The cyber threat landscape is constantly evolving, and every industry and company faces a different set of risks. However, some cyber trends — such as the rise of ransomware and supply chain attacks — impact all of the business world.
This is the first piece in a three-part series exploring our predictions for the state of cybersecurity in 2023. In this installment, Michael Welch, Managing Director, Strategy & Risk at MorganFranklin Consulting, outlines his predictions for Governance Risk and Compliance (GRC) for 2023.
1. Information Sharing is Critical
The cybercrime industry is growing increasingly professional and organized. Cybercriminals collaborate, share information, and have developed role specialization and a service-based economy. This organization allows cybercriminals to rapidly exploit new vulnerabilities and attack vectors at scale.
Companies must respond quickly to minimize the impacts of these attacks, but they commonly fall short in communication and collaboration. Many industries and companies are starting to break down barriers to improve security intelligence sharing across the enterprise and the community. However, more communication is needed to improve cyber resiliency against evolving threats.
2. Regulatory Complexity Will Only Grow
The EU’s General Data Protection Regulation (GDPR) has served as an inspiration for data privacy laws around the world. However, in the U.S., the lack of a federal law has resulted in a patchwork of state-level regulations that all take different approaches to protecting consumer data privacy and security.
Data privacy is a growing priority, and new state-level regulations are continually being developed and implemented. Additionally, the rise of remote work commonly expands companies’ operational footprint. To maintain compliance with their regulatory responsibilities, enterprises with operations spanning multiple jurisdictions will need an enterprise risk management framework to keep up going into 2023.
3. Ransomware Remains a Leading Threat
Ransomware attacks have shaped the cyber threat landscape in recent years. The success and profitability of these attacks have inspired cybercriminals to refine their methods and driven the cybercrime industry to become increasingly professional.
Ransomware will remain the leading cyber threat in 2023, and this will have significant impacts on the business world. Ransomware’s success has driven up the price of cybersecurity insurance and has made coverage more difficult to obtain. Companies will continue to face significant challenges to maintaining cyber resiliency in the face of the evolving ransomware threat.
4. Zero Trust Sees Real Adoption
Trust has become the Achilles heel of corporate cybersecurity. Account takeover remains a leading threat, exploiting trust in weak access control. Supply chain exploits are growing more common, taking advantage of trust in vendors, suppliers, and third-party code. The growth of cloud computing has created complex IT architectures in which the security of the whole is only as strong as that of the weakest link.
Zero trust has promised a solution to this problem; however, it is often more a buzzword than a reality. In 2023, this should begin to change as companies improve visibility into their risks and take steps to manage them.
How MorganFranklin Can Help
From a GRC perspective, 2023 is when many ideas — such as zero trust — will come to maturity as companies begin integrating them into their cyber risk management strategy. MorganFranklin experts can help companies to gain visibility into their current risk exposure and develop strategies for managing evolving threats.
This is the first article in a three-part series on MorganFranklin’s cybersecurity predictions for 2023. Watch out for the remaining two installments where Perry Menezes, MD and Global Head – Financial Services, Cybersecurity Practice, MorganFranklin Consulting, and Ferdinand Hamada, Managing Director, Healthcare, Pharmaceutical and Life Sciences Practice, MorganFranklin Consulting, discuss cybersecurity predictions for the financial and healthcare sectors.