The cybersecurity threat landscape: Reviewing 2022 and looking ahead to 2023

What did the cybersecurity threat landscape look like in 2022?
Despite the huge advancements being made in cybersecurity, attackers have continued to conduct novel and damaging cyberattacks throughout 2022. The topic of ransomware has continued to achieve regular headlines this year, further contributing to organisations worrying about the threat every day.

Current world events also continue to shape our environment and have a say in driving trends and shifts in cybersecurity. The risk landscape has therefore not become any less complex in the last 12 months, as the volume of attack traffic continues to rise, and while organisations are getting smarter, so are attackers.

Increasing sophistication and quantity of attacks
The ever-increasing sophistication of ransomware attacks, extortions, and the constant stream of their blows is being felt by organisations across all sectors. Methods of attack appear to have shifted from direct targeting to a strategy of proliferation, seeing what succeeds, and then zeroing in on targets.

2022 also demonstrated that ransomware attacks are affecting organisations on a global scale. We saw multiple levels of extortion including ransomware, distributed denial-of-service, data infiltration, rare triple extortion threats, and more. These attacks came more from criminal groups rather than nation-states. But the question is, how will the threat evolve?

Geo-political tensions
Most notably, Russia’s invasion of Ukraine in late February and the fear surrounding it caused many to believe that as the war evolved, we would begin to see an increase in the number of nation-state attacks towards organisations. To date, this has not materialised to the expected degree, likely due to the attention of that resource being focused on Ukraine.

Organised crime groups that have historically focused on targeting western organisations appear to have been drawn to focus on government operations. Groups we usually expect to cause threats are still there, they may just not be fully focused on targeting organisations currently. It remains to be seen what the consequence could be when these threat actors are no longer focused on this situation.

It's possible that these threat actors will likely pivot back to targeting organisations more aggressively again and will come equipped with more operational experience and more exploitations that we haven’t seen before. We should not interpret a lack of active targeting to mean anything about threats diminishing. Organisations need to be prepared for being targeted at any moment.

The shift from a remote to a hybrid workforce
While 2020 and 2021 were largely defined by employees working from home, in 2022 we have witnessed the first true shift to a hybrid workforce. Accommodating workers both in the office and at home has resulted in an increasing number of endpoints to protect, along with necessary changes to systems, networks, and tooling. This means organisations have had to create and implement new policies to support this transition.
The transition from remote to hybrid work has resulted in a massive shift to the cloud and therefore has generated new risk. In particular, where organisations have hybrid cloud and legacy on premise installations, understanding responsibilities between themselves and their partners, and associated risk mitigation, has become an even higher priority.

Moving to the cloud can mean relinquishing control over your data to a service provider. So how do you get the assurance that you do not need to worry about losing data? The answer is to test, which is the best way to discover what you are exposed to. It will give you assurance to know what areas you are doing well in and what is working, but it will also illustrate where there may be vulnerabilities in your security posture and thus where you may mature your position.

It is recommended that testing takes place from different perspectives both inside out, and outside in. Think strategically, where are your most valuable assets? Build a strategy from there to be able to verify your vulnerabilities.

Cybersecurity in 2023
World events, such as conflicts and regional economic outlooks, will continue to shape the cybersecurity industry in 2023. Further, you can also expect cyber insurance to remain a hot topic.

Cyber insurance will continue to evolve but cannot be the number one strategy
Organisations seeking protection from insurance companies, in terms of being covered or receiving payouts after incidents, were relying heavily on insurance if the worst happened. However, insurers started adding restrictions, especially where they found clients lacked key controls. This was coupled with insurers finding there was not a sustainable gain to keep offering at the limits and terms they were.

Organisations need to instead be able to anticipate the direction their business will move in (for example, adopting a cloud-based approach) and therefore anticipate the way these changes will impact relevant threats to the organisation.

In other industries, you can use insurance to mitigate risk. When it comes to cybersecurity, insurance cannot be your number one strategy. It gives a level of comfort, but it must be surrounded by a broader strategy of how you prioritise your assets and how you are going to become more mature within your cybersecurity capability.

Advice for improving cybersecurity in 2023
Ask the question, what does cybersecurity mean to me?
Is cybersecurity strategically important for your organisation? Do you worry about it because your customers worry about it? Is compliance your main concern? Is it some combination of these factors? Learn to understand what your drivers are as well as the number of risks that exist in your environment.

Practice so you are ready for a crisis
Know what to do in the case of an emergency. You will be calmer responding to an incident if you know in advance who is in charge of making key decisions. Implement an Incident Response plan and create crisis scenarios that require key partners to sit through collectively.

Make things difficult for attackers
Harden your entry points and limit your footprint to stop attackers from getting in. The unfortunate reality is that you may face attackers getting in at some point. So, make it as difficult for them to move across your divisions, teams, and business units.

Think about the cost of defence and how to best spend
Cost is understandably a top consideration, and organisations will always seek to cut superfluous expenses and purchases wherever possible. Consider moving away from buying tools and focusing on the processes, ensuring you have complete control over your data and are driving meaningful insights from it.

Getting your cybersecurity right in 2023 and beyond
Cybersecurity is now considered the number one risk organisations face across the globe. It feels like such a large area to address, that it may feel overwhelming to find a place to begin. What it comes down to is prioritising what matters and remaining diligent on a cycle of continuous improvement.

Collaboration is key in the future. Threat actors have no problem sharing dark web information, allowing them to learn and evolve from each other's tactics and strategies. Organisations working to defend themselves have an opportunity to work towards creating an environment that fosters helping one another too. How much information are we willing to share so that we can collectively get better?