According to the 2022 IBM Cost of Data Breach report, 83% of organizations surveyed experienced more than one data breach with an average total cost of $4.35 million. This cost was an all-time high for 2022 and a 2.6% increase from the previous year. With these statistics in mind, it’s no surprise that cyber threats are predicted to rise in 2023.
In 2022, we saw several developments in cybersecurity trends. While more organizations fully deployed AI security and automation to decrease costs in the event of a data breach, we also witnessed events that changed the way we view security and compliance—like the LastPass breach, which left users rethinking password management. The industry also experienced a significant rise in ransomware attacks and increase in data breaches among remote workers, as organizations switched to both at-home and hybrid work models.
A report from the Cloud Security Alliance also revealed that the top security objective cited in 2022 was protecting customer data, as organizations were concerned that targeted cloud applications contain or provide access to sensitive information.
Data breaches and cloud security will remain a priority for the upcoming year, however, an evolving threat landscape brings new challenges and opportunities for 2023. Let’s take a closer look at some cybersecurity trends to watch for as we move further into the new year—including expert insight from BARR associates, and how your organization can address these predictions from a perspective of continuous security and compliance.
Building a Culture of Security
As cybercriminals’ techniques become more advanced, it’s important to be cyber resilient. Building and maintaining a successful security program that’s embedded in your core values can help create a culture of awareness around security management. This can look like forming an information security team, developing recovery plans, establishing security awareness training, and frequently auditing against security gaps. When you think of security through a holistic lens, rather than responding to one-time security events, your organization can more adequately prepare for and manage cyber risks.
Senior Consultant for BARR’s Attest Services Gustavo Almanza said, “For as long as I can remember, security was always limited to a handful of people or specific teams. In today’s environment, it’s ideal for everyone at your organization to have a security-first perspective. In an ever-changing world, threats to organizations of all sizes have gotten more sophisticated and harder to detect—from a phishing email that looks legitimate to a full-blown DDoS attack. When everyone on your team is aware of security best practices, you can maintain a successful culture of security.”
Increased Cloud Vulnerabilities
The 2022 IBM Cost of Data Breach report also showed that 45% of breaches studied were cloud-based. As more and more organizations migrate to the cloud, in 2023 it will become essential to stay up-to-date with cloud security efforts.
Even though cloud service providers safeguard data through several forms of security measures, attacks can still occur. Implementing a robust program of security protocols can elevate your security posture, further protecting your data from bad actors.
Almanza added, “I encourage companies to push for continuous security monitoring and vulnerability scans, establishing security related KPIs, annual security awareness training and penetration testing to continually protect your cloud environment.”
Human-Centered Cybersecurity Regulations
It’s important to remember that a large percentage of data breaches continue to involve human error. Whether it’s the use of stolen credentials or phishing, people continue to play a very large role in security incidents. No matter how tedious it may seem, implementing security training and continuous education around security protocols on a routine basis provide opportunities for your associates to learn security best practices.
“Employees are our biggest asset when it comes to keeping an organization secure,” said Associate Consultant for Attest Services Erica Paisible. She added, “Consistency in maintaining security protocols is crucial, and having the right security measures in place will safeguard everyone involved. Cybersecurity regulations should not only be something employees hear about during their required annual training, but at the forefront of every organization’s business strategy.”
From a larger standpoint, in 2023, governments around the world are increasing efforts to protect the data privacy of their citizens. Several US states have already issued comprehensive data privacy laws, and global agencies continue to collaborate to prevent and remediate attacks against critical infrastructure.
Continued Responsibility for CISOs
Over the years, the role of a Chief Information Security Officer (CISO) has become exceedingly important. In fact, a 2023 report shows that an impressive 78% of security leaders consulted a CISO for input on a project while in the early stages of development, when business objectives are identified, or before a project goes live.
Larry Kinkaid, senior associate, Cybersecurity Consulting, said, “An influential CISO is crucial for continually managing the effectiveness of a sustainable security program. Having someone on board with the ability to understand the risk of an organization and effectively communicate using real-talk is a differentiator for any organization.” Kinkaid added, “A successful CISO no longer uses fear tactics like FUD (fear, uncertainty, doubt) to secure funding and influence business. Instead, CISOs are taking a pragmatic approach to managing security that better aligns with an organization’s business objectives.”
In 2023, we’ll continue to see a spotlight on the role of a CISO and a continued shift in responsibility to meet the demands of evolving cybersecurity needs. Outsourcing a third party or hiring an in-house CISO can provide your organization with the necessary tools to keep security at the top of mind on a continued basis.
While it’s difficult to predict exactly what the future will look like for cybersecurity, staying aware of these trends can help you become more cyber resilient, protecting you and your organization with long-term security and compliance best practices.
Interested in learning more about how BARR can guide your organization through a continuous security and compliance program? Contact us for a free consultation.