I recently attended a webinar presentation about cybersecurity trends in 2022 and predictions for 20231 as part of my continuing education in my role as a security professional. The trends and predictions discussed, while not surprising, are a strong reminder to level up our New Year’s Resolutions for cybersecurity.
This past year we saw an increase in not only hacktivism and targeted cyberattacks, but also in laws, regulations, and cyber insurance as a result of the increased activity.
2023 will bring continued conflict in the fifth domain. U.S. military operations are divided into “domains,” with cyberspace considered the fifth domain, followed by land, sea, air, and (outer) space.
The economic downturn we’re experiencing is expected to fuel an increased scope and nature of attacks based on emotional circumstances of current events like government assistance programs, loans and lending, and job recruitment tied to layoffs.
In addition, cybercrime increases during recessions. For example, as organizations cut security corners to curb spending during the great recession – internet fraud escalated by 33%. By the same token, we saw expanded operationalized information sharing, as well as responses from the public and private collaboration, begin to improve.
By 2025, 45% of organizations worldwide will have experienced a cyber-attack.
Ransomware will continue to be used with more IoT targets, response-based phishing, and complex vishing. Other platforms like social media, SMS messaging, and search engine ads will be used to carry out cyberattacks in addition to email.
Exploits compromising Multi-Factor Authentication (MFA) integrity include SIM swapping and impersonation attacks against MFA – just when we thought MFA was the end-all solution for protecting your institution against authentication-related breaches.
Additionally, financial sector attacks are moving downstream to crypto companies, insurance providers, and regional/small businesses. And while security hardening and defenses are good, people are still the soft targets.
With expanded attack targets on the rise, social engineering awareness is imperative and should continue to be refreshed. So, what can you do? Improved attack responses include:
A more complicated regulatory landscape creates the potential for regulation confusion.
Violations will continue to increase as greater interaction in the digital space makes room for even more mistakes. Negligent loss has steadily increased 20% each year, causing 75% of the world’s population to be under privacy regulations in 2023 (Gartner).
Furthermore, cybersecurity will remain a top priority, with more global laws and guidance than ever before – including data privacy, ransomware payments, long-term preparation, and more. The CISA also published their Strategic Plan for 2023-252 addressing “ambitious goals” including protecting cyberspace, strengthening the resilience of our critical infrastructure, and strengthening national collaboration and information sharing.
Additionally, the DoD released its Zero Trust Strategy and Roadmap,3 which addresses the need to protect against cyber threats and attacks and offers insight into their Data Protection Review Court4 in October for GDPR cases.
What should you do? Respond to the most stringent regulations first. “Pick the ugliest regulation and you will most likely comply with the rest.” Furthermore, you should establish solid business partnerships, outsource compliance management where necessary, and increase vendor vetting.
This is the fastest-growing insurance segment.
Because of the competitive advantage that comes with having cyber insurance, there will be an increased expectation from consumers to have a policy. This increased risk may mean fewer carriers, reduced payouts, more disputes, and a highly difficult pre-audit and renewal process.
Insurers are also expected to offer cybersecurity services such as buying MDR and MSPs with some cyber insurance policy questionnaires already asking if specific security technologies (brands) are in place.
What should you do? Cybersecurity threats will always persist, but the new year is full of exciting opportunities. Take advantage of these important resources to help you level up in 2023:
How should you fight back? Your response will depend on the type of attack, so it’s important to anticipate the attack and prepare to respond and recover in a timely manner. Furthermore, you can best equip yourself to fight back through partnerships with peers or intelligence sharing organizations, managed service providers, and first responders.
How do you balance spending with risk reduction? Take a “crawl, walk, run” approach to security. Use everything you buy and buy everything you will use. Have a roadmap and stick to it. Get the biggest bang for your dollar, be pragmatic, and incorporate your risk appetite and assessment results into your strategic planning.
How do you start to protect your environment? Perform a risk assessment with data discovery and IT (talk to the business) and look at your business practices and processes. Understand your options, do thorough research, and talk to your partners. When all else fails – take a data-centric approach. Start with access controls and build from there.
Learn more about reducing risk and fraud at jackhenry.com.
1 Fortra, A Spotlight on Cybersecurity: 2022 Trends and 2023 Predictions, accessed December 19, 2022.
2 CISA, CISA Strategic Plan 2023-2025, accessed December 19, 2022.
3 Department of Defense, Department of Defense Releases Zero Trust Strategy and Roadmap, accessed December 19, 2022.
4 Federal Register, Data Protection Review Court, accessed December 19, 2022.
Who We Serve
What We Offer