Succeeding with Cybersecurity: Challenges and Opportunities for 2023
Take a look at alternate security options for cybersecurity teams.
The last few years have been rough on cybersecurity professionals. With each passing month, the threat environment has intensified. Aaron Sandeen, the co-founder of CSW, analyzes quick statistics to illustrate the expected cybersecurity trends in 2023.
The last few years have been rough on cybersecurity professionals. With each passing month—with each passing minute—the threat environment has intensified.
Here are some quick statistics to illustrate the scale of the problem. Between 2020 and 2021, the average number of attempted cyberattacks per company rose by 31%. And these attacks have cost businesses dearly with the loss of data, revenue, and brand reputation. According to one study, 60% of small businesses have to close their doors within six months of a breach.
In 2023, attacks will continue to escalate, targeting a wider attack surface than ever before. I think it would be wise to take these attacks as a given and focus for this coming year on how cybersecurity professionals might respond.
With that said, here are my three big cybersecurity predictions for the coming year.
Cut Back on Cybersecurity — With Disastrous Consequences
During the 2008 recession, the FBI noted a 22.3% increase in online crime reports. Those are just the ones reported!
Why the increase? Simple, because businesses tend to cut corners when the economy takes a downturn. That means fewer resources are devoted to cybersecurity initiatives.
While we can’t know where things are going economically, most indicators suggest another recession is coming. Yes, job growth remains strong — but at the same time, the housing market is getting weaker, interest rates are continuing to rise, and inflation isn’t stopping. In a survey of economists released by the National Association for Business Economics in October, it’s no surprise that more than half said a recession was guaranteed in the next twelve months.
If and when the recession does arrive, we can predict what we’ll see. Cash-strapped organizations will pause hiring cybersecurity talent or cut existing security professionals. They’ll seek to trim the fat by eliminating expensive tools. They’ll demand IT professionals get more done with less. Crucial penetration tests will go unscheduled; vulnerability management will be ignored; important security decisions will be deferred or forgotten.
Bad actors, meanwhile, will take advantage of this cost-cutting environment to breach systems and cause chaos. If we’re struggling to keep abreast of threats without a recession, you can imagine what things will look like should the economy take a turn.
Downturn Impacts Regulatory Compliance
Increased vulnerability to malicious actors won’t be the only consequence of an economic decline. There are also regulators to worry about and the vast range of compliance guidelines which businesses are mandated to cooperate with.
The fact is that security and risk management are, in many ways, distinct from compliance. An adequate compliance protocol requires a detailed knowledge of each new and pre-existing regulation and the resources and internal cooperation required to keep a given company compliant. If and when personnel begins to be cut, companies will need help to stay on top of these regulations.
I can say this with confidence for one simple reason—companies are already having difficulty hitting the mark, compliance-wise. And who can blame them? Agencies like the Federal Communications Commission and the Cybersecurity and Infrastructure Security Agency, things like GDPR and ISO compliance—there are more regulations than ever to stay on top of. Each comes with specific language and rules that must be adhered to; many overlap in complicated ways.
Still, without trained staff dealing specifically with these problems, companies will inevitably have a harder time than ever staying on top of them. If and when we see a recession hiring freeze, we can expect to see many companies struggle with compliance.
See More: What US Manufacturers Need to Know about AI Regulatory Compliance
Predictive Intelligence to Save the Day
The word ‘flooded’ comes up repeatedly in data discussions, and with good reason. There is no better way to describe the scale of structured and unstructured data that today’s companies deal with. Companies are simply overwhelmed.
We know that manually monitoring and processing this data would be impossible. Not even a large team working around the clock could filter through it all. Automation is necessary and will become an ever-more routine part of the monitoring process as we enter the coming year.
Automation allows cybersecurity teams to sift through and properly prioritize incoming data. However, the data itself is not valuable enough. It needs to be combined with contextual threat intelligence that is continually updated through automation, artificial intelligence (AI), and machine learning (ML) and validated by experts. With contextual threat intelligence, data becomes action insights that let companies take decisive action during threat incidents. It also gives them the information they need to help ensure breaches don’t happen in the first place.
Of course, automated AI can’t compensate for a robust team of flesh-and-blood security personnel. Organizations need both to combat the bad actors that today threaten to take down every business imaginable. Ideally, as we make our way through the coming year, we’ll see companies investing in both, helping to ensure that the bad guys don’t win.
See More: To Sustainability and Beyond with Predictive Analytics
Stay Prepared for the Uncertainties of 2023
The last five years have demonstrated that cybersecurity is a cat-and-mouse game. As security teams patch vulnerabilities, threat actors find new ways to breach the organizations. Security teams patch and modify it, but it no longer works. Organizations must discover strategies to keep ahead of threat actors and be prepared to remain secure in 2023. Having great cybersecurity intelligence means that a company can make and respond quickly.
The state of the economy and the massive data increase leads to an uncertain future. However, it is not all doom and gloom. With the right precautions and a properly trained staff, organizations can find ways to weave through the cybersecurity problems that the new year may bring.
Which strategies should companies implement to simplify cybersecurity challenges? Share with us on Facebook, Twitter, and LinkedIn.
MORE ON CYBERSECURITY
