The cybersecurity landscape is more challenging and complex than ever before. The development of intelligent new technologies means threats to organizations are evolving faster and security teams are under constant pressure to adapt to the ever-changing environment.
According to Gartner, 88% of board members or stakeholders say cybersecurity is no longer an issue exclusive to IT professionals, it’s a business risk rather than solely a technical problem. So much so, further research suggests that 50% of C-suite executives will have performance requirements related to cybersecurity risk built into their employment contracts by 2026.
With this in mind, we asked our team of experts to each spotlight an emerging threat topic that businesses need to be aware of as they plan for the year ahead and beyond. Here’s what they said.
The convergence of information technology (IT) and operational technology (OT) in industry will be a hot topic this year. Many believe that IT and OT will soon merge into a common domain. This assumption is misleading, however, as the two are fundamentally different.
IT security controls focus on the protection of information as the critical asset, whereas OT security controls seek to ensure that process integrity and functional safety requirements are being delivered.
As we move forward, the conversation should instead focus on IT and OT as a collaboration rather than convergence. Industry requires a deep, cross-functional approach that combines know-how, data, and technology to make operations truly digital environments.
It’s not realistic to force a blend of both, as they often have incompatible system protocols and security models. Instead, you may want a method for OT data to be read from IT assets, whilst ensuring that an IT compromise doesn’t impact the safe and secure operation of the work environment.
Whatever else happens in 2023, we’ll be advising our clients to seek collaboration, not convergence, between their IT and OT environments.
The adoption of cloud computing platforms has become increasingly popular in recent years and this will continue as we move ahead. The convenience of cloud computing is appealing to many organizations, as data is accessible anytime, anywhere. However, with convenience also comes risk. As a result, I believe we’ll start to see more cloud-related challenges emerge.
For example, with increasing amounts of sensitive data stored and processed in cloud-based applications, the opportunities grow for bad actors to target mobile phones, laptops, VPNs and other private networks to steal this sensitive information or disrupt services.
This is why it’s crucial for organizations to focus on protecting the sensitive data they have stored in the cloud by using encryption, access controls, and network segmentation. Additionally, organizations should implement security best practices, such as multi-factor authentication, monitoring and logging of cloud activity, and regular security assessments.
2023 has seen a rapid acceleration in the adoption and advancement of artificial learning (AI) and machine learning (ML). For example, Generative AI platform, ChatGTP, had one of the fastest adoption rates in history with over 100 million users in just two months.
I believe tools such as AI and ML will play a crucial role in helping organizations protect themselves as cyber threats evolve and become more complex. Especially as they already have the capabilities to write code and provide remediation.
By implementing technologies that can automatically analyze large amounts of data and identify patterns that indicate malicious activity, it is easier to detect and respond to cyber attacks. However, it’s important to note that bad actors can also use AI and ML to launch attacks, such as phishing campaigns that are harder to detect, or malware that evades traditional security measures.
The year ahead will see a greater focus on organizations developing their understanding of AI and ML and how it fits within cybersecurity strategy moving forward.
Cybercriminals are always looking for new ways to exploit people or organizations, and it looks like one of the most common cyber attacks of previous years is evolving. Email phishing has long been the chosen tactic of many hackers but now they seem to be shifting their attention to social engineering via apps such as WhatsApp, Microsoft Teams and Instagram.
What’s the reason for this change in focus? Well, unfortunately, with over two billion accounts and 75 million worldwide users, social platforms such as WhatsApp are prime targets for phishing scams. In 2022 US citizens alone lost more than $770 million to social media scams and I believe this number will only increase in the year ahead.
The shift to hybrid working and surge in workforces utilizing instant messaging platforms as their go-to method of communication means they’re an attractive proposition for hackers. Using social engineering to garner one person’s login credentials could mean access to an organization’s entire network.
We may well be seeing the death of email phishing, but it’s being replaced by even more sophisticated attack vectors. Ensuring you have a robust third-party risk management strategy in place should be a priority for 2023.
As attack surfaces continue to increase and threat actors become more sophisticated, security teams will once again be under pressure to keep pace in 2023. Organizations need to be vigilant, and have a robust strategy in place. If in doubt, seek the advice of security experts.