Fashioning A New Cyber Realm? 2023 and what’s in-store.
IT Leaders will be looking to set out a strong roadmap for cybersecurity in 2023. That much is a given, but where do you even begin? With the realm in which we operate moving at an unprecedented rate, we must begin to decipher the best path by moving and developing alongside it.
There’s no doubt that we are facing another year of accelerated growth in the digital world, so let’s start by looking at what changed in 2022 and what our new cyberspace will look like as we move through the year.
Cybersecurity is a constantly evolving field that’s becoming more complex and difficult to navigate and 2022 was no exception. The National Cyber Security Centre (NCSC) removed 2.1 million commodity campaigns from UK businesses and organisations in 2022, 63 of which were significant enough to require a national level response*. The incidents reported included a range of malicious cyber activity such as ransomware, reconnaissance, malware and network intrusions, data exfiltration and disruption of services and systems.
The ever-evolving cyber landscape also saw an increase in penetration to low-level software, where flaws were exploited – particularly Log4j within the NHS. NCSC have said ‘there remains a significant risk where its vulnerabilities remain unpatched’*. With this, the UK’s health sector (along with education and research) has been seen as a key target for cybercrime throughout the last 12 months.
Multi-Factor Authentication (MFA) Push Exhaustion attacks were also prominent in 2022, this type of threat saw attackers flooding users with MFA acceptance prompts until the user clicks to stop the deluge of requests. As Remote Desktop Protocol (RDP) services decline as an initial access route to hackers, other ways in such as phishing and access through third parties is increasing as a proportion of all attacks.
Looking into the year ahead – and with the continued growth of digital technology in the UK – we see an ever-expanding attack surface for malicious cyber activities. Whilst the UK’s economic future, prosperity, and national security are all reliant on continued and growing success in digital technology and cybersecurity becomes even more critical.
We have already seen two major large-scale cyber incidents in 2023, both the Royal Mail and Microsoft have fallen victim to cyber criminals which proves that the cyber realm in 2023 is moving at a phenomenal rate. Technology works by developing alongside threats, and to enable effective cybersecurity platforms, we should all first understand just how the threat environment is evolving in itself.
Social media purchasing has opened a new channel for scammers and this trend will continue to evolve as this stream of e-commerce develops and grows too.
What we face now is a multi-layered approach to cybersecurity, both in our homes and our workplaces. Connected devices pose a risk to anyone as it’s been shown that even when they don’t store data themselves, attackers can often find ways to use them as gateways to access other networked devices.
Home-working remains a trend with the UK’s workforce in both the private and public sector, however connecting to networks with non-secured devices can lead to employees unwittingly falling victim to phishing attacks, where attackers trick users into divulging passwords.
Ransomware attacks are still very much at the forefront of activity in the cyber-crime world. With organisations forgetting to make regular backups, huge data loss can – and does – occur, creating downtime and failings. We all must be prepared for an incident by preventing malware from being delivered and spreading to devices.
Cultural security is another key trend for 2023, as we see organisations actively promoting the importance of a safe cyber space within organisations across the globe. This shift has seen employees and employers working together to better understand the risks associated with digital transactions, cloud-working and (more recently iot devices). The tasks that are completed within the everyday operation of any organisation, now (more often than not) operate in the cyber realm, and behavioural safety around that must be taught. As we know, with human error being at the forefront of cyber breaches, a better cybersecurity culture could be one of the best solutions to threat factors that continue to dominate the world we live in.
—
References: [*https://www.ncsc.gov.uk/collection/annual-review-2022/threats-risks-and-vulnerabilities/evolving-technical-threat]