Last year, cybersecurity predictions centered on application security, increased privacy laws and regulation and ransomware. Another looming prediction was the increase in data loss from insiders.
2022 was an important year for the Insider Risk category. Gartner published its second Insider Risk Management Market Guide and IRM was a hot topic at industry events like RSAC and BlackHat.
See why protecting your organization from data loss caused by insiders need to be a top priority by downloading Gartner’s IRM Market Guide.
Now, with 2022 coming to a close, it’s time again to look ahead. What does 2023 have in store? Our security team spent some time looking ahead. Here are 5 cybersecurity predictions from Code42 experts.
1. Companies will prioritize cybersecurity retention to help reduce turnover
Code42 CISO and CIO, Jadee Hanson says, “There are currently millions of unfilled cybersecurity positions around the world, putting the advantage in the hands of job seekers looking for a change of pace. For employers, however, the cost of replacing cybersecurity practitioners is extremely high – in order to do their jobs effectively, these employees need to fully understand an organization’s tech landscape, which takes a great deal of time.
In 2023, companies will place a large emphasis on retaining their existing cybersecurity employees — and they’ll need to offer more than monetary compensation to do so. Companies that prioritize offering intellectually stimulating projects and assignments that enable cyber employees to flex their creative problem-solving muscles will fare the best. Additionally, companies that look beyond the ‘conventionally’ qualified applicants to assess a candidate’s soft skills, like curiosity and willingness to learn, will find some of the best untapped talent available.”
2. Budget cuts, amid economic uncertainty, will leave companies vulnerable to cyberattacks
“Once rumblings of economic uncertainty begin, wary CFOs will begin searching for areas of superfluous spending to cut in order to keep their company ahead of the game. For the uninformed C-suite, cybersecurity spend is sometimes seen as an added expense rather than an essential business function that helps protect the company’s reputation and bottom line.
These organizations may try to cut spending by decreasing their investment in cybersecurity tools or talent – effectively lowering their company’s ability to properly detect or prevent data breaches and opening them up to potentially disastrous outcomes. This should especially be of concern amid persistent ransomware attacks, and 2023 is expected to be another challenging year. Companies that maintain efficient cybersecurity resources will fare much better in the long run than those who make widespread cuts.” – Jadee Hanson, CISO and CIO at Code42.
3. Attackers will target insiders – especially employees with elevated access – for bigger paydays
Nathan Hunstad, Deputy CISO at Code42 says, “Gone are the days when nefarious actors relied on spam emails or ransomware to gain access to an organization’s infrastructure. Security teams need to be aware that newer, more sophisticated attacks won’t necessarily be caught in spam filters because they’re coming from inside the organization.
Attackers may be upfront with employees, convincing them that taking part in potentially illegal activities is worth the payoff. Other times, insiders will unknowingly be tricked into handing data to outside sources. Because of these efforts, organizations are likely to prioritize more comprehensive security training exercises to help employees spot potential threats.”
4. The continued rise in cloud tech and other collaboration tool usage will result in more data exposure, leading to a revamp tools and policies to detect data exfiltration
“Remote work isn’t going anywhere. In fact, we’re seeing signs that today’s job market is trending toward further expanding candidate pools to include the entire world, no matter the company location. At the same time, our workforce is more transient than it has been previously, as employees are changing jobs multiple times throughout the span of their careers.
For organizations, this combination means corporate data is going to be more vulnerable than ever in the coming year. Cloud technology isn’t infallible, and employees may utilize unauthorized tools to get their jobs done faster and easier. Job hopping also lends itself to more data exfiltration as people leave and take data with them, whether with malicious intentions or not. In fact, our data has shown there’s a one in three chance your company loses IP when an employee quits, and nearly three-quarters (71%) of organizations are unaware of how much sensitive data their departing employees typically take with them. To account for this, we’ll almost certainly see security teams revamping protocols in 2023 with these new data exfiltration capabilities in mind.” – Nathan Hunstad, Deputy CISO at Code42
5. Supply chain attacks will become more sophisticated and harder to prevent
Matt Jackson, Senior Director of Security Operations says, “A supply chain attack occurs when an unauthorized party gains access to a company’s inner workings via a third-party partner. Often, breaching that third-party provider allows an attacker access to several companies at once – meaning this method provides the attacker with a much greater amount of privileged information from just one breach. This type of attack already rose by more than 300% in 2021, and I anticipate this trend will continue in 2023, with these attacks becoming more complicated and intricate.
Because many third-party partners are now privy to more sensitive data than ever before, companies can no longer rely on their own cybersecurity prowess to keep information safe. Supply chain attacks purposefully target the smaller organizations first because they’re less likely to have a robust cybersecurity setup, and they can use those companies to get to the bigger fish. In the next year, companies will become even more diligent when deciding on an outside organization to work with, creating an increase in compliance verifications to vet the cyber tools used by these prospective partners.”
Keep your data secure no matter what lies ahead
Data security is vital for businesses to protect remote and hybrid work environments, comply with evolving privacy regulations and mitigate risk. However, accomplishing these goals requires monitoring all data without hindering employee collaboration and productivity.
An data protection solution like Code42 Incydr can help you do this while meeting the complex requirements of a rapidly changing workforce.