More than 22 billion files that might have been exposed in 2020 as a result of security breaches in encryption techniques or cybercrime acts according to Tenable’s latest report. Over the same period, this company specializing in cybersecurity indicates that the vulnerability rate of computer applications has increased by more than 6% in 1 year and by 183% since 2015.
The health crisis has played an important role in this growth of cybercrime with the increase in teleworking and the explosion in the volumes of data exchanged through networks. This situation tends to become generalized, further encouraging the appearance of new faults.
In this article, discover the 5 risks in data and security to watch out for in 2023.
1. 6 Cyber Attacks per Minute
According to an experiment conducted by Clark School, an engineering school, a computer workstation with Internet access suffers an attack on average every 39 seconds. How does that happen? Because of automated scripts that check for vulnerabilities in thousands of computers at once. And this figure already dates from 2007!
15 years later, with the increase in users, data volumes, and especially the appearance of increasingly sophisticated ransomware, this frequency should increase further.
Cybersecurity Ventures, a group specializing in studies on cybersecurity and the cyber economy predicts that by 2023 a company will be the victim of a ransomware attack every 11 seconds.
CIOs (Director of Information Systems) and CISO (Head of Information Systems Security) and all IT security players will therefore have to strengthen their actions to raise awareness of ransomware and implement mechanisms for detection of malicious content through data protection techniques.
2. The Expansion of Internal Security Breaches
In 2020, more than 50% of database encryption technique breaches were internal to companies and organizations. These included unintentional or clumsy acts by employees with the use of personal devices on work networks or spam and phishing scams.
The health crisis has further amplified these flaws. Indeed, many companies have had to switch very quickly to teleworking by adapting or setting up cybersecurity infrastructures as a matter of urgency.
As these remote jobs become more widespread, the threats are also likely to increase. Here too, in 2023, cybersecurity awareness and education actions will be essential to protect IS from cyber-attacks.
3. Threats Linked to Artificial Intelligence (AI for Data Security)
The field of AI is growing. Automation and machine learning processes are powerful levers of productivity and growth that are becoming widely used in companies.
However, cybercriminals also take advantage of machine learning in their attacks.
One of the major risks of data security in 2023 will be data poisoning, according to the US National Institute of Standards and Technology. A hacker, through a “backdoor” (backdoor, that is to say, access to the software, unknown to the legitimate user), could add entries to a machine learning program. Research shows that a 3% poisoning of data results in an 11% loss of accuracy in predictive algorithms.
Hackers can also use AI to improve the effectiveness of their social engineering attacks. Artificial intelligence can indeed learn to detect patterns of behavior and exploit them to make a phishing phone call or e-mail appear more credible. In 2023, IT security players will therefore be racing against time. They’ll need to make the most of AI’s possibilities to identify new vulnerabilities in networks, devices, and applications as they emerge, and most importantly before they are spotted by cyber criminals.
4. Redefining Cloud Security
More and more storage and applications are migrating to the cloud. The use of online services has also increased exponentially with the crisis of 2020. However, the more the volume of use grows, the more the number of sensitive and potentially risky data increases.
But, contrary to what one might think, major security incidents in cloud storage security techniques are not just caused by the provider or the operation of the service. They mainly come from the way the cloud is implemented in companies.
In 2023, companies will therefore have to pay more attention to the implementation of a secure cloud computing strategy including:
- The integration of a cloud security architecture with continuous monitoring and an updated list of threats,
- Management and control of access to data hosted in the cloud,
- The use of reliable communication interfaces and APIs,
- Raising employee awareness to avoid phishing or connecting to online software and files from personal equipment.
5. Beware of Vulnerabilities already Known on the Internet
In 2020, many threats were related to known, but unpatched vulnerabilities.
The situation is expected to intensify further in 2023. Cybercriminals will use more techniques focused on compromising the Internet infrastructure by exploiting stolen credentials, but also by using unclogged vulnerabilities on servers such as RDP (protocol allowing using a remote desktop computer) or exposed FTP (file transfer) servers.
Many companies do not actually have a vulnerability management program. To fight against known and unknown threats to the Internet, National Information Systems Security Agency recommends:
- Deploy a firewall and make access via a secure Internet gateway essential,
- Not to expose the directory of the internal IS to the resources of the secure Internet gateway,
- To use an offer qualified by ANSSI for outsourced relay functions,
- To authenticate all access to web content.
The economy and the world of work are undergoing a profound digital transformation. Firms will therefore be encouraged to improve their security programs in order to adapt to the new technological complexity. 55% of business leaders said they wanted to increase their cybersecurity budgets in 2023, with 51% hiring cybersecurity providers or experts.
Are you looking for adding that added security layer to your apps and websites? Contact our team of experts to secure your platforms from data breaches to save the loss of intellectual property, time, and money.