Vector
Vector

Choose your topics

Blogs
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

GRC
Blogs
The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
Blogs
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
Blogs
The Top 4 Challenges of Risk Management

What are the top four challenges of risk management today and how can you overcome them? Find out in this post from SureCloud.

Third-Party Risk Management GRC
Blogs
Transform Compliance into Your Competitive Advantage

In GRC, compliance is often viewed as a cost that makes it harder to pursue growth. Here's how to make it your competitive advantage.

Compliance Management GRC
Blogs
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
Blogs
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Blogs
The Simple Way to Combat Phishing

SureCloud Cybersecurity Practice Director Luke Potter shares his tip to stay ahead of attackers phishing for your downfall.

Penetration Testing
Blogs
See Yourself in Cyber With Janhavi Deshpande

See Yourself in Cyber With Janhavi Deshpande - SureCloud

Cyber Security
Vector (7)
Vector-1
Cyber Risk Management

Top Cybersecurity Trends 2023 | SureCloud

Top Cybersecurity Trends 2023 | SureCloud
Written by

Thomas Chappelow, Antonio Manaras, Simone Q. and Steve Velvec

Published on

28 Mar 2023

View from the Experts: Top Cybersecurity Trends your Organization Needs to Watch Out for in 2023 and Beyond

 

The cybersecurity landscape is more challenging and complex than ever before. The development of intelligent new technologies means threats to organizations are evolving faster and security teams are under constant pressure to adapt to the ever-changing environment.

 

According to Gartner, 88% of board members or stakeholders say cybersecurity is no longer an issue exclusive to IT professionals, it’s a business risk rather than solely a technical problem. So much so, further research suggests that 50% of C-suite executives will have performance requirements related to cybersecurity risk built into their employment contracts by 2026. 

 

With this in mind, we asked our team of experts to each spotlight an emerging threat topic that businesses need to be aware of as they plan for the year ahead and beyond. Here’s what they said.

 

Cybersecurity is a business critical issue. It should no longer be viewed in isolation or simply as an IT-only problem 

 

Thomas Chappelow – Collaboration not convergence 

The convergence of information technology (IT) and operational technology (OT) in industry will be a hot topic this year. Many believe that IT and OT will soon merge into a common domain. This assumption is misleading, however, as the two are fundamentally different.

 

IT security controls focus on the protection of information as the critical asset, whereas OT security controls seek to ensure that process integrity and functional safety requirements are being delivered.

 

As we move forward, the conversation should instead focus on IT and OT as a collaboration rather than convergence. Industry requires a deep, cross-functional approach that combines know-how, data, and technology to make operations truly digital environments.

 

It’s not realistic to force a blend of both, as they often have incompatible system protocols and security models. Instead, you may want a method for OT data to be read from IT assets, whilst ensuring that an IT compromise doesn’t impact the safe and secure operation of the work environment.

 

Whatever else happens in 2023, we’ll be advising our clients to seek collaboration, not convergence, between their IT and OT environments.

 

IT and OT collaboration delivers the ability to form part of a common solution, without exposing each environment to the risks of the other

 

Antonio Manaras – The continued rise of cloud computing 

The adoption of cloud computing platforms has become increasingly popular in recent years and this will continue as we move ahead. The convenience of cloud computing is appealing to many organizations, as data is accessible anytime, anywhere. However, with convenience also comes risk. As a result, I believe we’ll start to see more cloud-related challenges emerge. 

 

For example, with increasing amounts of sensitive data stored and processed in cloud-based applications, the opportunities grow for bad actors to target mobile phones, laptops, VPNs and other private networks to steal this sensitive information or disrupt services. 

 

This is why it’s crucial for organizations to focus on protecting the sensitive data they have stored in the cloud by using encryption, access controls, and network segmentation. Additionally, organizations should implement security best practices, such as multi-factor authentication, monitoring and logging of cloud activity, and regular security assessments.

 

Cloud computing presents a plethora of opportunities when it comes to storing data but is also a prime target for cybercriminals 

 

Simone Q. – ChatGTP will change the cybersecurity landscape 

2023 has seen a rapid acceleration in the adoption and advancement of artificial learning (AI) and machine learning (ML). For example, Generative AI platform, ChatGTP, had one of the fastest adoption rates in history with over 100 million users in just two months. 

 

I believe tools such as AI and ML will play a crucial role in helping organizations protect themselves as cyber threats evolve and become more complex. Especially as they already have the capabilities to write code and provide remediation. 

 

By implementing technologies that can automatically analyze large amounts of data and identify patterns that indicate malicious activity, it is easier to detect and respond to cyber attacks. However, it’s important to note that bad actors can also use AI and ML to launch attacks, such as phishing campaigns that are harder to detect, or malware that evades traditional security measures. 

 

The year ahead will see a greater focus on organizations developing their understanding of AI and ML and how it fits within cybersecurity strategy moving forward. 

 

AI and ML can be a threat but also a solution. The more we know and learn about both, the better protected organizations will be

 

Steve Velvec – The death of email phishing

Cybercriminals are always looking for new ways to exploit people or organizations, and it looks like one of the most common cyber attacks of previous years is evolving. Email phishing has long been the chosen tactic of many hackers but now they seem to be shifting their attention to social engineering via apps such as WhatsApp, Microsoft Teams and Instagram. 

 

What’s the reason for this change in focus? Well, unfortunately, with over two billion accounts and 75 million worldwide users, social platforms such as WhatsApp are prime targets for phishing scams. In 2022 US citizens alone lost more than $770 million to social media scams and I believe this number will only increase in the year ahead. 

 

The shift to hybrid working and surge in workforces utilizing instant messaging platforms as their go-to method of communication means they’re an attractive proposition for hackers. Using social engineering to garner one person’s login credentials could mean access to an organization’s entire network. 

 

We may well be seeing the death of email phishing, but it’s being replaced by even more sophisticated attack vectors. Ensuring you have a robust third-party risk management strategy in place should be a priority for 2023. 

 

Instant messaging platforms such as Microsoft Teams and WhatsApp are becoming increasingly popular targets for phishing scams 

 

As attack surfaces continue to increase and threat actors become more sophisticated, security teams will once again be under pressure to keep pace in 2023. Organizations need to be vigilant, and have a robust strategy in place. If in doubt, seek the advice of security experts.  

 

To learn more about our team’s cybersecurity spotlights for 2023 and more, listen to our Capability-Centric GRC & Cyber Security Podcast

 

If you’d like to know more about our Cybersecurity Services, contact us using the form below.