What does the cybersecurity landscape look like for the year ahead?

What does the cybersecurity landscape look like for the year ahead?

New research has revealed that over a third (36%) of the UK’s CIOs and CTOs say that rolling out IT security and information safeguarding initiatives are the key strategic priorities for their business in 2023 and beyond.

To meet this objective, 30% are actively hiring to boost their stretched IT teams. However, just under half say that candidates with the required information and cybersecurity skills are the hardest to find, while 29% cite problem solving as the most elusive soft skill, highlighting a growing skills gap for the industry.

This is according to specialist recruitment firm Robert Half’s 2023 Salary Guide, which analyses and reports on market salaries, hiring trends and skills requirements across the technology sector.

The news comes as the government warns of the growing risk to UK businesses from cyberattacks. According to the Department for Digital, Culture, Media & Sport’s Cyber Security Breaches Survey 2022, almost one-in-three businesses (31%) and a quarter (26%) of charities suffering attacks said they now experience breaches or attacks at least once a week.

In addition to developing cybersecurity projects, the top strategic priorities for CIOs and CTOs in 2023 are increasing efficiency and productivity (31%), expanding cloud computing initiatives (26%), Digital Transformation schemes (24%) and developing Blockchain and Internet of Things (IoT) projects. This suggests UK businesses are continuing to build on the progress made following the pandemic by enhancing their online presence over the next 12 months.

After the demand for talent with strong problem-solving skills, employers are on the look-out for candidates who can demonstrate teamworking (28%) and communication skills (27%), highlighting the need for employees willing to work effectively as part of growing IT teams.

The report also found that, due to the climate of information ‘insecurity’ allied to the relentless growth of digitalisation and ‘Big Data’, tech leaders are clear that roles are likely to be safe from recession fears. Political instability is forcing businesses to consider shifting away from offshored IT support, opting to bring it in-house or work with managed services like Protiviti to maintain service levels. In addition, 30% plan to add new positions for permanent full-time employees and 22% will bring more temporary talent on board in the next 12 months to aid with growth plans.

Commenting on the findings, Robert Half Director of Tech Placements, Craig Freedberg, said: “Growth, security and customer experience are at the forefront of leaders’ minds, creating unprecedented demand for developers, cloud specialists and IT security experts. Due to the growth of cloud and ‘Big Data’, security is a growing concern for many UK businesses and this will only increase as the vast number of digitalisation projects near completion.

“It is estimated that cybercrime will cost the UK around £27 billion every year, with around £21 billion of this coming from attacks against businesses, highlighting the urgent need for employers to source tech talent with the necessary expertise.

“However, our research shows that the demand for candidates with the sought-after skills far outstrips the supply and as such, we recommend employers upskill their current workforce to ensure vital IT infrastructure is cybersecure and fit for purpose.”

Stephen Osler, Co-founder and Business Development Director at Nclose

In my opinion we will see more clarity around the concepts for detection and response capabilities and probably a little more consolidation in terms of vendors. What I mean by that is more clarity on what vendors say that they do compared to what they actually provide. We still see that sometimes vendors say they provide one thing but may not necessarily provide the entirety of what they say but elements of those things.

With regards to volume of threats and attacks, that will always be on the increase, the reality is people continue to be compromised and so the monetary incentive for cybercriminals is still there and will increase as a result. For Nclose as a business, the more detection capabilities that we have in order to detect incidents early is always a plus. We have to evolve and adapt to the volume of attacks. The last decade has proven that this trend is on the rise and I don’t see why that would change.

We might see if things start to calm down significantly with regards to the Russia-Ukraine war that more nation states and – importantly, more focus on South Africa – start implementing improved secure measures and legislation with regards to cybersecurity. The Russia-Ukraine war has really brought to light the reality we live in – that cyberwarfare is a real and serious threat.

The by-product of the war could potentially see more cybercriminals diverting their attention elsewhere. Initially there were numerous cyberattacks happening between the two nations and that has died down a little. It remains to be seen, but I do expect countries will start focusing more or even start clamping down on cybercrime and maybe introduce significantly higher punishments for cybercrime.

