Top Cybersecurity Trends To Keep An Eye On In 2023 And Beyond

The 2023 cybersecurity trends that we’ve witnessed so far have largely risen from the advancement of Artificial Intelligence (AI) and the ways in which it’s being used to both boost businesses, and potentially compromise them when it’s put into the wrong hands. We’ve also seen a further increase in businesses embracing remote and hybrid work environments (which we LOVE), and experiencing the security challenges that this shift can involve (which we love to help them solve). Let’s dive right into the trending topics in cyber security of 2023/24:

• Automotive Hacking On The Rise

When you think of cars being hacked, your mind may immediately jump to self-driving cars, which have been rising in popularity over the past year, particularly in bigger international city centres. But the fact is that features like cruise control, GPS, Bluetooth and Wi-Fi connections, which are fairly commonplace in modern cars, are being targeted by hackers as well. These are allowing attackers access to route data, vehicle control, and giving them the opportunity to listen in on what you might think of as private or sensitive conversations.

What Can You Do About It?

Just like your computer software, car software needs to be regularly updated to ensure that any vulnerabilities are patched as a matter of course. This may require that you chat to your car’s dealer, or ask for software to be updated when you take your vehicle in for services. If your car has Wi-Fi, make sure that the data submitted over it is being encrypted, and protect it with a secure password wherever possible. And when it comes to plugging in USB drives or downloading apps, make sure that you know where they came from and are secure – don’t simply plug in a USB that you found in the parking lot, because it could have been placed there for a reason. It has happened many times before.

• Potential Uses For AI

AI has the potential to add a great deal of value to businesses in multiple areas – from growth and learning to automation and more. But it isn’t only making our lives and work easier. Attackers are also taking advantage of AI technologies to automate malicious scripts and coordinate convincing social engineering attacks which have the potential to compromise businesses in new and sophisticated ways.

What Can You Do About It?

As AI is becoming smarter, so are the communications that it’s able to generate. It’s important to train your humans in the most common email attack techniques, and how they can avoid them. Some best practices to kick you off include checking the sender’s address – the email may say it’s from your boss, but is it coming from the right address? Be wary of clicking on links and attachments in emails from people you don’t know. And if you receive an invoice with unfamiliar banking details, or an email giving you strange instructions, it’s best to pick up the phone and double check before following through.

• Remote Working Cybersecurity Risks

An increase in humans working from home can be a wonder for a business’ productivity, and having your teams work from their own devices can have a great effect on your budget and cost-efficiency. But remote and hybrid work environments come with their own unique security challenges. More devices are accessing critical business data over more network setups than before, and it’s imperative that your humans know how best to protect their devices and networks against attack, because it is significantly more difficult for your IT teams to manage the maintenance of multiple endpoints based in locations around the world.

What Can You Do About It?

This is another area where training your humans is critical to make sure that they understand their roles and responsibilities when it comes to maintaining their systems, but there are also steps that you can take and solutions that you can implement to secure your business data.

You may have noticed that I said maintenance would be more difficult, but it’s not impossible. Tools like Defender for Microsoft can be a big help in effectively managing remote devices and boosting your IT support, and Microsoft Intune allows you to control the data that is stored on computers, laptops and phones as well. If a device gets stolen, or if one of your humans leaves the business, Intune lets you remotely wipe business data, reducing the risk of it becoming compromised.

• An Expanding Internet Of Things

It’s not just an increase of devices that are needing to be managed in 2023, but an increase in objects as well. Everything these days seems to have an internet connection and software updates that need to be effectively managed. There’s your TV, your watch, your vacuum, fridge, car and air conditioner. The list goes on and on. And every item that is connected to the Internet of Things (IoT) is a potential access point that an attacker can take advantage of, allowing them into your business network if the devices are not effectively secured.

What Can You Do About It?

Just because something can connect to the internet, doesn’t mean it should. It is worth weighing up the value that connecting an object to the internet will add to your business or your personal life against the risk that it poses and the maintenance that it will require. For something like your TV, the value of convenience may outweigh the risk, but the same might not be said for your fridge displaying your emails, or your vacuum starting itself up while you’re on vacation.

• The Rising Risk Of Ransomware

Ransomware attacks are not a new phenomenon, but it is a method is becoming more prominent year on year. The average payout for a ransomware data breach has risen by over 47% (from $812,380 to $1,542,333) in the last year alone, as attackers are taking advantage of unprotected (or under protected) data and raising their demands for its return. More companies are being targeted than ever before, and because of the notoriety and public nature of these attacks, clients are more wary of the businesses that they work with, making the reputational impact of a ransomware attack more severe as well.

What Can You Do About It?

If you do not have backups of your data and environments, and a thorough Disaster Recovery Plan which details what to do if your company comes under attack, now is the time to put one in place. Don’t wait until disaster strikes – whether it’s natural or due to an attack, it’s important that you have measures in place for backing up critical information and restoring it when needed. This way even if you do fall victim to a ransomware attack, the damage will be limited, and your operations will largely be able to continue uninterrupted.

