2022 has left its mark, particularly over the last couple of months, as cybersecurity has become a national issue. The recent high-profile breaches have cast a spotlight on the devastating effects of cyber-attacks.
2022 has propelled organisations forward in its own way. In 2023 we will see yet another chapter of cybersecurity threats and challenges, along with a shift across organisations to proactively take charge of their cyber resilience against new and evolving cyber threats.
These are my top three predictions for 2023.
Cybersecurity takes a seat at the boardroom table
Driven by the extreme increase in cyber threats and attacks over the last couple of months, I predict 2023 will finally be the year we see a breakthrough in how cybersecurity is factored into business strategies. CISOs will take a seat at the boardroom table, with cybersecurity making its way into the mainstream strategic business discussions as a critical issue that all the executives across the business are aware of and responsible for.
It will be critical for all key business executives to proactively ensure alignment between their business and security objectives while managing cybersecurity debt. Forming a dedicated committee and allocating the right resources to resolve any conflicts between what business and security executives want will be essential to ensuring alignment and maintaining awareness of the business’ cybersecurity strategy to prevent severe business disruption.
We have already seen some positive changes and will finally see more widespread and mainstream uptake of these internal changes as they realise the close connection and importance those decisions have on their business reputation and safety.
The price of non-action will be high
We will continue to see Governments rolling out new legislations and updated reforms to keep pace with the evolving cybercrime and threat actors, particularly within critical infrastructure, as they become more frequent and sophisticated.
This is another positive step forward for the industry, giving organisations the push they need to come to terms with the significance of cybersecurity within their strategic decision making. Organisations will quickly realise the importance of investing in cybersecurity as they look for technologies that will help them meet regulatory compliance requirements set by authorities that require businesses to meet an elevated level of security for their organisations.
For example, the new reforms in the SLACIP Act, which now covers more industries and comes with elevated fines for breaches, have also resulted in more organisations improving their security posture.
Legislations will be stricter and the price of non-action will be higher.
Sophisticated cybercrime is the new business model
We’ve already seen threat actors professionalise their operations this year and while most will use alternative ways to infiltrate organisations and revisit old tricks, the sophistication of attacks will increase and develop at scale.
We will see true collaboration arise between hackers to conduct large-scale and persistent attacks against significant targets, as they turn their ‘profession’ as ‘service providers’ into a sophisticated, specialist business model.
If organisations don’t have a sound security risk management and prevention program in place, threat actors will be equipped with the right tools and methods to gain access to sensitive data and critical system operations.