The advent of artificial tools and the proliferation of applications in on-premises infrastructure and the cloud make cybersecurity an increasingly complex issue. We look ahead to five trends for 2023.
Large-scale cyber attacks were the order of the day in 2022. Businesses large and small around the world have been victims of cybercriminals all the time. There are few reasons to believe that 2023 will be a quieter year for cybersecurity. Businesses have to tiptoe to get their security in order.
First, you need to know what to prepare for. Together with Alex Ongena, CEO of the Belgian cybersecurity company AXS Guard, we are therefore dealing with trends and forecasts for cybersecurity in 2023. One constant is striking: the IT and cybersecurity landscape seems more complex than ever. As an SME, how do you deal with this?
it’s getting closer
The first trend for 2023 actually started at the end of last year. Our country has been startled by a series of incidents involving the police of Zwijndrecht, the city of Antwerp and Diest; in February, the East Flemish municipality of Geraardsbergen was added to the illustrious list. Figures from the federal police confirm increasing activity by cybercriminals in Belgium.
These cyber attacks have been widely covered in the news media, which Ongena hopes will mark a turning point in awareness of the seriousness of the threat. “Awareness that cybercrime is on the brink is slowly but surely beginning to trickle down to corporate executives. Incidents in a city like Antwerp or the police have a shock effect because it is closer to the people. This can ensure that previously postponed security measures are suddenly rolled out faster.”
If there’s one lesson Belgian SMEs should learn from recent events, it’s that they can always be next. Ongena makes it clear: “Anyone can be hacked. The size of an organization or what you do doesn’t matter at all to criminals. They often only look at one thing when choosing a target, and that’s where the door is wide open.”
Anyone can be hacked. Cyber criminals only look at one thing and that’s where the door is wide open.
Alex Ongena, CEO of AXS Guard
A professional organization
The way cybercriminals work has changed dramatically. The cliche of the hooded hacker operating alone from a dark basement is long outdated. Today’s hacker groups are professional organizations structured like the companies they target.
“The attacks are now so automated that it has become a desk job, so to speak. On the dark web, criminal groups sell ready-made ones detonator which allows you to shut down a network with a simple push of a button. You can launch an attack in the evening, go to sleep peacefully and see in the morning if the attack was successful,” says Ongena.
If the attack is successful, it is the turn of the “negotiators” to demand ransom from the victim. Ongena: “Most of the time, the negotiators have done their homework well and know the victim’s turnover and profit figures exactly. On average, cybercriminals demand 10 to 15 percent of the proceeds as ransom. They will ask to transfer the amount in bitcoin or another cryptocurrency as it is difficult to trace.”
In these negotiations, the victim often has their back against the wall, Ongena warns. Giving in to the hackers’ demands is by no means a guarantee of a speedy recovery. “The attackers will promise to unlock everything, but in practice, often twenty percent or more of the stolen data is permanently lost after the attack. The perpetrators are not interested in that either; if the victim pays, they have achieved their goal.”
It’s important to gain insight into how the criminal underworld works. “The more you know about how professional hackers work, the more conscious you will start to concern yourself with your own security,” says Ongena.
Cyber attacks are so professional today that it has almost become a desk job. You can shut down an entire network with a simple push of a button.
Alex Ongena, CEO of AXS Guard
Phishing using AI
2023 is already the year of AI. We can’t stop talking about ChatGPT and the like. So it’s no wonder that people with bad intentions are also discovering the possibilities of technology. This brings with it new dangers.
“Artificial tools make phishing e-mails so credible that you can hardly tell the difference between fake and real e-mails,” Ongena sounds rather ominous. Luckily, you don’t stand a chance against phishing, but investing in good email security becomes even more important. “Spam filters look beyond the content of an email to see if it can get through. The links in the e-mail, for example, reveal much more or how long the sender’s domain name was registered.”
Popular email services like Microsoft Outlook and Gmail have controls, but they’re much less strict,” Ongena continues. “They can’t afford to have email blocked unfairly, so their walls are intentionally lower. A specialized solution does not have to take care of this. But precisely because the content has gotten so much better, I still advise you to be extra cautious if a suspicious email gets through.”
Cloud makes security more complex
An additional difficulty is that the IT structure of organizations today has become much more complex. Ongena points to the cloud with his finger. “In the past, security was actually very simple because all data and applications stayed within the organization. You build a firewall in front of the company network, so to speak, and you’re done.”
It’s not that easy anymore. Ongena: “Applications are now distributed everywhere across the cloud and on-premises infrastructure. Companies are often not sufficiently aware that cloud providers only ensure security on their part. The data you transfer to the cloud is secured, but of course they don’t look at the devices you use.”
Ongena’s golden advice is: “Don’t lose sight of the big picture. It’s not because you’re working 100 percent in the cloud that you no longer need on-premises security. The cloud is accessed via your PC. There are still too many organizations that stop backing up locally because their data resides in the cloud. But if an outsider breaks into the cloud through your device and steals files, unless you backed them up, they’re gone forever.”
Security used to be easy because all data and applications stayed within the organization. You set up a firewall for the company network, so to speak, and you’re done. Now applications are much more distributed, making security more complex.
Alex Ongena, CEO of AXS Guard
Don’t do everything yourself
Businesses can no longer rely solely on preventive measures such as firewalls and antivirus software. If they really want to be resilient against cyberattacks, they must dare to identify all vulnerabilities and invest in solutions that help to detect new threats immediately and take the right measures immediately.
“Cybersecurity is just too complex for most organizations. Also for companies that have their own internal IT team, because they are often already overloaded and do not always have the right specialization,” says Ongena. “Choosing the right security partner to help them do this is possibly the most important decision a company will have to make in 2023,” he adds.
Another problem is the shortage of skilled workers. Therefore will Providers of managed security services (MSSP) such as AXS Guard are becoming increasingly important. Ongena points out a few points to consider when choosing the right solution for your business:
“Many existing managed security solutions have historically been aimed at large enterprises and are therefore completely unaffordable for SMBs. With our offer, which is specially designed for SMEs, we offer a managed security service at enterprise level, but adapted to the budget of an SME. In addition, a traditional SOC is nothing more than a notification service that sounds the alarm, but does not necessarily nip the danger in the bud. Therefore, choose a security partner that looks at the big picture and intervenes immediately when necessary,” concludes Ongena.
This is an editorial in collaboration with AXS Guard. For more information on how their security solutions can protect your business, click here Here rightly so.