There are a few things that are certain about cybersecurity. Ransomware is a headache for businesses. A third party causes a cyber incident. And every December, cybersecurity analysts compile a list of predictions and trends that they think will impact the coming year.
Most of the predictions are designed to help organizations build their security programs.
These trends can affect society as a whole, far beyond individual companies.
Here are some of the biggest trends of the year that Construction Dive’s sister publication, Cybersecurity Dive, has spotted.
Global impact of state-sponsored activities
State-sponsored threats are an annual trend, but as we enter 2023, these threats are different and more menacing than ever before. The countries responsible for much of the state-led activity, Russia, China and Iran, are embroiled in the conflict.
“Over the past year, we [Russia’s] aggression in Ukraine; worsening relations between China and the West, coupled with increased control by Xi Jinping and further pressure on Taiwan. Mike McLellan, Director of Intelligence, Secureworks Counter Threat Unit, said:
All of these factors will influence the tasks and activities of state-sponsored threat groups and will be reflected in their activities in the coming year.
“Cybercrime threats such as ransomware are an ‘equal opportunity’ risk for organizations lacking robust cybersecurity defenses in all sectors, but state-sponsored threats may be more targeted.” said McLellan.
As political tensions rise in these countries, nation-state actors are expected to use them to scale up their attacks.
For example, China is often interested in obtaining intellectual property from high-tech targets, and concerns about Russia’s general position in the world have prompted other Russian groups to carry out large-scale covert operations. There are concerns about conducting foreign intelligence gathering operations.
Certain sectors and countries will always be at greater risk of state-sponsored attacks, but 2023 could prove to be a year of heightened risk for critical infrastructure sectors, governments, and tech companies.
Consumers Drive Security and Privacy Measures
Consumers are digitally transformed, with nearly three-quarters of their interactions with businesses occurring digitally. There is also growing interest in how companies treat their personal data.
That’s why Chris Bradbury, U.S. Data and Privacy Leader for Cyber and Strategic Risks at Deloitte, believes that data-centric security and privacy will be the cornerstone of how companies build their brands in 2023.
“The digitization of business means that organizations are increasingly having more direct relationships with their consumers, and as a result are collecting more data through different channels,” said Bradbury. I’m here.
New laws and regulations, increased scrutiny by authorities, and disturbing headlines in recent years have forced consumers to question how organizations treat their data and respect their privacy and choices. are becoming more aware of
Consumers will start demanding transparency about their data security and privacy programs, and will eventually base their choices on the companies that do the most to protect their personal information.
“We believe that using trusted data is one of the primary ways organizations build and lose consumer trust,” said Bradbury.
If an organization does not have a firm grasp on how consumer data is handled, it will struggle to protect or strengthen consumer trust and ultimately risk damaging the company’s brand. Become.
“Organizations should define what trust means to them, develop key metrics to track customer sentiment related to trust, and determine how their behaviors and initiatives affect those sentiments over time. We need to measure the impact,” said Bradbury.
final note on board
These are potential cyber-attacks by state-sponsored threat actors seeking to bring down critical infrastructure, or because companies are taking security shortcuts, they are more likely to fall victim to identity theft. It’s a trend that comes with a very high human cost, even for fearful consumers.
Michael Mumcuoglu, CEO and co-founder of CardinalOps, believes 2023 will likely be the year management, boards and auditors demand better cyber reporting on business risk.
“These key stakeholders will increasingly require CISOs to report on their defense posture against attacks that could have a significant impact on the organization,” said Mumcuoglu.