From reassessing cybersecurity measures which were put in place during the pandemic and understanding how to recover from a cyberattack, to revised legislation, Distology highlights the biggest trends which will impact the cybersecurity space in 2023.
Recent research from the specialist IT cybersecurity distributor found that more than a third (36%) of IT leaders believe that attacks becoming more sophisticated and targeted in nature will be the biggest disrupter of the cybersecurity sphere over the next five years. For this reason, experts at Distology are predicting 2023 will be a year of consolidating cybersecurity solutions to ensure organizations are protected.
Rule-Based security protocols
Some of the top trends in 2023, according to Distology, include:
Reassessing cybersecurity solutions post-pandemic: Email security, cloud security, API, XDR and even backup and recovery solutions all need to be reassessed now that hybrid working is here to stay and the cyber threats are more dynamic now.
Setting up simple rule-based security protocols isn’t enough to keep up with the threats
Setting up simple rule-based security protocols isn’t enough to keep up with the threats, let alone the future. The winning formula builds on traditional defences with artificial intelligence, human intelligence (SOC based analysts), and user communities all combining together to create organization-specific context.
Cyber incident response
Preparing to recover will be key: Over the last three years, the way people work, shop and spend has changed considerably so, if it hasn’t been done already, organizations should be putting time in to explore disaster recovery, business continuity and cyber incident response policies and procedures.
Aside from documentation, IT leaders should also be considering the support they have lined up for cyber incident response. Solutions such as Check Point or WithSecure help put out fires and can even go as far as helping organizations to get back up and running after an attack.
After any form of cyberattack, recovering systems is crucial, so organizations should also consider having a backup and recovery solution (and even better, a backup and recovery service, like Harbor Solutions) in place, otherwise IT leaders are on their own when it comes to recovering systems.
Reviewing email security
They need to ensure they have enough of the right technology and services in place
Quality over quantity: Although it’s clear IT leaders will have to shift their focus in 2023, this doesn’t necessarily mean spending more on cybersecurity solutions. Instead, they need to ensure they have enough of the right technology and services in place to help protect the business and help it recover should the worst occur.
Organizations considering making changes to their cybersecurity strategy need to have identity and access management at the top of their agenda, as everything flows from here.
Reviewing email security platforms is also important as phishing is getting more sophisticated by the day, ransomware attacks are costing hundreds of thousands and dark web cybercrime-as-a-service are increasingly easy and cost effective to subscribe to (Splunk Data Security Predictions 2023).
Incorporate artificial intelligence
For this reason, organizations should be ensuring that their cybersecurity platform investments incorporate artificial intelligence and human intelligence as much as possible, as this will deliver more holistic protection and assistance should an attack or breach occur.
IT organizations should also ensure their business leaders are prepared on all fronts
Lastly, IT organizations should also ensure their business leaders are prepared on all fronts – business risk management now firmly sits in the digital domain as much as the physical.
This means knowing what solutions are in place, what part they play in a business continuity plan, how well-trained people are and how well planned the organization’s response to incident and recovery is.
Supply chain cybersecurity management
Increased legislation: As the world gets used to the new ways of working, legislation is having to adapt. The UK’s National Cyber Security Center (NCSC) has already revised its Cyber Essentials+ program and the EU has also released some guidance around cyber recovery, which will help inform and prepare organizations should they need to recover from an attack.
Over the next 12 months, the industry will start to see these legislations and restrictions trickle down in to their organization, while IT leaders will face more pressure when it comes to supply chain cybersecurity management and assurances – this is where, in the UK, Cyber Essentials+ will really help.
Many organizations will need ISO27001 compliance, or at least alignment, and, if operating within or with US companies, SOC2 is a must. New, SME-centric, innovative security compliance automation platforms, like Drata, will help organizations ensure they’re compliant with updated legislations on an ongoing basis. These platforms also offer a high level of efficiency.
Top-down organizational readiness
Cybersecurity needs to form part of all organizational culture in the same way"
“As we enter the new year, there will be a need across the board for general revisions to cybersecurity strategies and policies to ensure organizations are protected and prepared in 2023.”
“Ultimately there will be new cybersecurity threats appearing in 2023 which IT leaders need to be prepared for. However, the biggest threat will always be the well-meaning insider – whether it’s something silly they do, or they’re compromised by a threat actor, the focus is to breach organizations via their people. With cyber resilience high on the agenda, the second level of threat is top-down organizational readiness. To achieve this, cybersecurity needs to form part of all organizational culture in the same way that physical security has for decades.”
Organizations clear guidance
“For this reason, it’s positive to see that legislation, guidance and training is changing to align with the ever-evolving threat landscape. When it comes to legislations, there are some which are in place which we’ve grown used to, such as ISO27001 and UK-GDPR, and these give organizations clear guidance on what they need to do to protect themselves, their people, their customers and their data from breaches, so the upgrades to legislation will only bolster this understanding,” comments Lance Williams, Chief Product Officer at Distology.