Six trends shaping the cybersecurity landscape in 2023

By Rebecca Harper, Head of Cybersecurity Analysis, ISMS.online.

  • 1 year ago Posted in

As we move away from 2022 and into 2023, the key lesson that must be carried forward is that effective information and cyber security are now essential to business success. From data breaches to attacks caused by under-prioritised security systems, to avoid financial loss and reputational damage, businesses need to focus on protecting and managing their security and risk falling behind. As a result, these are six trends we see rising in 2023.

1. Greater global alignment on information and data privacy regulations

When businesses wish to enter foreign markets, they usually encounter various regulatory frameworks, many of which are opposed to one another. Instead of improving data protection and privacy, this often means a more significant workload for companies.

A more efficient approach is regulatory alignment on information, privacy and data protection across borders, as well as removing global trade barriers. As data protection laws continue to improve, so too will the trust between actors in the global supply chains. Importantly, a more homogenous approach to regulation will reduce data duplication and the risk of data compromise. A more significant interaction between frameworks will naturally promote security and privacy, a fundamental tenet of robust information security.

2. Privacy-led compliance landscape to achieve better information security

The last decade saw information security dominate the discourse, but the tide is now turning with the proliferation of data privacy legislation. Many countries that are adopting more stringent data protection regulations will be prioritising a “privacy-first” approach, primarily out of necessity.

Additionally, the most significant data platforms in the world – namely Google and Apple – are also intensifying their privacy-first measures. The former is stopping third-party cookies in 2023, while the latter has incorporated privacy protection features since 2021 – beginning with the App Tracking Transparency of iOS 14.5. We see more organisations adopting regulatory frameworks such as ISO 27001 and ISO 27701 to drive this further.

Elsewhere, the EU’s General Data Protection Regulation (GDPR)’s standards are also driving greater adoption – any company wishing to operate within the EU needs to demonstrate GDPR compliance in advance.

3. A future without passwords

Organisations are increasingly finding that eschewing passwords for access management is the best way to combat phishing – we see this increasing in 2023. A passwordless approach will also mean a marked shift in how we think about phishing-resistant authentication.

This is advantageous to both customers and organisations. Firstly, it negates the risk of password breaches and credential-stuffing attacks. Importantly, it also saves time – employees no longer need to spend hours resetting forgotten passwords and usernames. But this approach carries its own risks and will require tight security controls, identity access management practices, and adopting a zero-trust policy.

4. Creative tactics to address the cybersecurity skills gap

Many organisations currently have a cybersecurity skills deficit, which poses a challenge when dealing with risk. In 2023, we predict businesses will recruit niche cyber talent and leverage outsourcing. However, they will need to take a strategic, creative approach to hiring. Namely, they need to widen their search and look further than just degrees and training.

To maximise retention, new hires must be continuously trained. A business should adopt a “compulsory learning” culture if it is serious about reducing cyber risk. Outsourcing can then be utilised by supplementing existing in-house knowledge and talent – this will likely be an essential element of cybersecurity strategies. An advantage to this is that it reduces the team’s workload, giving them time to hone their skills.

5. Continued supply chain problems

Cybercriminals will further exploit supply chains both for financial reasons and as a means of political attack – the latter is especially true for attacks on critical national infrastructure. Among the most vulnerable sectors are healthcare, energy, finance and transport. This poses a significant threat not just to information security and data privacy challenges but also to the lives of citizens. Recent attacks on major conglomerates’ supply chains have shown that this will continue unless the correct information and data security protocols are implemented.

To safeguard against this, organisations must further improve supply chain security and risk management protocols. They will need to prove the strength of their security protocols if they want to retain and win clients – the reputational risk of not doing so is too great. A robust information security framework and management system are some of the bedrock tools that will enable organisations to defend their supply chains against cyber-attacks.

6. More risk in the IoT landscape

The last decade has seen extensive growth in the Internet of Things (IoT) sector. Gartner has predicted that IoT devices will outnumber humans by a ratio of three to one by the end of 2023 – and these new devices will require adequate security. New measures like the EU’s Cyber Resilience Act will alleviate this by setting minimum cybersecurity requirements for all products sold within its borders. However, this will not take effect until 2025.

For now, businesses should update information security policies and cybersecurity protocols related to connected devices, IoT or otherwise. More monitoring and careful patching are needed to lessen device vulnerabilities and improve incident response times.

New approaches to cybersecurity

Establishing a robust cybersecurity network is vital in 2023 and requires a multi-pronged approach. Countries adopting stricter privacy regulations will further accelerate a pre-existing shift in this direction among tech companies. Businesses will also need to strengthen their infrastructure to protect increasingly vulnerable supply chains, as well as leverage the right combination of outsourcing, new hiring, and internal skills development to maximise their resilience.

By Darren Thomson, Field CTO EMEAI, Commvault.
By Oliver Feiler, Head of Global Alliances and Strategic Partnerships EMEA, Nozomi Networks and...
By David Higgins, EMEA Technical Director at CyberArk.
By Manuel Sanchez, Information Security and Compliance Specialist, iManage.
Anita Mavridis, VP of Product at Zivver, and Sue Musumeci, Director of Quality & Clinical...
By Danny Lopez, CEO of Glasswall.
Nadir Izrael, Co-Founder and CTO at Armis discusses the importance of critical infrastructure...
By Darren Thomson, Field CTO EMEAI at Commvault.