerable networks and systems, as well as lack of training contribute to increasing the attack surface," KuppingerCole said.
"Nevertheless, there are some options to maximise protection, such as the use of VPNs. But these solutions come at a cost, leading companies to face increasing cybersecurity costs."
Coincidentally, KuppingerCole says implementing solutions is difficult for organisations due to the shortage and lack of training of cyber security professionals worldwide.
"Some massive cyberattacks occurred because of insufficient technical and human resources available to deploy and maintain security infrastructure and respond to security incidents.
"This has forced some companies to look for qualified staff in disparate locations around the world."
Phishing attacks
The current landscape in 2023 also will see increased threats to businesses, especially from phishing attacks, according to KuppingerCole.
Phishing attacks are becoming both more prevalent and more difficult to discern from legitimate communications.
"Attackers use publicly available information to carefully craft messages that seem authentic. For example, emails purporting to be from CEOs or managers asking for urgent help is one of the most common attacks," KuppingerCole explained.
"Some organisations are employing old-fashioned codewords that are only shared in person that can later be used to authenticate suspicious orders."
"All organisations must provide cybersecurity awareness training to employees due to increasing phishing and ransomware attacks.”
Another key trend is the continued adoption of zero trust architecture (ZTA) which has become a mature concept and has been instantiated in many products. There is no single product that provides complete ZTA, but many products are available that can enable organisations to assemble robust defences that embody ZTA, KuppingerCole said.
In the identity and access management sector, passwordless authentication solutions can help reduce the risk of phishing and credential compromises while improving the user experience.
"This solution is starting to get more and more widely accepted as traditional passwords struggle to respond to a rapidly changing threat landscape," KuppingerCole said.
“Secure Access Service Edge (SASE) solutions also aim to consolidate security and networking products and services to help organisations meet the challenges of WFA and remote facility connectivity.”
Protect your business
Need help protecting your business? My Business Cyber offers a complete solution to test, train and measure awareness, reducing the risk of human error. Protect your business from cyber scams and attacks with automated staff training, phishing simulations, tools, and resources.
