Recent research from the specialist IT cybersecurity distributor found that more than a third (36%) of IT leaders believe that attacks becoming more sophisticated and targeted in nature will be the biggest disrupter of the cybersecurity sphere over the next five years*. For this reason, experts at Distology are predicting 2023 will be a year of consolidating cybersecurity solutions to ensure organisations are protected.
Some of the top trends in 2023, according to Distology, include:
• Reassessing cybersecurity solutions post-pandemic: Email security, cloud security, API, XDR and even backup and recovery solutions all need to be reassessed now that hybrid working is here to stay and the cyber threats are more dynamic now. Setting up simple rule-based security protocols isn’t enough to keep up with the threats of today, let alone the future. The winning formula builds on traditional defences with artificial intelligence, human intelligence (SOC based analysts), and user communities all combining together to create organisation-specific context.
• Preparing to recover will be key: Over the last three years, the way people work, shop and spend has changed considerably so, if it hasn’t been done already, organisations should be putting time in to explore disaster recovery, business continuity and cyber incident response policies and procedures. Aside from documentation, IT leaders should also be considering the support they have lined up for cyber incident response. Solutions such as Check Point or WithSecure help put out fires and can even go as far as helping organisations to get back up and running after an attack. After any form of cyberattack, recovering systems is crucial, so organisations should also consider having a backup and recovery solution (and even better, a backup and recovery service, like Harbor Solutions) in place, otherwise IT leaders are on their own when it comes to recovering systems.
• Quality over quantity: Although it’s clear IT leaders will have to shift their focus in 2023, this doesn’t necessarily mean spending more on cybersecurity solutions. Instead, they need to ensure they have enough of the right technology and services in place to help protect the business and help it recover should the worst occur. Organisations considering making changes to their cybersecurity strategy need to have identity and access management at the top of their agenda, as everything flows from here. Reviewing email security platforms is also important as phishing is getting more sophisticated by the day, ransomware attacks are costing hundreds of thousands and dark web cybercrime-as-a-service are increasingly easy and cost effective to subscribe to (“Splunk Data Security Predictions 2023). For this reason, organisations should be ensuring that their cybersecurity platform investments incorporate artificial intelligence and human intelligence as much as possible, as this will deliver more holistic protection and assistance should an attack or breach occur. Lastly, IT organisations should also ensure their business leaders are prepared on all fronts – business risk management now firmly sits in the digital domain as much as the physical. This means knowing what solutions are in place, what part they play in a business continuity plan, how well-trained people are and how well planned the organisation’s response to incident and recovery is.
• Increased legislation: As the world gets used to the new ways of working, legislation is having to adapt. The UK’s National Cyber Security Centre (NCSC) has already revised its Cyber Essentials+ programme and the EU has also released some guidance around cyber recovery, which will help inform and prepare organisations should they need to recover from an attack. Over the next 12 months, the industry will start to see these legislations and restrictions trickle down in to their organisation, while IT leaders will face more pressure when it comes to supply chain cybersecurity management and assurances – this is where, in the UK, Cyber Essentials+ will really help. Many organisations will need ISO27001 compliance, or at least alignment, and, if operating within or with US companies, SOC2 is a must. New, SME-centric, innovative security compliance automation platforms, like Drata, will help organisations ensure they’re compliant with updated legislations on an ongoing basis. These platforms also offer a high level of efficiency.
“As we enter the new year, there will be a need across the board for general revisions to cybersecurity strategies and policies to ensure organisations are protected and prepared in 2023”.
“Ultimately there will be new cybersecurity threats appearing in 2023 which IT leaders need to be prepared for. However, the biggest threat will always be the well-meaning insider – whether it’s something silly they do, or they’re compromised by a threat actor, the focus is to breach organisations via their people. With cyber resilience high on the agenda, the second level of threat is top-down organisational readiness. To achieve this, cybersecurity needs to form part of all organisational culture in the same way that physical security has for decades”.
“For this reason, it’s positive to see that legislation, guidance and training is changing to align with the ever-evolving threat landscape. When it comes to legislations, there are some which are in place which we’ve grown used to, such as ISO27001 and UK-GDPR, and these give organisations clear guidance on what they need to do to protect themselves, their people, their customers and their data from breaches, so the upgrades to legislation will only bolster this understanding,” comments Lance Williams, chief product officer at Distology.