We have identified 8 cybersecurity trends that may impact the cybersecurity market and business behavior this year

Cybersecurity trends 2023

We have identified 8 cybersecurity trends that may impact the cybersecurity market and business behavior this year. There are many new technologies and devices out there, and the cybersecurity industry is constantly evolving. The security industry must constantly innovate to keep up with continuous technological innovation.

Ransomware attacks increased by 138%

Targeted ransomware is malicious software that attacks the user's computer and demands a ransom to restore full functionality. Thus users find themselves victims of extortion and having to pay to be freed from the grip of malware. These attacks occur every day and have increased in recent years.

The strategies consist of denying access to personal documents or entire virtual networks, accompanied by a "ransom note" that imposes a high cost, almost always in cryptocurrencies, to regain access.

According to a report published by the Cnaipic annual report (National Anti-Cyber ​​Crime Center for the Protection of Critical Infrastructures) of the Postal Police, Italy is at the center of an offensive of attacks which have gone from 2553 a year in 2020, to 5434 in 2021 and to 12947 in 2022.

In fact, the topic of cybersecurity has only recently become central. In general we still observe a certain backwardness accompanied by an underestimation of the risks. Unfortunately, SMEs almost never have the opportunity to make certain investments to defend their structure. And this means that Italy, unlike other European countries, invests in computer security, from two to five times less in relation to GDP. In the G7 Group, Italy is in last place for investments in cyber security, but it is hoped that with the activation of the PNRR there will be more willingness to invest in Italian cyber security.

Criminals have increased their attacks by managing to enter private networks of small and large companies and public bodies. In 2021 we witnessed attacks on the San Carlo potato chip company, the Lazio Region, Siae as well as the health systems of Lombardy, Veneto, Campania, Puglia and Calabria as well as hospitals and pharmacies.

As an unexpectedly developing opportunity in the cybersecurity space, business specialists predict that targeted ransomware assaults will continue to grow in the coming years.

Rapid growth of the Internet of Things (IoT)

One of the fastest growing industries is the Internet of Things (IoT). There are billions of physical devices around the world that collect data and share it on the internet. It is clear that as the number of active devices increases, there is a risk that cyber attacks may increase as well. According to projections made by IDC, a company that deals with analysis of technology sectors, the sector is growing strongly and it is estimated that in 2025 there will be 41 billion connected IoT devices,

In fact, cyber attacks on these devices are constantly increasing. The manufacturers of these items should already take drastic measures right now, because the more time passes, the more risk you are. However it seems that only a small part of the producers, less than 10%, know what to do while the others, despite their worries, still don't know how to take the right countermeasures.

Increase in attacks on cloud-based services

Fully cloud-based offerings remain at the top of the cybersecurity risk list.

While Google searches indicate merely a 151% boom, the rapid adoption of remote work is driving businesses to increasingly depend on these cloud-based technologies to talk and collaborate.

The most costly problems associated with cloud-based total security occur when customers and/or workers misconfigure cloud settings, leading to breaches of record, unauthorized community access, insecure interfaces, and account takeovers.

This is why it is essential that companies that operate in the cloud with the provision of services, control and limit the risks of intrusion and increase the protection capabilities.

According to the latest cloud security research, 68% of cloud enterprises consider misconfiguration of properties as one of the top risk factors for total cloud-based security.

Additionally, 20% of corporate data breaches are expected to occur as a result of remote employees using fully cloud-based enterprise platforms.

Evolution of multifactor authentication

Multi-factor authentication is a digital authentication technique that allows customers to access a website or software after presenting one or more types of identification evidence to an authentication system.

According to BusinessWire, the multifactor authentication market was valued at more than $10 billion worldwide in 2020, with a forecast of $28 billion by 2026.

While most customers find multifactor authentication exceptionally secure, groups such as Microsoft urge customers to avoid using SMS and voice authentication techniques.

However, specialists still suggest the use of SMS authentication when you have no other security options. However, it is not a completely secure method since it is an unencrypted form of messaging and SMS authentication techniques are at risk of automated attacks

Online banking is also at risk of inefficiency with multifactor authentication techniques, as they are almost always accomplished via SMS verification.

To reduce the possibility of unauthorized access to accounts, IT security specialists are increasingly recommending the use of hardware protection keys for verification whenever possible.

New tools to combat the vulnerability of remote work

With the growth in the use of home networks and devices connected to corporate platforms, cybercriminals are increasingly breaching critical corporate structures.

After the COVID-19 pandemic, many companies have chosen to allow their staff to continue working from home.

