Over the next year, we will see an increased development of regulation and the creation of new laws. Accordingly, the consequences of non-compliance related to information security will become more serious. Also, in contrast to the centralized model, a decentralized cybersecurity model will be developed, which can provide better enterprise adaptability to new business initiatives.
In addition, companies want to be independent in matters of cybersecurity, respectively, this will also affect the increase in demand for security services, as well as the growth of costs in this area. “Traditional” issues of information security do not go anywhere either. However, first things first.
In this article, we will look at 6 major trends in 2023 that will be popular in the field of information security. Read on to find out more.
Cybersecurity trends that will impact business
Companies are constantly generating new information, data is constantly growing, and organizations are taking responsibility for protecting this information. However, not all information that a business produces and stores is “operational”. This means that not all data is used by businesses on a daily basis, and about 60–80% of information is stored as “dark data”.
The problem here is that companies do not always know exactly what kind of information they have left in storage. This can create certain inconveniences and legal collisions, since, for example, in accordance with the GDPR, a business does not have the right to store personal information of customers or users for longer than necessary. If this happened, and there was a leak of information, the company may have very serious problems.
Therefore, data protection and privacy enforcement is a significant concern, especially where there may be some conflict between business and regulators.
Gradually, more and more countries are following the example of the EU, implementing their laws on the protection of personal data. Gartner predicts that by the end of 2024, approximately 75% of the world’s population will be protected by such laws. However, the implementation of complex standards does not lead to the sudden and widespread introduction of advanced cybersecurity technologies.
Therefore, the sooner enterprises take the initiative, the better. It is forward-thinking companies that go beyond accepted cybersecurity requirements by being proactive and using best practices and standards. This approach reduces both the risks associated with cybersecurity threats and the risk of being fined or sanctioned for non-compliance with any regulatory requirements.
It is worth noting separately that ESKA specialists, using an automated solution from Vanta, are ready to help your company get certified according to many industry standards. More about it here.
Growing demand for cybersecurity services
As companies have realized that the information they own needs to be securely protected, the service model for providing information security services will attract more and more interest. This is due to the persistent shortage of infrastructure, subject matter experts, time and money. Accordingly, it is much more profitable for companies to invest their money in a guaranteed and predictable level of service that can be scaled as the business grows, rather than developing their own information security program, looking for expensive specialists, etc.
One example of such a service is a penetration test. This is a comprehensive service that allows you to identify vulnerabilities in your system. Our specialists imitate a hacker attack and identify weaknesses and security gaps. As a result, you can significantly increase the degree of security.
This also includes vCISO services — when you delegate cybersecurity issues to a group of external specialists. Thanks to this service, you can remove the extra burden from your management, and at the same time strengthen the information security of the company.
Automation of cybersecurity operations
Technologies such as SIEM or SOAR are becoming more popular because they have proven their effectiveness. In 2023, information security professionals will look for benefits in their work by automating routine processes. By the way, not least this will be due to the lack of highly qualified personnel.
Here we can say a few words about artificial intelligence. Some developers believe that a decentralized cybersecurity system can be built on the basis of AI. Such a system, using a sufficient amount of information, could independently make decisions, doing it much faster than a human.
However, this coin also has a downside. Hackers also see AI as a tool to break into systems. Therefore, one can only hope that the development of AI-based cybersecurity tools will be faster than the creation of AI for hacking systems.
Phishing and ransomware protection
Phishing attacks and ransomware are still the most common types of attacks faced by companies. Since phishing is able to adapt flexibly to current trends, information security leaders need to evaluate how to navigate this ever-changing cybersecurity field.
There is, although not a new, but still interesting idea that the only answer to phishing is to move to a passwordless authentication. It is possible that this year we will see an increase in the popularity of this trend.
As for ransomware, unfortunately it will continue to evolve as it is an effective tool in the hands of attackers. Therefore, you will need to be prepared for this.
Evolving security measures in the Internet of things
According to some estimates, by the end of 2023 there will be 3 times more IoT devices than people. Accordingly, the trend in IoT vulnerability will continue. However, there is progress in this direction, achieved through the published EU Cyber Resilience Act (CRA), which introduces mandatory cybersecurity requirements for products sold in the European Union. Given that regulation is constantly evolving, it is possible that we will see similar developments in other regions and countries.
Cybercriminals will continue to use the old methods of influence, as well as continue to come up with new tactics and methods of attack. Therefore, organizations should constantly review their risks, as well as take into account legal nuances and the human factor. Of course, every year it becomes more and more difficult to keep the focus of attention. However, this is what needs to be done.
If you have any questions regarding information security, we will be happy to answer them. Contact us at the contacts listed on the site, or fill out a special form, and we will contact you.