December 21, 2022 By Jennifer Gregory 4 min read

Right now, 2023 is a blank slate. While the last few years have shown us we can never plan for all scenarios, understanding current cybersecurity challenges can help you prepare for next year.

When you know what is likely on the horizon, you can be ready to meet future challenges. You can create a budget with money allocated to critical areas and hire staff with the skills to combat expected threats. Perhaps most importantly, you can also begin training your staff to prevent common attacks.

Many security professionals have noted some of the biggest threats organizations will likely face in 2023. Here are the four top cybersecurity threats to be aware of in 2023 and, most importantly, how to prepare for them.

1. Security by obscurity

Large global enterprises and critical infrastructure organizations know they are attractive targets for cybersecurity criminals and spend a lot of time and money reducing those risks. It’s tempting for everyone else to assume they are too small to be a target. While that may have once been true, it’s no longer the case. In fact, most of the businesses that experience cyberattacks are small to medium-sized companies. Ransomware attacks now focus on how much the business will pay — not the organization’s size.

Businesses that assume they won’t be breached are far more likely to find themselves in that very situation. When you think you aren’t at risk, you don’t devote the resources, money and training to protect your business. Every single organization should assume that becoming the victim of a cyberattack is a “when, not if” situation — and then make the business decisions to stay protected, regardless of your size or perceived value to cybersecurity criminals.

2. Supply chain attacks

All businesses rely on other companies for products and services. Unfortunately, you also inherit every single cybersecurity risk and vulnerability of your supply chain. While you can control what happens in your own infrastructure, there is no control or even visibility into what is happening with your vendors. According to the IBM 2022 Cost of a Breach Report, 19% of all breaches are supply chain attacks. The average cost of a supply chain compromise was $4.46 million, slightly more than the average cost of a breach.

Despite these challenges, you can still take steps to protect yourself. Start with a cybersecurity audit of all vendors to fully understand the risks of each one. When deciding to do business with a vendor, consider the amount of risk your organization is willing to accept. Next, you can use a zero trust approach to limit the damage of a supply chain attack. By only providing vendors with the accesses necessary for business purposes, you can limit the amount of possible damage. For example, when you use micro-segmentation, vendors and their products can only access the absolute smallest portion of the network possible. If malicious code is delivered in a software update, the damage will be limited to that tiny portion of the infrastructure.

3. Collaboration among threat actors

Instead of individual groups targeting organizations on their own, cyber criminals are banding together. This means that criminals share expertise, resources and insider knowledge. For example, Ransomware-as-a-Service is now on the market. Groups are selling their ransomware for a cut of the profits, giving more criminals access to the best hacking tools in the world.

There is power in numbers, and cyber criminals are now taking advantage of that fact. This isn’t an easy challenge to overcome. As a result, organizations need to keep cybersecurity a top business priority. As threat actors work together, arrests and disbandments will not prevent groups from re-forming or passing their knowledge on to others. Threats will only increase — in number and sophistication — as these collaborations continue.

4. Reactive network defense

In the past, cybersecurity focused on protecting the perimeter and then reacting to attacks. This strategy is no longer effective. With hybrid and remote work, there is no longer a set perimeter to defend. Additionally, the increasing number and sophistication of attacks make it nearly impossible to stop all threats. Organizations that are still in reactive mode are fighting a losing battle.

It’s not easy to change decades of mindset and infrastructure, but moving from a reactive to a proactive approach has multiple benefits. With this mindset, organizations can even prevent many attacks from happening in the first place. Using a zero trust approach, you can reduce non-credentialed or stolen credentials users or devices from accessing the network. And if someone slips through, you can significantly reduce the damage they cause. Organizations without a zero trust approach experienced $5.40 million in average breach costs — more than $1 million higher than the global average, according to the 2022 IBM Cost of a Breach Report.

Expect the unexpected

No doubt 2023 will have its own share of surprises. There will be new threats, new technology and new business challenges that we may not see coming. But when you’re prepared for the majority of risks, it’s easier to make the changes needed when surprises occur. If you proactively plan for everything you possibly can, you’ll only react to the unexpected.

The last few weeks of the year are busy — really busy. But by taking the time to review your current plans for 2023 and consider your vulnerabilities and risk, you can make sure that your organization is prepared for whatever 2023 brings.

More from News

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

CISA and FBI release secure by design alert on cross-site scripting 

3 min read - CISA and the FBI are increasingly focusing on proactive cybersecurity and cyber resilience measures. Conjointly, the agencies recently released a new Secure by Design alert aimed at eliminating cross-site Scripting (XSS) vulnerabilities, which have long been exploited to compromise both data and user trust. Cross-site scripting vulnerabilities occur when a web application improperly handles user input, allowing attackers to inject malicious scripts into web pages that are then executed by unsuspecting users. These vulnerabilities are dangerous because they don't attack…

Has BlackCat returned as Cicada3301? Maybe.

4 min read - In 2022, BlackCat ransomware (also known as ALPHV) was among the top malware types tracked by IBM X-Force. The following year, the threat actor group added new tools and tactics to enhance BlackCat's impact. The effort paid off — literally. In March 2024, BlackCat successfully compromised Change Healthcare and received a ransom payment of $22 million in Bitcoin. But here's where things get weird: Immediately after taking payment, BlackCat closed its doors, citing "the feds" as the reason for the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today