Right now, 2023 is a blank slate. While the last few years have shown us we can never plan for all scenarios, understanding current cybersecurity challenges can help you prepare for next year.

When you know what is likely on the horizon, you can be ready to meet future challenges. You can create a budget with money allocated to critical areas and hire staff with the skills to combat expected threats. Perhaps most importantly, you can also begin training your staff to prevent common attacks.

Many security professionals have noted some of the biggest threats organizations will likely face in 2023. Here are the four top cybersecurity threats to be aware of in 2023 and, most importantly, how to prepare for them.

1. Security by Obscurity

Large global enterprises and critical infrastructure organizations know they are attractive targets for cybersecurity criminals and spend a lot of time and money reducing those risks. It’s tempting for everyone else to assume they are too small to be a target. While that may have once been true, it’s no longer the case. In fact, most of the businesses that experience cyberattacks are small to medium-sized companies. Ransomware attacks now focus on how much the business will pay — not the organization’s size.

Businesses that assume they won’t be breached are far more likely to find themselves in that very situation. When you think you aren’t at risk, you don’t devote the resources, money and training to protect your business. Every single organization should assume that becoming the victim of a cyberattack is a “when, not if” situation — and then make the business decisions to stay protected, regardless of your size or perceived value to cybersecurity criminals.

2. Supply Chain Attacks

All businesses rely on other companies for products and services. Unfortunately, you also inherit every single cybersecurity risk and vulnerability of your supply chain. While you can control what happens in your own infrastructure, there is no control or even visibility into what is happening with your vendors. According to the IBM 2022 Cost of a Breach Report, 19% of all breaches are supply chain attacks. The average cost of a supply chain compromise was $4.46 million, slightly more than the average cost of a breach.

Despite these challenges, you can still take steps to protect yourself. Start with a cybersecurity audit of all vendors to fully understand the risks of each one. When deciding to do business with a vendor, consider the amount of risk your organization is willing to accept. Next, you can use a zero trust approach to limit the damage of a supply chain attack. By only providing vendors with the accesses necessary for business purposes, you can limit the amount of possible damage. For example, when you use micro-segmentation, vendors and their products can only access the absolute smallest portion of the network possible. If malicious code is delivered in a software update, the damage will be limited to that tiny portion of the infrastructure.

3. Collaboration Among Threat Actors

Instead of individual groups targeting organizations on their own, cyber criminals are banding together. This means that criminals share expertise, resources and insider knowledge. For example, Ransomware-as-a-Service is now on the market. Groups are selling their ransomware for a cut of the profits, giving more criminals access to the best hacking tools in the world.

There is power in numbers, and cyber criminals are now taking advantage of that fact. This isn’t an easy challenge to overcome. As a result, organizations need to keep cybersecurity a top business priority. As threat actors work together, arrests and disbandments will not prevent groups from re-forming or passing their knowledge on to others. Threats will only increase — in number and sophistication — as these collaborations continue.

4. Reactive Network Defense

In the past, cybersecurity focused on protecting the perimeter and then reacting to attacks. This strategy is no longer effective. With hybrid and remote work, there is no longer a set perimeter to defend. Additionally, the increasing number and sophistication of attacks make it nearly impossible to stop all threats. Organizations that are still in reactive mode are fighting a losing battle.

It’s not easy to change decades of mindset and infrastructure, but moving from a reactive to a proactive approach has multiple benefits. With this mindset, organizations can even prevent many attacks from happening in the first place. Using a zero trust approach, you can reduce non-credentialed or stolen credentials users or devices from accessing the network. And if someone slips through, you can significantly reduce the damage they cause. Organizations without a zero trust approach experienced $5.40 million in average breach costs — more than $1 million higher than the global average, according to the 2022 IBM Cost of a Breach Report.

Expect the Unexpected

No doubt 2023 will have its own share of surprises. There will be new threats, new technology and new business challenges that we may not see coming. But when you’re prepared for the majority of risks, it’s easier to make the changes needed when surprises occur. If you proactively plan for everything you possibly can, you’ll only react to the unexpected.

The last few weeks of the year are busy — really busy. But by taking the time to review your current plans for 2023 and consider your vulnerabilities and risk, you can make sure that your organization is prepared for whatever 2023 brings.

More from News

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…

Malware-as-a-Service Flaunts Its Tally of Users and Victims

As time passes, the security landscape keeps getting stranger and scarier. How long did the “not if, but when” mentality towards cyberattacks last — a few years, maybe? Now, security pros think in terms of how often will their organization be attacked and at what cost. Or they consider how the difference between legitimate Software-as-a-Service (SaaS) brands and Malware-as-a-Service (MaaS) gangs keeps getting blurrier. MaaS operators provide web-based services, slick UX, tiered subscriptions, newsletters and Telegram channels that keep users…

New Survey Shows Burnout May Lead to Attrition

For many organizations and the cybersecurity industry as a whole, improving retention and reducing the skills gap is a top priority. Mimecast’s The State of Ransomware Readiness 2022: Reducing the Personal and Business Cost points to another growing concern — burnout that leads to attrition. Without skilled employees, organizations cannot protect their data and infrastructure from increasing cybersecurity attacks. According to Mimecast’s report, 77% of cybersecurity leaders say the number of cyberattacks against their company has increased or stayed the…

Alleged FBI Database Breach Exposes Agents and InfraGard

Recently the feds suffered a big hack, not once, but twice. First, the FBI-run InfraGard program suffered a breach. InfraGard aims to strengthen partnerships with the private sector to share information about cyber and physical threats. That organization experienced a major breach in early December, according to a KrebsOnSecurity report. Allegedly, the InfraGard database — containing contact information of over 80,000 members — appeared up for sale on a cyber crime forum. Also, the hackers have reportedly been communicating with…