6 cybersecurity developments you should pay attention to
In 2022, the volume of cyber threats grew at a rate that exceeds the protection capabilities of many local organizations. According to the National Cyber Security Directorate, cyber-attacks in Romania increased by 22%. The DNSC also reported that it detects daily more than 500,000 security events nationwide, but these represent less than 20% of the actual number.
The increase in local threats is in line with global trends, but the situation is expected to worsen by 2023. To get an overview of future risks, you’ll find in this article the main trends in cybersecurity in 2023:
1. Ransomware will remain the main attack vector
Globally, ransomware grew by 13% in 2022 (according to DBIR). In Romania, however, the increase was 18%, according to the new edition of the Orange Business Internet Security report. Ransomware tops the list of local threats (35%), followed by DDoS attacks (25%) and Phishing (21%). Experts expect ransomware attacks to continue to grow next year, with 11 new international extortion groups reported. The downside is that as more and more organizations are caught by these attacks and pay the rewards, hackers are getting more resources and becoming more efficient.
2. Cloud becomes an increasingly attractive target for hackers
Public cloud adoption is growing steadily, and along with it the security risks. 8 out of 10 companies have experienced a cloud security incident in the last 12 months. The most common causes are unauthorized access due to compromised login data and configuration errors due to high complexity. The preferred target of cloud attacks is identity management, especially at the level of virtual machines or containers managed directly by the beneficiaries.
Compromising them through fraudulent access or misconfiguration increases security risks. Problems are compounded by the lack of clear demarcation and assumption of security responsibilities between suppliers and customers. While vendors often have the necessary skills to secure cloud instances, recipients often ignore this issue or treat it superficially.
3. State-sponsored attacks will intensify
The geopolitical context remains just as tense in 2023. Over the next two years, more than 70 countries will hold government elections (including Romania in 2024), events that are frequently the target of state-sponsored attacks. These attacks have two major directions: damaging public institutions and energy networks, as well as industrial espionage with a focus on technological targets, intellectual property theft and the creation of opinion trends.
It is expected that next year we will also face attacks coordinated by the Russian Federation. 2022 was the first year in which the National Cyberint Centre could technically demonstrate that all three Russian intelligence services – FSB, GRU and SRV – are conducting operations targeting Romanian government institutions as well as national critical infrastructure. At the same time, more DDoS attacks (+21% in 2022) were recorded on websites belonging to public institutions, parties, and media companies.
4. More security regulations will emerge
The new regulations being talked about at the European level (the NIS Directive and the Cybersecurity Act, for example) need to be quickly transposed into national law and imposed on the market.
This process is one of the main trends in cybersecurity in 2023 that organizations will need to take into account. In early November, the European Parliament adopted a new version of the Network and Information Security Directive. NIS 2.0 expands the number of sectors that will need to take measures to protect themselves – 11 critical sectors and 7 important sectors – and includes more rigorous cyber security rules for risk management, reporting and information sharing.
Recently, the European Digital Operational Resilience Act (DORA) Regulation was also adopted to harmonize and strengthen digital operational resilience requirements for the EU financial services sector. The DORA rules will apply to banks, payment providers, e-money providers, investment firms, crypto-asset service providers, as well as third-party ICT service providers.
5. Skill shortages will increase
In 2022, the global shortage was 3.4 million specialists, and in the EMEA area around 310,000, according to ISC analysis. In Romania, according to DNSC estimates, the shortage is “only” 3,000 specialists and growing steadily. There is good news, however: 14 universities now have, in addition to master’s and post-graduate courses, undergraduate courses in the field of cybersecurity. However, the transition from junior to specialist level requires a minimum of three years of experience, so the shortage will continue. The most appropriate approach remains to outsource these services.
6. Security needs higher budgets
According to a Gartner survey conducted in October, 66% of organizations will increase their cybersecurity budgets in 2023. The main areas of investment will be:
- Developing zero-trust strategies for an integrated approach to risk across the organization;
- Adoption of SIEM and SOAR solutions with advanced artificial intelligence and machine learning functionalities to reduce the level of burden and rapidly analyse large volumes of data;
- Adoption of dedicated applications to protect remote employees (mobile malware has seen a 500% increase in the first months of the year), etc.
With the increase in the volume of threats, regulations and the amount of potential damage that attacks can cause, security has become an organisational priority. For this reason, knowing the key trends in cyber security in 2023 is no longer a critical concern only for IT departments, but also for top management.