The 10 cyber security trends you need to know for 2023
Phoenix Software Limited
Utilising technology to enable UK organisations to innovate and transform. Outcome focused IT solutions and services.
Our industry specialists share their cyber security predications for the next 12-months and tell you how to prepare your organisation for 2023’s biggest cyber risks.
For cyber criminals, now is the perfect time to attack. From the war in Ukraine to the ransomware attack that impacted the NHS, cyber security incidents were at an all-time high in 2022. And with recovery from the Covid-19 pandemic still affecting businesses and inflation impacting organisations across the globe, our cyber security specialists expect to see new and innovative security challenges in 2023.
Discover the latest cyber security trends and find out how to prevent incidents impacting your organisation this year.
1. There will be increased awareness of device and application security misconfigurations
Microsoft’s cyber threat intelligence brief, Cyber Signals states that 80% of ransomware attacks can be traced back to common misconfigurations of software and devices .
We can protect against this by employing people and products to continuously monitor our device and application configurations. This could include an application patching managed service or vulnerability management products, such as Tenable, Qualys, Rapid7.
For device configuration, this is either a manual process that needs embedding into someone’s role or by using a product, such as Gytpol to continuously monitor the security configurations on devices.
2. There will be more targeted attacks on virtualised infrastructure
From 2021 to 2022 there was a significant increase in the number of attacks on virtualised infrastructure. Attackers are using new TTPs (tactics, techniques, and procedures) that enable them to deploy ransomware efficiently and at speed throughout a business environment. As virtualized environments are now a foundation of corporate environments this makes them a prime target.
Protect against this with proper network segmentation and by creating isolated networks of VLANs to host the management servers for virtualised infrastructure. Enhance the protection of these environments by implementing effective multi-factor authentication (MFA) and privileged access management (PAM) systems and solutions.
3. Higher value will be placed on testing cyber security environments
“More organisations are seeing the value of testing their existing security systems and processes. An ‘always assume breach’ mindset helps organisations to become familiar with security gaps and the associated risks. Regular pen testing, red teaming, and tabletop exercises validate an organisation’s security and response and provide insights into future required improvements.”
Jonny Scott, Vendor Alliance Manager, Phoenix
4. We’ll see greater investment in data protection
As data becomes their most valuable asset, we are seeing an increase in the amount of capital organisations are investing to protect it. Obtaining access to backup infrastructure is a common precursor to cyber criminals deploying ransomware to live infrastructure. Backups are the last line of defence and data security is more important than ever, which is why we will continue to see an increase in immutable, air gapped backup systems .
There is also more awareness of the shared responsibility models that hyper scalers employ when consuming their cloud services. Your data = your responsibility.
5. Cyber Assurance Framework (CFA) will become a foundation to public sector cyber security
“The NCSC appears to be backing CAF as its ‘go to’ framework in 2023. CAF is being pushed heavily onto local government and I predict that as a result of this, other areas of government, education, and the third sector will take note. CAF is a good middle ground between Cyber Essentials Plus – which is becoming increasingly more difficult to achieve – and ISO27001 – which requires a fully embedded, top down approach to information risk management.”
Jonny Scott, Vendor Alliance Manager, Phoenix
领英推荐
6. Cyber insurance costs and restrictions will continue to rise
“Last year we saw cyber insurance becoming more expensive and harder to obtain , and this will continue into 2023. The main point to take away from this is that the underwriters are taking on more risk than ever, which means that they accept the threat landscape is evolving and becoming more sophisticated. Because of this, organisations must understand their risk.
“Something we have seen several customers do recently is to opt for a ‘Bronze’ cyber insurance policy over a ‘Gold’ policy, giving them less coverage but still ticking boxes for critical assets and business units. They will then bridge the gap by layering an incident response retainer on top of that for additional assurance should they be breached.”
Vicki Sammons, Solutions Manager, Phoenix
7. The popularity of extended detection and response (XDR) services will increase
“We are seeing a huge increase in customers looking for a fully managed XDR service to assist them with the threats out there. The tech they are now getting access to is super comprehensive and they do not have the time or skill set internally to manage this risk and threat alone. We’re seeing this across multi vendors and not just one vendor alone protecting any customer.”
Stephanie Ireland, Microsoft Security Lead, Phoenix
8. A holistic approach to identity will become more prevalent
“As we have seen in America, MFA is now being legally enforced in certain sectors and that momentum continues to build. Identity is the new arena for cyber criminals as it can often be the easiest route in. Effective MFA, PAM, and identity and access management (IAM) systems can significantly reduce an organisation’s attack surface, particularly in a digital world.”
Jonny Scott, Vendor Alliance Manager, Phoenix
9. More organisations will utilise AI and machine learning to manage risk
This year, we expect to see a greater uptake in products that allow AI and machine leaning to dynamically manage risk for both external and internal threats. These technologies support organisations to more effectively detect and respond to cyber threats, and improve their overall security posture by identifying vulnerabilities and recommending remediation actions, automating repetitive tasks, and identifying potential attack patterns.
10. The introduction of new tools to support cloud security
“As more organisations adopt cloud services, we’re experiencing a greater uptake in cloud security features to help them act on threats more effectively. There is a growing need for tools and solutions that help to secure these environments, including cloud security posture management (CSPM) and cloud security information and event management (CSIEM).”
Stephanie Ireland, Microsoft Security Lead, Phoenix
Get support with your 2023 cyber security strategy
In 2023, understanding where the risks to your organisation are and how to mitigate and remediate them is essential for improving your overall security posture and reducing the costs associated with breaches.
Speak to our cyber security specialists today to find out more about our cyber security assessments and services.