Top Cybersecurity Trends of 2023: Part 1 

In an ever-evolving threat environment, staying up to date with the latest cybersecurity trends is not a choice but a necessity. This is one of the reasons I’ve enjoyed working in Cyber Threat Intelligence my entire career.  It’s something new every day, the team gets to work with all aspects of the internal security team and we get to partner with like-minded individuals in the industry and research community.  I may be biased, but I’ve said many times that CTI is the best job in Cyber Security!  The year 2023 has shown us some interesting developments in the cybersecurity domain, driven by technological advancements, corporations returning to the office post-pandemic, and a global uptick in cyber threats. This post delves into the significant cybersecurity trends of 2023 and what it entails for individuals and businesses alike.

Hybrid Working Environments Are Here to Stay

The shift to hybrid working models has persisted post-pandemic, marking a significant change in how organizations operate. While this model offers flexibility, it also poses unique cybersecurity challenges. Ensuring secure access to organizational resources, safeguarding sensitive data, and fostering a culture of cybersecurity awareness among remote employees are some of the focal points for businesses adapting to a hybrid work environment.  The blend of in-office and remote work has opened new avenues for cyber threats. 

1. Expansion of Attack Surface:  Industry experts have warned that remote and hybrid work models may expose new vulnerabilities and increase the surfaces prone to cyber attacks in 2023. This shift in work models is likely to create opportunities for cyber adversaries to exploit these new vulnerabilities .  We saw this in action in early 2020, where attackers took advantage of firms rapidly standing up remote access infrastructure, often with lack of proper security planning.
2. Increased Cyber Threats: Data from Microsoft reveals that as organizations move towards a hybrid workplace, the attack surface for cyber threats has expanded. Threat actors have been quick to exploit any vulnerabilities arising from this transition, with 81% of enterprise organizations moving towards a hybrid workplace model.
3. Cyber Attacks Targeting Remote Environments: The global shift to remote working has also seen a rise in the number of cyber-attacks aimed at remote environments. This necessitates companies to take measures to protect themselves, their employees, and their customers from data leakages and other cyber threats.
4. Security Risks in Hybrid Work Models:  Ernst & Young (EY) highlighted that the hybrid model presents both opportunities and challenges in terms of managing security controls. External hackers are actively working to exploit vulnerabilities and breach company defenses for financial gain, particularly as organizations adjust to new hybrid work dynamics.

Like any major technology change, the transition to hybrid work demands a re-evaluation of existing security protocols to ensure the safeguarding of organizational assets and data in a more complex working environment.

Privacy Regulations and Compliance That Shifted the Landscape

With data being the cornerstone of the digital economy, privacy regulations have become more stringent in 2023. Organizations are now obliged to adhere to a myriad of compliance standards, emphasizing the importance of a well-rounded cybersecurity strategy that encompasses legal and regulatory adherence. The realm of privacy regulations and compliance continues to evolve with new laws and amendments coming into effect, addressing the growing concerns related to data privacy and security. Here are some real-world examples and insights regarding privacy regulations and compliance in 2023:

1. New State Privacy Laws: As of July 1, 2023, four states have enforced new privacy laws. Among these, the California Consumer Privacy Act (CCPA) has been amended by the California Privacy Rights Act of 2020 (CPRA), bringing new compliance requirements for businesses operating in California.
2. Data Care Act of 2023: The Data Care Act of 2023, sponsored by Sen. Brian Schatz, D-Hawaii, imposes various duties on online service providers including a duty of care, duty of loyalty, and duty of confidentiality. This act essentially requires online service providers to secure individual identifying data reasonably.
3. Comprehensive Consumer Privacy Laws: In 2023, five states including California, Virginia, Colorado, Utah, and Connecticut have enacted new comprehensive consumer privacy laws. These laws bring in fresh compliance requirements for businesses, reflecting the growing emphasis on data privacy at the state level.
4. The Delete Act in California: On October 10, 2023, Governor Newsom signed Senate Bill 362, known as the Delete Act. This act enables California consumers with more control over their data, signifying a step towards stronger privacy regulations.
5. FTC Amendments to the Safeguards Rule: In 2023, the Federal Trade Commission (FTC) made amendments to the Safeguards Rule. These amendments require information security programs to have administrative, technical, and physical safeguards, and also consider potential rulemaking to mandate the reporting of cyber events where customer information has been compromised.

These examples reflect the ongoing efforts by various states and federal agencies to bolster data privacy regulations and ensure compliance, catering to the evolving dynamics of data security and privacy concerns.

Cyber Insurance: Balancing the Risk Management Equation

The rising incidence of cyber-attacks has propelled the importance of cyber insurance to the forefront. Organizations are considering cyber insurance as a crucial part of their risk management strategy, providing a financial cushion in the event of a cyber incident. In 2023, cyber insurance continues to evolve in response to the escalating frequency and severity of cyber attacks. Various real-world examples and insights highlight the significant role of cyber insurance in mitigating financial risks associated with cyber threats:

1. Increased Adoption of Cyber Insurance: Insurance provider Hiscox surveyed 5,181 companies across eight countries and found that 64% had cyber insurance, signifying the growing recognition of cyber risks and the value of insurance as a risk management tool.
2. Surge in Cyber Insurance Prices: The Marsh & McLennan Cos. Global Insurance Market Index revealed that U.S. cyber insurance prices skyrocketed by 79% in the second quarter of 2022, following a more than doubling in prices in the two preceding quarters. This sharp rise reflects the heightened risk perception and the escalating costs associated with cyber incidents.
3. Escalation in Cyber Insurance Premiums: Advancements in technologies like AI and IoT, coupled with rising cybersecurity threats, have driven up the demand and consequently the premiums for cyber insurance. It's anticipated that the number of companies unable to afford cyber insurance or be denied coverage will double in 2023.
4. Rising Ransom Payments: Despite a decrease in cyber insurance costs, the average ransom payments in early 2023 nearly doubled compared to the previous year. The survey reported that 40% of companies disclosed payments of $1 million, a significant jump from 11% in 2022. This trend indicates that cybercriminals are focusing more on an organization’s ability to pay rather than the security measures in place.
5. Vendor Cyber Risk: Vendor cyber risk has emerged as a leading point of failure in cybersecurity, overtaking phishing attacks. Data from Resilience shows that third-party vendor incidents account for 28.9% of its clients’ claims, underlining the interconnected risk landscape and the importance of cyber insurance in providing a financial safety net.

These examples depict a dynamic and challenging cyber risk environment, where cyber insurance plays a pivotal role in helping organizations manage and mitigate the financial implications of cyber threats.