09 Januar 2023/ Facts
Is your cybersecurity strategy prepared to take on 2023? Every year brings new trends, threats, hypes and hoaxes. Let’s take a look at what you need to prepare for as soon as possible.
New year, new me. As we move past the turn of the year, and our New Year’s resolutions start to unravel, the internet keeps persistently evolving. It keeps reinventing itself, as do the threats you may encounter while connecting to it. As your ‘new me’ slowly turns back into the old version, cybersecurity threats keep on evolving. That’s why we take a look at which new dangers loom ahead in the coming year.
1. The dangers and possibilities of AI and machine learning
2022 ended with a bang: ChatGPT made a serious dent in the way people think about AI, the current state of its capabilities and its possible applications. While the servers at OpenAI – its creator – keep overflowing due to the enormous interest, we have to take a minute to contemplate its repercussions for cybersecurity – both positive and negative.
While AI can help cybersecurity measures and tools to become better at recognising and stopping threats, it also makes life easier for criminals. Self-learning (or machine learning) platforms such a ChatGPT make it easy to write even more convincing phishing mails or to write and correct code that launches new malware-as-a-service tools.
OpenAI created something that can help millions of people, small business owners, students,… But they also run the risk of elevating already precarious threat levels. Preparing people to handle this new reality will quickly become a key aspect of cybersecurity strategies everywhere – both for enterprise and for SMB. ‘Waiting it out’ is definitely not an option.
Platforms such a ChatGPT make it easy to write phishing mails or to write and correct code that launches new malware-as-a-service tools.
2. Security awareness for business leaders
Cybersecurity is no longer the sole concern of whoever is in charge of the organisation’s IT department. Responsibility grows for both employees and their leadership. The recent green light for the Network and Information Security 2 directive (NIS2) enforces this point. Not only will essential industries and services (as well as their suppliers, stakeholders and affiliates) have to take action for a better security, their business leaders will be obligated to follow cybersecurity (awareness) training.
Not only will management have to be trained, organisations must be able to prove that they have taken appropriate steps. Whether it’s the CEO, CFO or COO, manager or director, they will need to be aware of what is expected of them. While NIS2 will kick in starting January 2024, there is no time to lose to start implementing the appropriate measures and strategies. Waiting is a losing strategy.
3. Cyber insurance: will it still be possible to obtain insurance?
The number of cyber incidents skyrocketed once again in 2022. The amount of organisations having to pay ransoms did as well. For some of those, the impact will have been lessened because they already had ‘cyber insurance’: a specific formula designed to mitigate some of the effects of a cyberattack.
Because an increasing number of organisations faces criminal incursions – Gartner predicts that 45% of all companies will at one point have been the victim of a hack, as early as 2025 – experts fear that cyber insurance will at least be more difficult to obtain, while at its worst might disappear completely over the next months or years.
The least we can expect is for insurance brokers to add new sets of requirements to be met by anyone looking to obtain those safeguards. Standards will need to be raised and people will need to be trained – and results demonstrated. Security awareness will become a minimum requirement for any organisation looking to financially protect itself using cyber insurance.
The only way to mitigate the rise of ransomware is by educating people.
4. The rise and rise of ransomware
As with any war, it’s never fought merely on the battlefield. Civil casualties cannot be avoided and in this day and age, the internet serves as a dangerous weapon that targets anyone globally and blindly, like a machine gun. Since the war in Ukraine erupted, cyberattacks have surged everywhere, probably resulting from nation-state attacks and originating not only in Russia or Ukraine, but in their allied states as well.
Ransomware is a very tangible result of the conflict, ceaselessly attacking anyone it can infect. While criminals still put a lot of effort into targeted attacks, such as spear phishing, there is undoubtedly a rise in popularity for ‘broad spectrum’ attacks: hackers cast a wide net to anyone they can reach to then bide their time until a victim turns up. 2022 saw some very headline-worthy examples as a result of this approach – including hospitals and city administrations.
The only way to mitigate the rise of ransomware is by educating people. Even if your firewalls and similar technical measures are up to snuff, some threats will invariably sneak through the cracks. The only to prevent your co-workers from catching the bait is by teaching them what to look out for – and how to act when they come eye to eye with real threats.
Prepare yourself with Phished
Phished offers an automated, holistic security awareness approach. Because awareness is not enough, Phished focuses on changing employee behaviour – so they know exactly what to do when facing threats in the real world. By combining personalised phishing simulations, bite-sized cybersecurity training and checkpoints, active reporting and threat intelligence, your organisation will be able to obtain a zero-incident rate.