Bytes - Smarter together
Bytes - Smarter together

Bytes Blog: Cyber Security 2023/24 Predictions & Tips

Tuesday 17th January 2023

Writer: Gennaro Migliaccio, Contributor: Giuseppe Damiano, Editor: Daniela Miccardi 

_______________________

What will the Cyber Security landscape look like in 2023/24? This is a key question that is often asked by our clients. To answer this question, I have selected the Top 3 focus areas I believe will dominate the Cyber Security space throughout the next 12 months.

First up, Cyber Insurance

Throughout the past year there has been an explosion of ransomware attacks against organisations of all sizes and industry verticals. In order to counteract and mitigate some of the risk, Cyber Insurance became a key consideration for businesses.

As a result, we have started to see changes in Cyber Insurance, these changes typically involve either; the underwriter preparing tougher policy conditions to avoid pay-outs if cyber-attacks originate from state-sponsored attackers or creating stricter pre-requisites for businesses to obtain cyber insurance. We expect these changes to impact organisations in 2023, to the point where some businesses will find themselves struggling to find the appropriate coverage.

Tips: With most underwriters, policyholders are required to meet basic IT Security Standards to qualify for Cyber Insurance. Although the minimum requirements differ depending on the provider, it’s worth noting the following:

All devices must have Anti-Virus deployed, configured & maintained

  • The use of EDR (Endpoint Detection & Response) solutions will greatly enhance endpoint protection capabilities

Corporate data must be regularly backed up

  • The ability to recover from most incidents will be dependent on the employment of a solid backup and recovery platform
  • Having the right technology is a good start but ensuring you have a formalised Disaster Recovery process (that is regularly tested) will provide a mature recovery strategy

All accounts, where possible, should be protected with MFA (Multi-factor Authentication)

  • MFA is now a requirement and no longer a nice to have; if you haven’t deployed MFA, this should be moved to the top of your to-do list
  • Deploying MFA isn’t an expectation for ‘a few cloud services’ or for ‘selected groups of users’, you’ll need to extend MFA to all applicable services and protect all users where possible. The above is by no means the full list, but for me, it covers the Top 3 areas that are likely to come up when applying for cyber insurance. I would highly recommend looking at the NCSC Guidance and the CIS Top 18 for a structured approach when looking to increase your cyber maturity & cyber hygiene.

Up next, The Skills Shortage

I believe all businesses are currently struggling with recruitment. Unfortunately, within the Cyber space this is a big issue. Whilst figures vary based on the source, many statistics show that the global Cyber Security industry is short by over 3 million workers. With the Threat Landscape continually evolving, this number is set to grow significantly over the next 12 months. As a result, the number of organisations considering outsourcing support via a Provider (in order to fulfil Cyber Security requirements) will increase.

It is important to note that there has also been a steady rise in the number of MSSP providers, and a lot of these providers are becoming more dynamic in what they offer.

Tips: The most important tip to note when considering an MSSP is to focus on the outcomes. It’s very easy for everyone to get side-tracked on the technology (i.e: if a provider supports the newest, shiniest, coolest tech), but this shouldn’t be a key consideration. What should matter is if the provider in question can deliver the fundamentals consistently and against the outcomes that your organisation require.

And finally, Supply Chain Security

Following a review of our CIS Gap Analysis sessions, the team and I have noticed that relatively few businesses formally review their supply chain security for risks. As organisations grow, the supply chain expands. As the scope of threats increase, it is important to ensure that third-party organisations and the systems & data that relates to them, are secure against a range of cyber threats.

Tips: Supply Chain Management and Service Provider Management all starts with conducting a regular risk assessment to determine the potential risk that suppliers carry to your organisation. Developing a structured process that allows you to evaluate suppliers and service providers is key, especially those partners who hold sensitive data or are responsible for your critical assets. All  process should establish regular checks to ensure that all providers protect and manage assets appropriately. A review should not be limited to when onboarding a supplier, but rather, as frequently as possible - as suppliers and providers regularly can change their services & processes.

The above commentary highlights a few of the key things the Cyber space has in store for us over the next 12 months. There are of course predictions around the increased adoption of Zero Trust, as well changes/updates to several compliance frameworks to consider.

Hopefully this article has been insightful and has provided a few tips on how to deal with these potential challenges.

Thanks for reading.

If you have any questions, or would like to learn more about any of the topics covered in this blog, please email our friendly team via [email protected].

 

Want to keep informed? Sign up to our Newsletter

Connect