Into the future: what might cybersecurity look like in 2023?
As we enter into 2023, cybersecurity must be at the forefront of our minds. With hackers becoming increasingly sophisticated in their techniques and the number of endpoints growing exponentially due to the explosion in the number of connected devices, it is critical that over the next 12 months we consolidate our efforts to stay one step ahead of the threats.
According to Keeper Security's 2022 Cybersecurity Census Report, the average UK business experiences 44 cyberattacks per year - that's more than three every month. Even worse, the report revealed that almost half (46%) of IT leaders expect both the total number of cyberattacks, as well as the number of successful attacks, to increase over the next 12 months. A higher level of security to tackle growing online threats will therefore be essential in the new year. As industry leaders evaluate their cybersecurity posture in this environment, here is a look at what I expect in 2023.
The number of connected IoT devices has been rising for years, with no signs of slowing down. In 2023, the market for IoT is expected to grow by 18% to 14.4 billion active connections. As more consumers and businesses rely on connected devices, these connected solutions become more vulnerable to cyberattacks. With this, the billions of devices shipped by original equipment manufacturers (OEMs) will require greater out-of-the-box security to mitigate the risk of malware intrusions and their contribution to Distributed Denial of Service (DDoS) attacks. To prevent and mitigate devastating attacks, manufacturers, and suppliers of OEMs must design security within their products, embedding it into every layer of a connected device.
Zero trust is now the only realistic and comprehensive framework for securing modern, cloud-based data environments and distributed workforces. In line with zero trust, I anticipate a growing shift toward zero-knowledge architecture. The zero-knowledge security model helps support zero trust by protecting against data breaches, and is crucial for cybersecurity vendors to achieve customer trust and approval. Despite the importance of zero knowledge and zero trust, right now, zero trust adoption is limited and not being taken as a serious priority. In Keeper Security's recent Census Report exploring insights from UK IT leaders, only 33% of respondents said they have plans to adopt a zero-trust, zero-knowledge security approach. 2023 will bring increased attention and progress in this area.
We can also expect to see cyber governance and transparency become a critical boardroom issue. IT leaders themselves admit a lack of transparency in cyber incident reporting within their organisations, with more than half of respondents (55%) to Keeper's report saying they've kept a cyberattack on their business a secret. In the year ahead, business leaders will prioritise fostering trust and transparency within their organisations, creating an open dialogue to recognise the scale of the cybersecurity challenges their organisations face.
With the evolving threat landscape, more organisations will implement educational programs for their employees to mitigate cyber risk factors – taking every endpoint, system, database, and application seriously. In Keeper Security's report, the vast majority (79%) of IT professionals expressed concern about a breach from within their organisation, and 49% of respondents said they have suffered a breach of that nature. Despite this, only 48% of respondents currently provide employees with guidance governing passwords and access management. This year, business and IT leaders will do more to educate teams and ensure everyone is following cybersecurity best practices.
In 2023, we will also see cybersecurity vendors put greater focus on the small and medium-sized enterprise (SME) market. SMEs are the most underserved market regarding cybersecurity, yet they are a primary attack target by cybercriminals. This has significant economic impacts, as small businesses are critically important to the health of our broader economy. The UK Department for Business, Innovation & Skills reports that small businesses make up 99.9% of the UK business population. Yet, we've all seen the news headlines and read the stats – many SMEs are just one cyberattack away from being forced to shut their doors.
Over the next 12 months, we will see cybersecurity solutions, for both enterprises and SMEs, that are simpler to provision by IT departments, easier for employees to use, and importantly, more cost-effective. This will enable SMEs to access the cyber defence tools they desperately need. It also means that businesses struggling with the current cost-of-living crisis won't be forced to sacrifice their cybersecurity defences, when trying to make economies.
Through these predicted trends for 2023, it is abundantly clear that it will be the joint responsibility of everyone to step up their cybersecurity game in the coming year. From business leaders to individuals to cybersecurity vendors, we all have a part to play in protecting ourselves and our organisations from the ever-present risk of cyberattacks.