- December 15, 2022
- Catagory cybersecurity
How Cybersecurity is Shaping Up for 2023
Remote work during the pandemic and the current dynamic of hybrid workplaces has had a strong impact on how you must manage cybersecurity. Remote work isn’t going away, while other longstanding trends as well as new realities will affect cybersecurity in 2023.
Ransomware remains a major threat
Expect ransomware attacks to continue to be a factor in your cybersecurity planning, as threat actors move from encrypting files to targeting third-party cloud providers while continuing to use aggressive, high-pressure tactics to extort victims, including data-encrypting malware and more novel infiltration approaches.
Global geopolitics will affect your business
The ongoing conflict in Europe will mean some of those ransomware threats will come from Russia. Overall, 2023 is going to begin with a great deal of uncertainly and tension, with more state-sponsored threat actors looking to destabilize global economies and specific industry sectors such as logistics and shipping, energy, semiconductors, and financial services.
Zero Trust adoption will grow
With more workloads being moved to the cloud, a Zero Trust approach to security will become more compelling and necessary in 2023, transforming how you secure your infrastructure, including network penetration testing.
Automation will increase, too
It’s near impossible for organizations of any size regardless of budget to keep up with the volume of threats, which means 2023 will see even more automated cybersecurity, enabled by artificial intelligence (AI) and machine learning. The downside is the bad guys can leverage automation and AI, too, which means organizations will need to take a more active approach to cybersecurity.
Watch out for bots
Speaking of automated bad guys, be prepared for more bot activity in 2023, which can automate and expand attacks as perpetrators rent out IP addresses to make it difficult to track them.
Your own IT is a threat
Between shadow IT and the proliferation of endpoints either due to remote work or internet of things (IoT), there’s no shortage of attack surfaces for threat actors in 2023. If your endpoints aren’t properly configured and you’re not keeping a handle on shadow IT, your cybersecurity posture will be drastically weakened.
You people can still be a problem
Even with all the right technology in place, the biggest threat cybersecurity in 2023 will continue to be your own people, whether it’s by accident or due to insider threats from unhappy or former employees. Training combined with a Zero Trust approach will mitigate risk to your business.
What won’t change in 2023 is that cybersecurity isn’t something most organizations can handle on their own, so if you haven’t already, make it the year you see how a managed service provider can help evaluate and shore up your security posture.
- August 31, 2022
- Catagory cybersecurity
Insurance not a substitute for good cybersecurity
You don’t use auto insurance as an excuse to drive recklessly, so why would you cut corners on cybersecurity because you have ransomware insurance?
With ransomware attacks doubling in 2021 compared to the previous year – due in large part to the massive shift to remote work – the average cost of a data breach grew to record levels by more than 10% in 2021 as threat actors took advantage of a broader attack surface that resulted from a hybrid work environment.
Much of the costs of these breaches were covered by insurance, including ransom payments, but cybersecurity insurance providers are becoming more selective with their coverage as payouts have increased – qualification processes are more rigorous and the threshold for a payout is getting higher.
If you were depending on cybersecurity insurance without a data protection strategy, you need to seriously rethink how you implement security in your organization.
As ransomware attacks rise, so do premiums
For starters, the number of ransomware attacks is only going to get higher as more and more threat actors with a wide array of experience and expertise look to make money off data breaches – cybersecurity insurance is not going to be enough to save your business.
It’s not that you should cancel your insurance – you should be prepared to pay more – but you must also have people, processes, and technology in place to secure your business and sensitive customer data. Making an insurance claim should be a last resort – no matter how much you pay for it, it won’t bring your data back if you fall victim to a successful attack.
You really don’t want to be paying the ransom, even though many companies go that route – that only emboldens the bad guys to keep at it. Some insurance companies are no longer even covering ransomware payouts. If cybersecurity insurance premiums are going up and not covering what they used to, it’s time to implement better security practices – prevention is much more affordable in the long run.
Your MSP can help you up your security game
Cybersecurity awareness should be something that touches everyone in your organization, including the understanding that a data breach costs the business money – and your insurance provider expects you to raise your game to take a more proactive stance with security.
Even if you’ve put the effort into your cybersecurity, keeping it current and staying on top of all the threats can be daunting. With so many systems, endpoints and users, visibility is you biggest challenge, and understanding the threats, attack surfaces and vulnerabilities requires a great deal of time and resources, including skilled people.
That’s why you should turn to your managed service provider for guidance – they’ve got to contend with rising insurance premiums too and know that prevention is better than getting the cost of a ransomware attack covered. They already have visibility into your infrastructure and can help you put all the people, processes, and technology in place so you can qualify for cybersecurity insurance but hopefully never have to use it.