With technology evolving more rapidly than ever before and businesses still adjusting to lessons learned during the pandemic, a year in cybersecurity can feel like a decade. 2022 brought about frightening attacks across the globe. Examples of massive attacks include an attack that disrupted an entire country and a war with a digital background. An activism-motivated attack featured denial of service condemning protests. In the background, a barrage of financially motivated attacks continues to target businesses of all sizes in every industry.
Through a wide lens, cyber attack severity reached new heights with the average cost of a data breach reaching $9.44 million and cyberattack costs in healthcare rising 42% since 2020. Stolen or compromised credentials have become the most common form of attack making threats harder to detect and costing more than average data breaches.
A closer look at specific attacks in 2022 suggests that destructive attacks are being used to achieve all types of goals including financial gain, activism, and nation-state goals. The year kicked off with Russia's cyber attacks on Ukraine designed to disrupt services. In May, a shocking attack forced government officials in Costa Rica to declare a national emergency when months-long attacks targeted health systems, national businesses, and other institutions with millions in ransom demands. 2022 marked the 12th year that healthcare was the most targeted industry by cyber attackers, and the sector was hit particularly hard. Data breaches leaked sensitive information of millions of patients and cost billions in ransom payments and downtime. As the war in Ukraine continued, destructive cyberattacks targeted core services and Ukrainian forces fought back using disruptive attacks against invaders. Other memorable attacks included a massive distributed denial of service (DDoS) attack on Google, a ransomware attack on the biggest semiconductor chip manufacturer in the world, and a DDoS attack condemning trucker-led demonstrations.
As businesses look toward 2023, cybersecurity is no longer an IT issue. It's a major business necessity that has become top priority at every organizational level. The remote work culture that began as a pandemic necessity is here to stay, with many businesses adopting hybrid workforce models. As a result digitization, cloud transformation, and an increase in remote and IoT devices invite potential risks.
Economic uncertainty will add to security risks as cutbacks and job cuts limit security investments. After the collapse of cryptocurrency exchange FTX, cryptocurrency scams are likely to increase in the coming year as well. The sophistication of impersonation attacks and deep fakes are expected to continue to evolve, making new attacks harder to spot, and ultimately more effective. These escalating trends in attacks will be met with an evolving set of cybersecurity tools and techniques that work to eradicate new threats and dismantle attacks before they cause damage.
These are some of the advancing cybersecurity technology trends you can expect to see in 2023.
AI and Machine Learning
As cyber threats continue to grow in sophistication and frequency, artificial intelligence (AI) and machine learning (ML) tools will continue to evolve. IBM's Cost of a Data Breach 2022 report named AI and automation as solutions that offered the biggest savings, noting programs help organizations contain a breach up to 28 days faster, saving $3.05 million. When ML is effectively implemented in AI tools, customized cybersecurity software can be used to automatically identify and respond to threats.
Automated Security Tools
AI can analyze vast amounts of data quickly and accurately, making it a valuable tool for detecting and preventing cyberattacks. When ML algorithms are applied to AI in cybersecurity, algorithms are able to learn and adapt to changing patterns in cyber threats, allowing them to detect and respond to attacks in real-time.
In addition to improving the ability to detect and prevent cyberattacks, AI will also play a key role in addressing the ongoing shortage of talent in the cybersecurity sector. By automating many of the tedious and repetitive tasks in cybersecurity, these tools will free up professionals to focus on more important tasks like improving security posture and investigating high-level threats.
Cyber Threat Detection
Automated cybersecurity software that is optimized with information about existing threats and the methods of attackers can identify potential risks before threat actors reach their objectives. This ability is further advanced when automated cybersecurity software is optimized with information about existing threats and common attack techniques. For example, Securonix SIEM integrates the MITRE ATT&CK framework into analytics and threat hunting to prioritize the highest-risk threats to quickly detect and investigate advanced threats.
User and Entity Behavior Analytics (UEBA) is another example of how ML helps organizations detect threats. By using algorithms to detect anomalies in the behavior of users and other devices in a network (like routers, servers, and endpoints) UEBA can help identify social engineering attacks and those that use stolen credentials. As social engineering attacks, BEC, and deep fakes are expected to grow in sophistication in the coming year, advanced use cases of UEBA will be critical to detecting attacks.
Ransomware continues to be a global problem, with attacks increasing 80% year over year. The availability of Ransomware as a Service (RaaS) and the ability of organized cybercrime groups to simply rebrand allows attackers to continually evade law enforcement. Furthermore, ongoing political unrest increases the potential for nation-state attacks. AI and ML will likely be used to detect these types of organized attacks as well. Central Threat Intelligence (CTI) that uses crowdsourced information can be empowered with AI to automatically update organizations with proactive protection. This proactive protection will play an important role in protecting organizations against large crime groups that launch multiple attacks or less experienced threat actors depending on RaaS.
|Related Reading: AI and Machine Learning: Harnessing the Power of Automation for Business and Cybersecurity|
Cloud migration, digital transformation, remote work, IoT devices, OT devices, and global expansion all describe how organizations use the cloud to store and share information. Cloud environments now comprise the majority of enterprise application deployments, creating a larger landscape to protect and a plethora of new vulnerabilities. The increasing use of IoT devices in healthcare presents a wide range of vulnerabilities that put the healthcare sector at higher risk. Supply chain attacks continue to increase, with 62% of organizations worldwide facing an attack this year. Mobile malware cyberattacks have risen by 500%. Operational technology (OT) including industrial control systems are also high-level targets that can result in physical damage to infrastructure. In fact, Gartner predicts that by 2025, threat actors will have weaponized operational technology (OT) environments successfully enough to cause human casualties. These issues make cloud security a main priority in 2023.
