- Thierry Spanjaard
2023: no improvement in sight on the cyberfront
As 2022 has been a perilous year in the cybersecurity field, analysts look forward anxiously to 2023. Seen from the victim’s side, 2022 has seen a record of cyberattacks against all types of entities, from households to corporations and event countries. An extensive flow of cyber-attacks from Russia against Ukraine happened even before the war was started. Tanks came in from February 24, following the cyberattacks, which increased, from both sides after the war burst out.
In Q2/2022, the Conti group ran an attack against the government and administration of Costa Rica, leading the country to an almost complete halt. Not only the government was affected but also private companies with losses ranging from US$ 38 million to US$ 62 million (EUR 35 to 57 million) per day, according to Wired. The Conti group was already known to focus on cyberattacks against healthcare organizations; one has to notice these were numerous in 2022.
Analysts reach a consensus on one point: there is no reason why 2023 should be better than 2022. So we have to be prepared to all types of cyberattacks, including ransomware, targeting everyone blindly: households, small and medium enterprises, large corporations and public bodies.
Even worse, the political instability coming from the war in Ukraine, the Chinese government becoming always more controlling and Iran and North Korea feeling under threat will undoubtedly lead to more government-waged attacks.
Artificial Intelligence will play an increasing role on both sides of cybersecurity. Already hackers have been using ChatGPT to write ransomware. On the other hand, AI is the foundation of many cybersecurity solutions proposed by blue chip companies, such as IBM or Microsoft. Machine learning becomes essential to perform predictive analytics in cyber defence, decision-support systems, risk management, pattern recognition, malware detection and data correlation to name but a few. AI systems could detect vulnerabilities (software bugs) and perform response actions like self-patching. This opens new ways to strengthen communications and information systems security by providing network resilience, prevention and protection against cyber threats, says European Defence Matters.
Cyberdefence is getting increasingly structured: the offer for products and services is improving as well as user education. For instance remote work, which grew sharply from 2020 due to the health crisis is now better supervised, as corporations are now conscious the home environment of their staff has become part of their security perimeter. Insurance is playing an increasing role, thanks to regulations making it mandatory for victims of cyberattacks to make them public.
The legal environment for cybersecurity and privacy is improving: besides the large DMA and DSA ongoing projects in Europe, many governments are setting up regulations in these fields. For instance, the US are expected to set up their “American Data Privacy and Protection Act” while the Indian government is working on their “Personal Data Protection Bill.” Globally, government regulations requiring organizations to provide free and accessible consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP, according to Gartner Group.
An additional issue comes from the shortage of human resources. Demand for cybersecurity professionals is far outpacing supply, and it takes years to train high level security professionals. This lack of available cybersecurity talents will increase risks for businesses as attacks become even more sophisticated.