• The Need For Mobile Security

With the rise and increased adoption of cloud services making it easier to access data from any and every device, more humans are using their phones and mobile apps to work on the go. This has seen a rising need for mobile security, since these phones will often not be used solely for business – they are likely to have apps installed for personal use, which in turn will have varying permission levels. These apps and their permissions need to be closely monitored and managed to ensure that sensitive company data doesn’t inadvertently become compromised through software vulnerabilities, or through malicious software becoming installed. It’s not uncommon, after all, for attackers to develop a seemingly useful or fun app which gives the developer all sorts of access.

What Can You Do About It?

Tools like Defender for Microsoft can be implemented as Cloud Access Brokers, allowing your IT team to better manage the apps that are accessing your company’s data. They can help you to restrict the transfer of sensitive or critical information, can remotely trigger software updates, and can manage the permissions of apps that are used by all of your team members, reducing the risks of shadow IT – the practice of using software solutions that your company isn’t aware of.

• More Focus On Email Security

Phishing emails and social engineering attacks have been inundating inboxes in 2023, making it ever more critical for businesses to put email security solutions in place and train their teams in how to recognise malicious mails and what to do about them. And it’s not just mails coming from unknown sources that you need to worry about – there has been an influx of mail claiming to come from businesses themselves, which are being sent by attackers, making it more difficult than ever to recognise a phishing attack. And then there’s the fact that, because our inboxes are being filled with spam and phishing mails, it can be easy for important information to become lost in the chaos. Businesses need to find a better method of communication, both internally and externally.

What Can You Do About It?

Tools like Sendmarc’s domain security, which can restrict who is able to send mails from your domain name, are becoming essentials in business security arsenals, rather than just nice-to-haves. And platforms like Microsoft Teams are becoming a central hub for internal communication, video meetings and more, providing a more effective and efficient space to work. The fact that Teams integrates with Outlook and your other Microsoft tools makes it easier to sift through the garbage that’s inundating your inbox to quickly find actionable items.

• Attack Detection Tools Becoming The Norm

Once upon a time, not so long ago, you could trust that anyone who was able to access your account data was supposed to be there. The threat of people infiltrating your data and stealing or leaking it was close to absurd. Why would an attacker care about your information anyway? You’re just a small business with a few clients. It’s an argument that we still hear to this day. And yet, so much can be done with small amounts of personal or critical data, and with the rise of attacks over the past few years, security tools that warn of unusual activity within an account have become a necessity rather than a luxury. Those tools that aren’t making use of machine learning to detect sophisticated attacks are rapidly falling out of favour. With the rising capabilities of AI, attack detection tools are becoming more effective, more accurate, and more affordable to implement as well.

What Can You Do About It?

There are a number of different security tools on the market, but some of the most effective ones will integrate with the solutions that you’re already using for Identity and Access Management. Take Azure Active Directory and the way that it works together with Defender’s Advanced Threat Protection to protect the files and data that you’re storing within the cloud, providing you with an easy-to-use platform to manage access and permissions, while at the same time tracking user activity to detect unusual access patterns which could indicate a potential threat.

• Multi Factor Authentication Proving Itself To Be A Must

Whether it’s brute-forcing login credentials or using keylogging malware to gain access to accounts, we’ve seen over the past year something that we’ve been suspecting for years. Passwords on their own are just not enough protection. Multi-Factor Authentication (MFA) is an easy and effective layer of protection that is simple to implement and can massively boost overall security.

What Can You Do About It?

We’d love to say do away with passwords altogether – that would make life far simpler, wouldn’t it. But the more layers of protection you’re able to add to your platforms the better. And as much as a password isn’t enough on its own, it can be an additional obstacle that an attacker may need to overcome. Make sure that you’re following password best practices – using unique login credentials for each platform, for example – and that you’re adding MFA wherever you are able to, and even look into requiring multiple forms of MFA for particularly sensitive data – a password, a code sent to a phone, and a fingerprint, for example.

• Cloud Security Threats Increasing

There are plenty of advantages to making use of cloud services – flexibility, affordability and scalability just to name a few. And security can be one of those advantages as well. If your cloud services are being managed effectively. But a number of the cybersecurity trends that we’ve seen growing throughout 2023, and which I’ve already mentioned above, are impacting your overall cloud security’s effectiveness. The more devices are being used in remote locations, the more networks need to be secured, the more apps that are being used, all contribute towards the risk of a vulnerability being exploited by an attacker.

What Can You Do About It?

Thankfully, IT security solutions like Defender for Microsoft have the capability to address multiple areas. Yes, you can set it up as a Cloud Access Broker. But it can also be a valuable tool for training your teams in best practices, for preventing users from falling victim to phishing and social engineering attacks, to track user activity and warn you when suspicious activity occurs. You need security tools that can help you tackle multiple threats at once, and Microsoft has developed one which easily integrates with the tools that you’re already using.