Light Dark
December 21, 2022 By Jennifer Gregory 4 min read
News

Right now, 2023 is a blank slate. While the last few years have shown us we can never plan for all scenarios, understanding current cybersecurity challenges can help you prepare for next year.

When you know what is likely on the horizon, you can be ready to meet future challenges. You can create a budget with money allocated to critical areas and hire staff with the skills to combat expected threats. Perhaps most importantly, you can also begin training your staff to prevent common attacks.

Many security professionals have noted some of the biggest threats organizations will likely face in 2023. Here are the four top cybersecurity threats to be aware of in 2023 and, most importantly, how to prepare for them.

1. Security by obscurity

Large global enterprises and critical infrastructure organizations know they are attractive targets for cybersecurity criminals and spend a lot of time and money reducing those risks. It’s tempting for everyone else to assume they are too small to be a target. While that may have once been true, it’s no longer the case. In fact, most of the businesses that experience cyberattacks are small to medium-sized companies. Ransomware attacks now focus on how much the business will pay — not the organization’s size.

Businesses that assume they won’t be breached are far more likely to find themselves in that very situation. When you think you aren’t at risk, you don’t devote the resources, money and training to protect your business. Every single organization should assume that becoming the victim of a cyberattack is a “when, not if” situation — and then make the business decisions to stay protected, regardless of your size or perceived value to cybersecurity criminals.

2. Supply chain attacks

All businesses rely on other companies for products and services. Unfortunately, you also inherit every single cybersecurity risk and vulnerability of your supply chain. While you can control what happens in your own infrastructure, there is no control or even visibility into what is happening with your vendors. According to the IBM 2022 Cost of a Breach Report, 19% of all breaches are supply chain attacks. The average cost of a supply chain compromise was $4.46 million, slightly more than the average cost of a breach.

Despite these challenges, you can still take steps to protect yourself. Start with a cybersecurity audit of all vendors to fully understand the risks of each one. When deciding to do business with a vendor, consider the amount of risk your organization is willing to accept. Next, you can use a zero trust approach to limit the damage of a supply chain attack. By only providing vendors with the accesses necessary for business purposes, you can limit the amount of possible damage. For example, when you use micro-segmentation, vendors and their products can only access the absolute smallest portion of the network possible. If malicious code is delivered in a software update, the damage will be limited to that tiny portion of the infrastructure.

3. Collaboration among threat actors

Instead of individual groups targeting organizations on their own, cyber criminals are banding together. This means that criminals share expertise, resources and insider knowledge. For example, Ransomware-as-a-Service is now on the market. Groups are selling their ransomware for a cut of the profits, giving more criminals access to the best hacking tools in the world.

There is power in numbers, and cyber criminals are now taking advantage of that fact. This isn’t an easy challenge to overcome. As a result, organizations need to keep cybersecurity a top business priority. As threat actors work together, arrests and disbandments will not prevent groups from re-forming or passing their knowledge on to others. Threats will only increase — in number and sophistication — as these collaborations continue.

4. Reactive network defense

In the past, cybersecurity focused on protecting the perimeter and then reacting to attacks. This strategy is no longer effective. With hybrid and remote work, there is no longer a set perimeter to defend. Additionally, the increasing number and sophistication of attacks make it nearly impossible to stop all threats. Organizations that are still in reactive mode are fighting a losing battle.

It’s not easy to change decades of mindset and infrastructure, but moving from a reactive to a proactive approach has multiple benefits. With this mindset, organizations can even prevent many attacks from happening in the first place. Using a zero trust approach, you can reduce non-credentialed or stolen credentials users or devices from accessing the network. And if someone slips through, you can significantly reduce the damage they cause. Organizations without a zero trust approach experienced $5.40 million in average breach costs — more than $1 million higher than the global average, according to the 2022 IBM Cost of a Breach Report.

Expect the unexpected

No doubt 2023 will have its own share of surprises. There will be new threats, new technology and new business challenges that we may not see coming. But when you’re prepared for the majority of risks, it’s easier to make the changes needed when surprises occur. If you proactively plan for everything you possibly can, you’ll only react to the unexpected.

The last few weeks of the year are busy — really busy. But by taking the time to review your current plans for 2023 and consider your vulnerabilities and risk, you can make sure that your organization is prepared for whatever 2023 brings.

 |  |  |  |  |  |  |  |  |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
July 23, 2024

Recent CrowdStrike outage: What you should know

3 min read - On Friday, July 19, 2024, nearly 8.5 million Microsoft devices were affected by a faulty system update, causing a major outage of businesses and services worldwide. This equates to nearly 1% of all Microsoft systems globally and has led to significant disruptions to airlines, police departments, banks, hospitals, emergency call centers and hundreds of thousands of other private and public businesses. What caused this outage in Microsoft systems? The global outage of specific Microsoft-enabled systems and servers was isolated to…

July 22, 2024

White House mandates stricter cybersecurity for R&D institutions

2 min read - Federal cyber regulation is edging further into research and development (R&D) and higher education. A recent memo from the Office of Science and Technology Policy (OSTP) states that certain covered institutions will be required to implement cybersecurity programs for R&D security. These mandates will also apply to institutions of higher education that support R&D. Beyond strengthening the overall U.S. security posture, this move is also in direct response to growing threats posed by the People's Republic of China (PRC), as…

July 19, 2024

New memo reveals Biden’s cybersecurity priorities through fiscal year 2026

2 min read - On July 10, 2024, the White House released a new memo regarding the Biden administration’s cybersecurity investment priorities, initially proposed in July 2022. This new memorandum now marks the third time the Office of the National Cyber Director (ONCD), headed by Harry Coker, has released updated priorities and outlined procedures regarding the five core pillars of the National Cybersecurity Strategy Implementation Plan (NCSIP), now relevant through fiscal year 2026. Key highlights from the FY26 memorandum In the latest annual version…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature