The past few years have been particularly eventful in terms of cybersecurity and cyber attacks, with many wondering about future threats to come in 2023 and beyond. Prudent and thorough cybersecurity is essential for modern organisations, and risk management professionals must be able to identify and manage IT-related risks so that they can be mitigated or contained.
Below are some of the top cybersecurity risks to prepare for in 2023:
More Complex Phishing Scams
Phishing is one of the oldest and still most common scams, affecting private individuals and organisations alike. The good news is that many organisations in the UK and worldwide have implemented more robust training and workshops to help employees identify phishing as well as improved cybersecurity to better filter out unwanted spam and to only permit valid and genuine emails and intra-company messages.
The bad news, however, is that those behind the phishing have also upped their game. Royal Mail and Covid-19 spam SMS messages were common in 2021 and 2022, as were phone calls from fake HMRC “agents” looking to obtain personally identifiable information.
In 2023, phishing is likely to remain a persistent and obnoxious nuisance, but one that can potentially cause significant damage to an organisation and potentially lead to a data breach.
Increase in Ransomware Attacks
2021 and 2022 were notable years for ransomware, with attacks on Colonial Pipeline and the Health Service Executive (Ireland’s public healthcare authority) ransomware attack the very next week in May 2021. These two attacks made mainstream news headlines and caused massive disruption, both of which were alleged to have originated in Russia and both demanded ransom payments in the millions.
In 2023, ransomware attacks will likely continue to be a major threat to organisations, including government agencies and major corporations. Containing a ransomware attack, restoring access (if possible), and the ethical questions over whether or not to pay the perpetrator the demanded ransom are all decisions that are crucial should it happen, but it should never get to that point ideally.
State-Backed Cybersecurity Threats
Global political tensions run high and the risk of cyberattacks from state-sponsored entities remains high. Sometimes, it can be difficult to directly associate a cybercriminal with a larger organisation or to identify whether or not they are acting on behalf of a government agency.
As mentioned, the two big ransomware attacks from 2021 are alleged to have originated in Russia. Many cyberattacks are also believed to be directly sponsored by governments such as North Korea, through a complex pipeline of funding. The often nebulous and covert nature of such attacks makes them hard to pinpoint, but this is something that government task forces are being tasked with combating.
Third-Party Risks
There are many possible risk vectors that can affect an organisation through third parties. Vendors and contractors should therefore be made to adhere to strict security standards in order to mitigate the risks of data breaches.
It’s estimated that over half of all data breaches directly involve a third party and nearly half of all organisations have cybersecurity standards in place for their third party contractors and vendors, so it stands to reason that these risks will remain noteworthy going into 2023.
Risk Wizard UK
Identify, manage, and mitigate risks to your organisation with cloud-based solutions from Risk Wizard UK.