What’s on the horizon for cybersecurity in 2023? The landscape includes an acceleration of familiar and emerging trends, which means businesses should be ready to face an ever-changing environment where risk is inherent.
In today’s cyber climate, no fish is too small for an attacker to try to hook. Thus, SMBs have more reason than ever to be proactive around security, as these key trends target an expanding attack surface and increased risks.
Credential phishing remains hackers’ go-to
Cybercriminals continue efforts to steal credentials from users to gain access to networks. Historically, they’ve used email, but they are increasingly using social engineering. In the first half of 2022, around 70 per cent of email attacks contained a credential phishing link.
Credential phishing and social engineering go hand in hand. The practice is direct and indirect. Lateral attacks, where hackers target one person to get to someone else, are increasing. If a cybercriminal can compromise one user, they can impersonate them to trick other users within the organisation, or springboard to a related organisation such as a partner or supplier.
These methods aren’t going away; in fact, they’re becoming more sophisticated. The countermeasure for organisations is multifactor authentication (MFA). Mandating this for admin accounts should be the minimum threshold, because of the privileges these accounts have.
But getting other users to adopt this has been difficult because it’s a poor user experience and one more burden. So, instead of burdening users with more steps and passwords to remember, a new approach is using passwordless authentication, wherein a code is sent to the device to perform authentication without requiring a password. This approach increases security and convenience, which are usually in conflict.
However, it’s not only email where phishing keeps dropping its bait. Attacks are now omnichannel.
Omnichannel cyberattacks increase risks
Phishing has become omnichannel, mirroring and exploiting the technologies businesses use to communicate. These attacks cross channels, as hackers use phone calls, SMS, social media direct messages and chat. A targeted user could receive communication in one channel to start, followed by a flood of communication in other channels. These are attempts to trip up the user and project more authenticity.
Expanded channels of attacks call for a broadened umbrella of protection from email to cover all channels. Defending against social engineering is especially challenging because the messages don’t contain explicit threats (malicious links or attachments) until the final step of the attack.
As the level of risk from these attacks increases, SMBs may find it hard to retain cyber insurance, which is the next trend.
Cyber insurance coverage requirements grow
Cyber insurance is evolving in the new threat landscape. It has become more expensive and difficult to obtain or retain coverage. Increasingly, a prerequisite for coverage is for businesses to demonstrate that they have the appropriate level of protection. With no standard in the industry on what this is, companies may find it hard to meet this requirement.
To prove that an organisation doesn’t present uninsurable risks, it needs to increase its technology base of security, ensure strong authentication is in place and provide certifications where available.
f the business outsources IT, it will expect its provider to provide robust security. The type of certifications to look for in a cloud partner include ISO 27001 and SOC 1, 2 and 3, as well as industry-specific compliance, such as The Privacy Act 1988 that safeguards patients’ personal and healthcare data and holds healthcare organisations reliable if there is a breach. If an organisation can substantiate these things, it could see better coverage options.
In considering protection technologies that are well suited for reducing the security risk for SMBs, AI (artificial intelligence) and machine learning (ML) are especially interesting and the next trend to consider.
AI’s role in threat protection matures
AI has become a critical technology for improving many business processes. Its continuous learning model is especially relevant to changing security threats, which makes it more effective at reacting to the constantly changing threat landscape. As a result, it provides a continuous strengthened defence over time, identifying and protecting against evolving attacks. This technology is essential for detecting attacks that are outside of the range of previously experienced threats.
Traditional phishing attacks are broad attacks using a specific threat. Email filtering that looks for that threat can process and prevent attacks quickly. What it won’t catch are unique, customised phishing schemes deployed to a specific company or an individual in that company.
Hackers bypass email filtering by using social sites like LinkedIn to obtain employees’ names, which is easy to do, then sending socially engineered messages that don’t include tell-tale links or attachments. They then identify other employees and introduce phishing via email and other channels. It’s not a mass attack, so it’s less likely to be recognised by email filtering. AI can be beneficial in this scenario as it builds a picture of what is “normal” for a specific company to better detect unusual communications.
Again, this situation highlights that every user and company is attractive to hackers, who count on SMBs having weaker defence measures.
Using AI as a safety net should be on the priority list for small businesses. It’s now less expensive and more accessible. So, the barrier to obtaining it is much lower.
Zero-trust architecture: Eliminating implicit trust
Zero-trust architecture modernises traditional security models that operate on an outdated assumption that everything within the network is trustworthy. In this framework, as soon as a user enters a network, it can access anything and exfiltrate data.
Zero trust does away with implicit trust and applies continuous validation. Establishing zero-trust architecture in a network requires visibility and control over an environment’s traffic and users. Such a scope involves determining what’s encrypted, monitoring and verifying traffic and using MFA.
With zero-trust security, organisations review everything, standardise all security measures and create a baseline. As many companies go through their own digital transformations, we will see an increase in the adoption of this approach.
Cybersecurity must be flexible to meet threats
All these trends are interconnected and demonstrate that modern cyber-defence must be flexible and adjustable to meet new and evolving threats — as well as old threats. SMBs need security-centric partners for cloud hosting and applications to sustain their boundaries and reduce risk in the year ahead and beyond.