Cloud-Based Security Services
Hybrid and multi-cloud environments require organizations and cybersecurity professionals to manage multiple dashboards for operation and protection. As a result, cybersecurity tool sprawl continues to be an issue for short-staffed cybersecurity teams. Another prediction from Gartner anticipates that by 2024, 30% of enterprises will adopt cloud-delivered Secure Web Gateway (SWG), Cloud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS) capabilities from the same vendor. By investing in a group of integrated services for protection, organizations can maintain more control over their entire cloud environment.
Cloud Security Best Practices
Tools alone will not be sufficient to protect against the likely deluge of cloud-based cyberattacks in the coming year. Threat actors are aware of continued cloud dependence and the potential vulnerabilities they can exploit as a result. Cloud security best practices describe the actions businesses and employees can take to decrease risks related to cloud-based applications and services. The key to efficiently handling your responsibilities is a clear understanding of the shared responsibility model presented by cloud services. The share of responsibility held by a business will depend on the category of service you choose. Software as a Service (SaaS) places the bulk of responsibility on the provider while Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) place more responsibility on your organization. No matter what cloud services your company uses, these practices can help you maintain security.
- Create and enforce effective cybersecurity policies for cloud-based environments based on zero-trust security.
- Implement top-grade encryption for data that will be stored or shared through cloud-based services.
- Develop strong password and multi-factor authentication (MFA) policies.
- Invest in robust cloud security solutions that feature continuous monitoring and routine vulnerability scanning.
- Work with a cybersecurity provider that offers a comprehensive solution for full network security that includes your entire cloud environment.
Increased Use of Encryption
Businesses across all industries are increasingly reliant on digital data and technology to increase speed and efficiency in their operations and processes. While these tools add convenience for customers, they also put data at risk. To protect customers from risks, data privacy laws are increasing. Gartner predicts that by the end of 2023 modern privacy laws will cover the personal information of 75% of the world's population. To comply with these laws and protect their organizations from data breaches and other dangerous attacks, businesses will need to increase the use of data encryption. Encryption helps protect data by scrambling it so that it cannot be used without authorization. This is critical to prevent attackers from using stolen data for leverage.
Data should be encrypted when it is stored (at rest) and when it is in transmission (in motion). The most common form of encryption is Advanced Encryption Standard (AES), which is the U.S. government standard for encryption. The process scrambles data multiple times and utilizes 128-bit, 192-bit, or 256-bit keys to unlock, with 256-bit AES being the strongest.
Encryption of Data at Rest
Stored data, or data at rest, is data that is not actively moving from one device or network to another. While it is sometimes considered less valuable than data in motion, attackers often find data at risk to be a more valuable target. By using encryption to protect data at rest, businesses can thwart attacks that depend on stolen credentials, BEC, or social engineering to access stored sensitive data. Along with robust encryption practices, it's important for organizations to create policies for systematically categorizing and classifying all company data. This organization will ensure that the appropriate data protection measures are applied while data remains at rest.
Encryption of Data in Motion
Data moving to a new location is known as data in motion or data in transit. Whether data is being transferred over a private network or the internet, it is more vulnerable during transmission. There are a variety of ways data can be compromised when it's in travel and out of the user's control. By encrypting all data in motion, you can make your company's sensitive data unreadable if it falls into the hands of unauthorized users. By creating policies for categorizing all data within your organization, you can use automated cybersecurity tools that trigger protective encryption methods when data is accessed to transferred.
New technologies and tools allow businesses to grow and organizations and facilities to better serve customers in all situations. However, it can also elevate risks for businesses and their customers. Awareness of trends in cybercrime and cybersecurity can help you better understand the current threat landscape and the ways it is likely to affect your business. As the sophistication and volatility of cybercrime continue to evolve, it is essential for businesses of all sizes in all industries to invest in proactive cybersecurity measures that work to maintain a safe network. Most often, the best solution is a comprehensive cybersecurity solution that includes modern tools and assistance from cybersecurity professionals.
BitLyft Air® is an automated threat detection and remediation platform that combines multiple security offerings into one single solution. With a combination of security information event management (SIEM), automated responses to alerts, incidents, and threats, and crowdsourced communication through CTI, along with a team of dedicated security professionals working to protect your organization 24/7/365, you can protect against current and evolving cyber threats. Don't wait for an attack to give you a reason to advance your cybersecurity posture. Get in touch today to learn more about how proactive cybersecurity can protect your organization against attacks before they occur.