Cybersecurity was already a board-level concern, but after several very high-profile breaches in the latter half of the year, it’s going to be an even
Cybersecurity was already a board-level concern, but after several very high-profile breaches in the latter half of the year, it’s going to be an even more critical and scrutinised area this year. The penalties for data breaches in Australia are even more severe now, and organisations cannot ignore them.
But what will be some of the priorities in building a robust security profile? Some of the key trends that we see dominating the conversation this year include:
1) Managed security will be king
Australia will be around 30,000 cyber professionals short of requirements over the next four years. This will likely hit the SME space the hardest, as such organisations will struggle to attract the best talent available, in the numbers they need, at a price that is affordable, given that the skills shortage will continue to push up salaries.
At the same time, organisations cannot rely on laypeople within the organisation to “cover the gaps” and become the security within the team. Training from within will also be challenging, with budgets becoming constrained as the looming recession hits. So, organisations will turn to managed security as the solution, relying on the services of proven partners in the space to be the security arm of their business.
2) Zero trust will become standard
IT environments are becoming more decentralised than ever, as remote work is now permanently ingrained in business, more devices are connected to cloud networks, and there are more forms of connectivity available. 5G, for example, will start to become mainstream across cities in Australia, and this is going to lead to new levels of mobility in work.
All of this comes with a security risk, however. Here, traditional approaches – perimeter and endpoint security – will continue to be important, but will not be enough in themselves to prevent an attack. Zero trust security, with robust verification for each interaction on a network, is going to become a more prevalent solution that organisations of all sizes look to.
3) Automation and AI will become more integrated into security solutions
As the sophistication of cyberattacks becomes greater, and new threats are released increasingly rapidly, having real-time visibility into the IT environment becomes all the more critical. AI that has been trained to monitor for unusual activity and immediately isolate threats and issue reports will be a core resource in being able to grapple with this challenge.
This is why analysts are predicting that by 2030, the amount spent on AI-based cybersecurity products will increase by 798 per cent to $133.8 billion worldwide.
4) The core security strategy will shift to resilience
As the popular saying goes “It’s not a matter of if you get breached, but when,” and in 2023 that will be truer than ever. This year, in recognising that inevitability, organisations will redouble their focus on resilience – being able to rapidly recover from a breach, with minimal loss and disruption to business. Data restores and archiving are going to be more closely monitored for faults. Meanwhile, organisations will take steps to ensure that the backups are not at risk of being compromised themselves.
Those organisations that don’t already have a clear resilience strategy will proactively prepare a response manual, which will cover everything from how to quickly neutralise the threat, to the PR and internal communications strategies to quickly inform and address people as the situation unfolds.
5) Email and phishing will continue to be the biggest headache for organisations of all sizes
For all the sophistication of attacks that are now possible, cyber criminals will choose the path of least resistance where they can. This means using social engineering techniques and proven phishing attacks via email. Indeed, this is going to continue to be such a widespread problem that recent research found that 75 per cent of cyber security practitioners still think that email-based attacks are the most dangerous threat to organisations.
This needs to be tackled in two ways. There are technology solutions that can be deployed to email that can help to mitigate the risk of a person falling for a phishing email. Otherwise, ongoing vigilance and education will be important to ensure that each person in the organisation knows what the red flags are and how to address a potential phishing attack.
One final note – one of the big trends that will occur through 2023 is that the cyber threat environment will accelerate. There will be more threats on the landscape, and the scale of them will increase, particularly given the global socio-economic challenges around conflict and a looming recession, which will cause disruption that cybercriminals will look to exploit. Staying on top of these challenges need to be a matter of ongoing vigilance, and this, too, will lead people to look at managed services, for the peace of mind that 24/7 coverage will provide.