For security reasons, companies that allow their employees to work remotely should first teach them a cyber security course. The course must be aimed at raising employee awareness of information security, reducing the level of employee negligence, informing employees about the most common phishing techniques, protecting access to critical resources, managing passwords securely, backing up of sensitive data, use multi-factor authentication, etc. Additionally, remote employees should also be educated on how to protect data using technology solutions, such as keystroke logging, custom notifications, and reporting

Companies invest in real-time data monitoring

Real-time data monitoring is a constantly updated stream of data that is used to protect an organization's IT environment from cyberattacks, especially cloud-based mass generation ones.

With real-time data monitoring, IT and data protection experts can act quickly on breaches, reducing the chances of financial loss.

It is very important to be able to immediately detect a cyber attack as it allows you to intervene immediately and avoid further attacks. Italian companies are running for cover by turning to cybersecurity professionals and equipping themselves with a hardware and software structure that can cope with the new security dangers.

Furthermore, continuous monitoring allows companies to catalog records for long periods, thus accumulating a "history" of their data, on which to build statistical models that can then help to become aware of data anomalies.

More social engineering attacks

Social engineering attacks are malicious activities that use psychological manipulation to trick users into making security mistakes or revealing sensitive information.

Social engineering attacks are harmful because they are based on human errors rather than the vulnerability of software and operating systems.

This makes them much less predictable and harder to counter than a malware-based intrusion.

Social engineering takes many forms, with attacks taking place wherever human connections occur.

Below are the 5 most common types of social engineering attacks:

  • Priming
  • Quid Pro Quo
  • Phishing
  • Pretexting
  • Tailgaiting

Baiting

Baiting or baiting involves an attacker leaving a malicious object (such as a USB stick) in a place where a user is likely to find it. When the user inserts the USB stick into their computer, the malicious code contained in it executes, allowing the attacker to gain access to the computer, and potentially cause damage. Attackers can use the decoy to gain access to sensitive information, install malicious software such as ransomware, or even use the infected computer to launch further attacks on other systems.

Quid Pro Quo

Quid Pro Quo is also a type of attack that falls into the Social Engineering category. In this case the attacker tries to gain information or access to a system by offering something in exchange, such as money or rewards. For example, an attacker could call a company employee claiming to be from IT and offering a reward in exchange for their login credentials. This type of attack can be used to gain access to sensitive data or systems, which can then be used for further malicious activities such as data theft or ransomware attacks. The attacks”tit for tat” can cause significant harm to businesses, as they rely on human error rather than technical vulnerabilities, making them difficult to detect and prevent.

Phishing

Phishing is one of the most common social engineering attacks. Usually an attacker will send an email claiming to be from a reputable credit card company or financial institution requesting account information, often suggesting there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.

For businesses, fishing attacks can be extremely damaging as attackers can gain access to sensitive data which will then be used for further malicious activity such as data theft or ransomware attacks.

Pretexting

Pretexting (creating a pretext) resembles phishing. The attacker invents a fictitious story or scenario to manipulate the victim into providing private information or influencing her behavior. Pretexters often impersonate a person in authority, a colleague, or a trusted organization. As always, attacks aim to gain access to sensitive data or systems.

Tailgaiting

Tailgating is a type of social engineering attack in which an attacker tries to gain physical access to a facility by following an authorized individual into a controlled area.

Once the attacker is inside the restricted area, he uses the computers to extract the valuable data.

Increased demand for cyber security professionals

The increase in the demand for cybersecurity experts is the logical consequence of the trends mentioned above.

According to data from Google Search, the cybersecurity job market has seen a 9.500% increase in 10 years.

Cybersecurity expert is one of the most in-demand jobs. According to Professor Giuseppe Bianchi of the University of Tor Vergata, and according to a report by the University of Oxford, very often, companies in Italy and in Europe are unable to find candidates for the available positions.

As demonstrated by a paper published by the Harvard Business Review, business owners and enterprises globally recognize and understand the looming risk of ineffective cybersecurity.

The report said most Chief Security Officers are concerned about the cybersecurity skills gap. And nearly 60% of respondents believe the problem will get worse before it gets better.

The high demand for cybersecurity jobs comes with high earning power: the common salary of a cybersecurity analyst is simply over $100.000 a year.

Positions like cybersecurity engineers exceed this threshold by wide margins, with salaries ranging from $120.000 to $200.000 annually.

In conclusion, from the rise of entirely cloud-based businesses, to IoT, and Artificial Intelligence, the world of IT is changing very rapidly, forcing companies and people to change the way they manage cybersecurity.

For all those who work in the world of Cybersecurity, many positive job and professional growth prospects open up. It's just a matter of knowing how to grasp them, with commitment and continuous updating, to offer the best possible protection to Italian workers and businesses.

error: Content is protected !!