In general, every year we see cybercriminals developing new ways to get around existing defences and discovering more sophisticated ways to compromise environments. So, we would have to evolve our detection capabilities towards these new threats and continue to do what we do best every year and that’s; protect, defend and mitigate threats that target our customers.

Doros Hadjizenonos, Regional Director, Southern Africa at Fortinet

The cybersecurity landscape is always evolving and the year ahead promises to be no different.

Cybercrime-as-a-Service, or CaaS, is a growing problem because it makes it easy for even novice criminals to commit sophisticated cybercrimes. CaaS providers typically have a low barrier to entry, which makes them appealing to a wide range of criminals who can choose any type of attack, without needing hacking skills to achieve results. These turnkey options will become more complex and leverage emerging attack vectors such as deepfakes more often.

Linked to the Cybercrime-as-a-Service theme, another key trend is hyper-targeted attacks that involve reconnaissance of targets before an attack is launched. Threat actors will increasingly hire ‘detectives’ on the Dark Web to gather intelligence, thus enabling attackers to execute attacks more effectively and efficiently.

As technology continues to advance, threat actors will continue to exploit it. With the rise of the Metaverse, there will be an increase of cybercrime in this unchartered territory. With the use of avatars to represent individuals and the related purchasing tools required to survive in these virtual cities – such as digital wallets, NFTs and crypto exchanges – it will be easy for cybercriminals to attack on many fronts and gather personal information relatively easily.

As AR and VR usage increases, biometric hacking will become prevalent as cybercriminals will easily steal fingerprint mapping, facial recognition data, or retinal scans to use for malicious purposes. 

As the world continues to advance, so does cybercrime. These highlights of what the threat landscape could look like in 2023 are a small part of a very big picture – one that is constantly evolving and adapting to take advantage of any opportunity to attack.

Lucia Milică, Global Resident CISO, Proofpoint

The growing regulatory scrutiny at the board level will further shift the CISO’s role and increase the board’s expectations and requirements. The proposed US Securities and Exchange Commission reporting requirements for increased transparency will compel companies to improve oversight and increase cybersecurity expertise on the board itself. They will have new requirements and expectations for their CISOs, changing the CISO’s traditional role. But the recent Uber breach verdict in a US federal court sets a dangerous precedent that encourages boards to shift liability directly to CISOs. Our industry is already struggling to recruit cybersecurity professionals, so this verdict could have a chilling effect on any effort to make headway in the battle for talent.

With only half of CISOs reportedly seeing eye-to-eye with their boards, the mounting expectations and the stress of potential personal liability for a cyberattack will only increase the strain in the board-CISO relationship, with huge implications for an organisation’s cybersecurity.

Our team’s predictions all point to the same theme: organisations need to go back to basics to ensure they are protecting their people and their data. Whatever weaknesses threat actors exploit in 2023, people will remain their favourite attack surface and data their desired prize, which underscores the importance of cyber-hygiene and a holistic approach to defence strategies.

Taking a broader lens beyond individual organisations, we see a growing need for public and private sectors to come together to boost our resiliency. With cybersecurity emerging as a national security concern in recent years, our industry and the government must work collaboratively to address these pressing cybersecurity issues.

The supply chain will be increasingly weaponised, exploiting our trust in third-party vendors and suppliers.

SolarWinds and Log4j may have been wake-up calls, but we are still a long way from having adequate tools to protect against those kinds of digital supply chain vulnerabilities. A World Economic Forum survey found that nearly 40% of organisations experienced negative effects from cybersecurity incidents within their supply chain and almost all expressed concerns about the resilience of small and medium enterprises within their ecosystem.

We predict these concerns will mount in 2023, with our trust in third-party partners and suppliers becoming one of the primary attack channels. APIs are of particular concern because threat actors know we have become heavily reliant on them. What makes things worse is that many organisations simply lack solid practices for securely integrating and managing APIs, making the threat actors’ job that much easier. We expect more tension in supply chain relationships overall, as organisations try to escalate their vendors’ due diligence processes for better understanding the risks, while suppliers scramble to manage the overwhelming focus on their processes.

Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa

• Positive:

o There is more awareness around the importance of people-centric security. People are the greatest asset in any organisation. This is especially important within cybersecurity and why leading organisations with mature cybersecurity cultures are adopting more holistic, people-centric approaches to security. They recognise the impact mental health has on their technical staff performance as well as end-users’ susceptibility to cyberattacks. As a result, they invest in holistic approaches that combine wellness and cyber-awareness campaigns.

• Negative:

o Cyber extortion attacks. Ransomware-as-a-Service (RaaS) operators are expanding their service portfolios to different focus areas such as cloud environments, Linux operating systems and double or triple extortion attacks. Many groups are now operating without the encryption element. They just exfiltrate the data and threaten with exposure unless the victim pays a ransom fee, sometimes not only from the original victim, but also from anyone who might be impacted by the disclosure of that organisation’s data. This type of attack is becoming more common as it is easier to carry out.

o Attacks against critical infrastructure. Countries in Africa should be concerned about experiencing a similar incident to that of Costa Rica’s, which had to declare a state of national disaster due to a Conti ransomware attack in April 2022. Local public sector organisations are particularly vulnerable, as many are not adequately prepared or resourced to deal with an extortion attack. This could potentially result in critical infrastructure downtimes with negative macroeconomic and societal impacts.

o Cloud-based attacks remain a top concern. The demand for cloud and cybersecurity in Africa, particularly South Africa, has dramatically increased in recent years. Cloud services offer increased speed and efficiency; however, many companies lack the resources or skills to implement proper security controls or misconfigure their cloud environments, leaving them vulnerable. According to a survey by KnowBe4 in South Africa, 58% of respondents have vacancies in the cloud security space and 72% said their biggest challenge is not finding candidates with practical experience. It is crucial that Africa invests in resolving the cybersecurity skills shortage.

o Mobile malware attacks, particularly against Android devices. According to a report from Proofpoint researchers, there was a 500% surge in malware attacks on mobile users during the first few months of 2022. Telcom operators in EMEA noticed larger than normal volumes of SMS messages with malicious links in September 2022 in an attempt to infect targets with malware, which acts very similar to the notable malware ‘Flubot’. Due to the increase in mobile payment and money opportunities as well as carrier billing services, particularly on the African continent, malicious hackers are motivated to attack mobile devices. They are industrialising how they distribute their mobile malware by using advertising and marketing techniques (i.e., via social media ads) to reach the maximum number of targets.

o Increased attack surface, Internet of Things and OT attacks. According to a KnowBe4 and IDC research paper, nearly 60% of organisations across Sub Saharan Africa plan to increase their connectivity and Internet of Things (IoT) utilisation over the next 12 months. Unfortunately, this means a larger surface area for cybercrime. As malware spreads from IT to OT, the impact can move from pure business interruptions to physical harm. According to Gartner, the proliferation of cyber-physical systems – which include systems that combine the cyber and physical worlds for technologies such as autonomous cars or digital twins – poses another security risk for organisations. Increased attack surface and complexity are welcoming invitations for cyberattackers.

Alex Laurie, SVP Global Sales Engineering, ForgeRock

In 2023, the workforce will become the primary battleground in the ongoing struggle between security teams and threat actors. As we adopt more technology, employees are increasingly recognised by businesses and hackers as the largest chink in an enterprise’s armour.

More and more attackers are capitalising on human error, so enterprises need to take their security to the next level. The recent high-profile social engineering attacks which leveraged ‘prompt bombing’ users with Multi-Factor Authentication alerts to gain unauthorised access to sensitive systems or data have demonstrated that it’s clear attackers are getting more creative in how they appear as legitimate colleagues or technology to employees.

At the same time, security teams will spend more time securing the workforce to reduce exposure to risk. Regularly educating employees to understand cyber-risk and the role they have to play in minimising it can significantly reduce the risk of fraud through human error. Combined with implementing AI to identify and flag unusual or potentially dangerous access attempts in real-time, security teams can give their organisations the best chance of winning this key battleground.

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive