Cybersecurity leaders share the trends that defined 2023
2023 has been a year of transformative change. Leaders in cybersecurity have encountered new challenges driven by advancements in technology and been forced to adapt faster than ever before. The increase in cyber threats over the year has encouraged individuals and businesses to broaden their awareness as emerging technology such as the rise of GenAI has led to a massive spike in phishing attacks. With digital footprints expanding, identifying the trends in the threat landscape is essential to ensuring the balance between innovation and privacy. Against the backdrop of staggering threats, the industry is grappling with a the need for a stance of proactive defence, urging heightened awareness and strategic preparedness.
Leaders from across the cyber security industry have looked at the landscape to provide their views on the rise of new technological threats:
Maria Pospelova, Senior Data Scientist, Data Science Team Lead at OpenText Cybersecurity sees the threat AI poses to cybersecurity and how essential it is to obtain proactive defence strategies against cyberattacks that have been apparent in 2023 trends.
Pospelova said, “As history has shown, every new technology is used for both good and evil, especially in a domain like cyber security. AI is a mighty and rapidly evolving technology that has made its way into the spotlight across the globe. While its impact on cybersecurity is quite subtle today, we must not let our guard down as this is likely an ominous first rumble of an upcoming mighty storm.
Consider the rise of phishing attacks corresponding to the public release of ChatGPT and other large language models (LLMs). This could just be a coincidence, if you believe in them, or the result of a whole new class of advanced technology suddenly available for malicious use. The dark web is swamped with LLM-based offerings: WarmGPT, FraudGPT, PoisonGPT, and many others.
Security breaches, stolen credentials and ransomware attacks are becoming so frequent they don't even make the front page. There is no time for a wait-and-see approach. Threat hunters must be proactive and embrace AI technology to create a new level of cyber defence and have a fighting chance to withstand the storm. Those that fail to do so will be unable to compete in the fast-paced cybersecurity arena.”
David Marsh, Principal Industry Consultant, Endava, agrees that with recent advancements in technology, heightened security is essential to protect everyone's Digital ID in a progressive and comprehensive way.
Marsh commented, “Whether we recognise it or not, we already have multiple digital identities that we use to navigate the increasingly digital world we live in. We constantly leave digital traces from various online interactions. And with 1,200 data breaches reported by organisations across Australia and New Zealand over the last 24 months resulting from cybercriminals, closing the security gaps around our online footprints will require the implementation of human-centric solutions designed to disclose only the minimal amount of data required. That is the focus of the next generation of digital identity offerings.”
“A modern Digital ID allows for much stronger security measures, such as multi-factor authentication, and supports streamlining of interactions with governments and businesses. Modern digital identity solutions are also specifically designed to avoid the creation of honeypots of data that might appeal to hackers and fraudsters. However, for these solutions to gain momentum there needs to be a collective desire to develop Digital ID alongside well-considered legislation. It’s critical to balance innovation and privacy while keeping the human experience at the forefront.”
Andrew Black, Managing Director at ConnectID echoed this sentiment on security amongst digital identity highlighting the importance for individuals to not have to re-evaluate their identity and information online but rather there needs to be more development of cyber security.
Black said, “Cyber incidents continue to rattle our trust, reminding us that security is everyone’s responsibility, both individually and collectively. We can’t always avoid sharing personal information online, so we need to be able to trust that our data is secure. Australians shouldn’t have to compromise security or convenience by oversharing personal information. At the same time, businesses need to re-evaluate the amount of information they collect, store and manage, questioning whether it’s necessary for their operation and compliance – or a possible liability.”
“Our growing dependency on digital services is heightening the risk of personal information being exposed to cyber threats. If we’re to see real change in protecting the privacy and security of our information, Australians need to be supported with a safe means of verifying their identity online by only sharing the information they need to.”
“There have been some positive developments in this space. The proposed Digital ID Bill from the Federal Government will enable the connectivity between the private sector ecosystem and government services. This is help drive adoption, build trust and deliver choice. We have long supported interoperability as the cornerstone of an effective system.”
Steven Wood, Director – Solution Consulting at OpenText Cybersecurity advised that companies should be on top of developments in spaces such as AI which are seeing increasing attacks by continuously trialling solutions and being prepared for further attacks by recognising key issues in advance.
Wood said, “The cyber landscape continues to evolve at lightning speed – with the ongoing proliferation of artificial intelligence (AI) tools fuelling an increased number of targeted attacks and scams. Large language models and generative AI is opening the door for attackers with lower skillsets to achieve new capabilities through the generation of malicious code, malware distribution and automated remote execution.
Whilst AI speeds up the velocity of attacks across the threat landscape, updated versions of cybersecurity frameworks such as the Cyber Essentials (UK), NIST (US) and NIS (EU) are helping businesses to develop better security postures. The increased uptake of cybersecurity insurance also demonstrates an increased level of awareness and helps to reenforce best practices – with the incentive to avoid excess payouts and costly downtime.
To increase cybersecurity awareness, companies need to continue to focus on good IT hygiene and adopt one of the frameworks to help create a stronger security posture. As part of training programmes, IT teams should consider practicing their response to a cyber incident by running mock trial scenarios, with all business functions included in the exercises. Only by doing so will organisations be able to develop internal cyber awareness and reactive responses to protect customers, data and revenue.
It's no long a case of if a cyber incident will occur, but more a case of when – preparation is the best way organisations can mitigate modern of cyber security risk.”
Finally, Raymond Maisano, Head of ANZ at Cloudflare notes alarming threat statistics which underscore the urgency for education and preparation from businesses. Despite looming risks, there’s a critical need to bridge security understanding at board levels.
Maisano commented, “2023 has been a big year for cybersecurity. In Q3 of this year alone, Cloudflare blocked more than 350 million cyber threats a day in ANZ and more than 140 billion globally. What’s more, reports from the World Economic Forum indicate that 93% of cybersecurity experts expect a catastrophic cyberattack in the next two years. Yet, despite repeated high-profile breaches, nearly 43% of businesses remain unprepared to prevent these attacks. No one can afford to sit back, attackers are becoming more brazen every day, and regardless of business size or scale, everyone is at risk.”
“Amidst an industry-wide talent crunch and increasingly complex threat environment, there remains a huge gap in security understanding among boards that has to change. It should never be a consumer’s fault if an uninformed or ineffective board is unable to advise on and implement the necessary strategies to protect from vulnerabilities and threats. Board members must be held accountable, but the repercussions simply aren’t strong enough. We shouldn’t compromise on how boards and corporations are held liable, instead, discuss the education and security requirements to be considered for board positions.”
“If you think you are not a target, think again. Whatever challenges you’re facing, attackers are already aware of them and are actively trying to exploit these vulnerabilities. Continual investment in cyber awareness and preparedness is the only way to stay ahead of these threats in real time, safeguarding yourself against not just today's attacks, but tomorrow's as well.”
In the face of heightened cyber threats across 2023, cybersecurity leaders emphasise the need for a proactive approach. From the integration of AI in attacks to the critical role of digital identity solutions, the industry is at a crossroad. Cybersecurity's future hinges on embracing innovation, legislative support, and collective responsibility. As organisations grapple with ever increasing attacks, cybersecurity frameworks, insurance, and robust IT hygiene emerge as crucial pillars. The year underscores that cyber incidents are not a matter of 'if' but 'when,' necessitating steadfast preparation to mitigate risks and safeguard the digital landscape in the coming year.