It shouldn’t be surprising that cyberattacks did major damage this year – as the cost of a data breach has reached a new record. Unfortunately, there is no sign of slowing down, and in 2023, we’re expecting cyberattacks to be even more effective and damaging.
There are some signs of life, however, as more industries are understanding how critical cybersecurity is, and they are now beginning to implement proper security measures.
As we approach 2023, we are starting to see certain trends that define both attack vectors and the responses organizations should implement. Read to learn about newer attack vectors and the latest cybersecurity trends that all companies should be aware of and actively sharing with their employees.
Modern Cybersecurity Threat Landscape
In 2023, we expect cybercriminals to modernize their attack approach and use more sophisticated tactics – especially against users who cannot differentiate a phishing email from a legitimate one. Geo-phishing – when hackers use a company’s location to make their fraudulent email seem like it’s from a local organization – will be used much more frequently as more effectively tricks victims. We anticipate these types of cyberattack attempts to double this upcoming year.
Ransomware attacks, too, are increasing in frequency, scale, and sophistication. Basic cyber defenses are not enough to block modern malware. We expect malware to become even smarter, more easily circumventing proper defenses. For IT teams and those responsible for cybersecurity, this means they need to be even more alert and prepared.
From 2021 to 2022, there was a 15% increase1 in cyberattacks, and unfortunately, we expect to see that trend continue to rise throughout 2023. No matter the industry, organizations must comply with federal regulations pertaining to personal identifiable information, which means investing in a stronger critical infrastructure.
However, every industry has flaws when it comes to implementing cybersecurity, and threat actors know this. Here are some specific industry-related threats to be aware of.
Higher Education Institutions
Higher education continues to be a gold mine for cybercriminals. With small or large universities containing the personal and identifiable data of thousands upon thousands of students, it’s evident why they continue to be a large target in 2023. As cyberattacks on universities continue to rise, institutions will need to strengthen their cybersecurity efforts accordingly.
To add to the challenge facing higher ed, IT departments in this sector are often understaffed, underfunded, and treated as an afterthought. On the bright side, several higher education organizations have taken proactive security measures like installing biometric authentication methods to help defend against increased attempts of phishing, fraud, and identity cyberattacks.
Hospitals and healthcare facilities have a direct impact on the wellbeing of human beings, but security oversight in healthcare systems can cost lives. The healthcare industry had 19 million compromised due to cyberattacks within the first 6 months of 2022 alone.2 In 2019, Springhill Medical Center experienced a cyberattack which resulted in the death of a baby.
Because the healthcare industry hosts a lot of confidential patient information, they’re a natural target and we expect to see a rise in cyber threats. With this, organizations can implement preventative security measures, like Identity-Bound Biometrics which will prove critical to ensure users are who they say they are when accessing healthcare networks.
Banking and Financial Services
In the financial services space, we’re expecting to see more companies using third-party services to support payments and transactions, but this adds an additional layer of cyber risk. The more external resources an organization relies on, the more likely one of them is to be hacked - which can lead to your organization being a victim soon after.
It’s going to be critical for financial services companies to step up their cyber strategies whenever they add a new vendor to their tech stacks, given the highly sensitive data their organizations host. There will be a greater push to obtain cyber insurance and implementing Multi-factor Authentication to lower cyber insurance premiums.
State and Local Government
In the state and local sector, there will be continued cyber funding in 2023 in order to tackle the continuous increase in cyber threats. In 2022, we learned that many organizations in the public sector have limited knowledge about cybersecurity. Often, the IT teams are unaware of the preventative initiatives needed to thwart attacks, like MFA implementation.
While funding is a great step forward to expand proactive security measures, the lack of cyber-related training and experience means the public sector has a way to go before it can claim cyber maturity.
Cyber Insurance and Cybersecurity Improvement
In 2023, we anticipate that organizations across industries will focus on getting ahead in cybersecurity instead of playing catch-up. The major cyberattacks of the past few years (Colonial Pipeline, JBS, Kaseya, etc.) have shown the importance of being proactive with security measures instead of being reactive.
Organizations will do more than just meet the base requirements to receive cyber insurance or funding. We expect them to place an emphasis on enabling Multi-factor Authentication with secure authentication methods in order to mitigate risk and protect against cyber threats.
Because of the increased cyber threat landscape, compliance requirements are stricter and privacy laws are expanding globally. This will impact more citizens and businesses, meaning organizations need to prioritize protecting sensitive data.
With this, we expect more companies to obtain cyber insurance. The growing risk of financial loss from ransomware attacks is more concerning than ever, so businesses are developing plans for how to handle the loss.
Business Initiatives and Use Cases
COVID-19 has drastically accelerated the adoption of hybrid and remote work in 2022:
- Globally, 16% of companies went fully remote3
- In the United States, 25% of all jobs went fully remote4
For IT professionals, however, the trend is concerning, with 54% saying remote work poses a greater threat than traditional or in-person5. Without knowing who really accessed the company network, IT admins are looking for solutions that properly identify their users while they’re at home.
Device-based authentication, which utilizes a user's mobile device or laptop, is losing steam. These methods fail to properly authenticate the individual and instead can only authenticate the user’s device into the company network.
Passwordless authentication will be one of the most sought out methodologies in 2023. With many businesses stepping away from passwords, they are seeking new authentication methods to secure their networks, devices, and applications in the midst of a rapidly changing threat landscape. Unfortunately, they will struggle to find passwordless solutions from big vendors that address cost, security, and flexibility.
This upcoming year, we’ll see a definitive shift toward authenticating the user instead of the device. This methodology of identifying the user will strengthen security procedures throughout the enterprise.
These types of solutions, including Identity-Bound Biometrics, are more crucial than ever as they are becoming one of the strongest cybersecurity methods to date. Big vendors are aware of this and presenting potential customers with bloated pricing for passwordless solutions.
Moving on to 2023
We know cybersecurity will continue to be important, but it will be a matter of concern around the world. Companies worldwide will prioritize cybersecurity in defense strategies and budgets.
It’s no surprise cyberattacks are going to be more frequent and more damaging, so those on the frontlines – like IT professionals, CIOs, and CISOs – must be equipped to practice more than just the fundamentals of cybersecurity protocols. Improper employee cyber training is now a major cybersecurity risk, so this upcoming year, everyone needs to sharpen their cybersecurity skills.
Users must be willing to open to move away from traditional authentication methods and adapt to changing the way we protect ourselves against cyber threats. That means raising the standard of how we defend networks, how we authenticate users, how we grant system access, and how we position cybersecurity within organizations. The move to passwordless authentication is a great step, but there’s still more that needs to be done in 2023.
If the cyber threat landscape is growing and evolving, shouldn’t our approach to security change as well?
- The latest 2022 Cyber Crime Statistics (updated December 2022) | AAG IT Support (aag-it.com)
- Biggest Healthcare Data Breaches Reported This Year, So Far (healthitsecurity.com)