Blog

The motto for this year: do more with less.

Amazon, Salesforce, and Meta laid off tens of thousands of people this past year citing an uncertain economy. It goes without saying if these mega giants are feeling the squeeze, everyone will. While cybersecurity seems as if it would be nonnegotiable, we’ve seen from experience no one is immune from these cuts.

Let’s recap where Cybersecurity is headed with some numbers. Cloudward reported for Ransomware attacks only:

• Cost the world 20 billion in 2021.
• Will cost upwards of $265 billion by 2031
• 37% of all businesses and organizations we’re hit by ransomware
• $1.85 million: the average amount it cost businesses to recover from a ransomware attack.

Those numbers are expected to be higher for 2022. Companies cannot afford a breach, but everyone has a bottom line. We’re only two weeks into the new year but let’s break down four quotes from industry leaders that paint a picture what to expect this year.

1. “Catastrophic cyberattacks may overwhelm the insurance industry in the future,” said Chief Executive of Zurich Insurance Group AG Mario Greco. … “there is a limit to the amount of damage that the private sector can cover and called on governments to set up public-private schemes to handle systemic cyber risks.” (Financial Times)

It’s not just companies that can’t afford to be breached; the insurance industry is nervous too. Cybersecurity insurance is a complicated issue. While it exists, it is usually very costly and requires a rigorous compliance standard for a policy to be issued. Should companies have to comply with a certain standard? Absolutely, but the framework for those standards is still being worked out. Take, for example, CMMC for government contractors. Those compliance standards don’t go into effect until May 2023, and that doesn’t include any private businesses. CNBC reported that costly data breaches, ransomware, and other security attacks are also behind an increased cyber insurance policy cost trend: the average premium increased by 28% in the first quarter of 2022 compared with the fourth quarter of 2021. Here’s what to take from this quote: government interaction, cybersecurity insurance, and compliance standards are going to be a hot topic this year for everyone.

2. “One of the biggest issues in data security that will continue to be an issue in 2023 has been the relentless sale and essentially open market for personal data from social media platforms,” said Art Shaikh, founder and CEO of Circleit and DigitalWill.com.

A hacker claims to have collected over 400 million unique users’ data with a now-fixed API vulnerability on Twitter. This is still an ongoing issue and only highlights the quote above. It is no secret that social media companies collect people’s information and sell it (to what extent we may never know). At the end of the day, it poses a risk for every single person that signs onto one of these platforms. (Source: Forb

(Source: Forbes, Wayne Rash)
What To Expect For Security And Privacy In 2023 (forbes.com)

3. “Producers and developers don’t have much incentive to reduce these vulnerabilities,” she said, because the “cost is on users” when there’s an attack. – Lorena Boix Alonso, the European Commission’s top cybersecurity official

While you may hope that companies who collect your most sensitive information won’t fire the people protecting it, that’s not the case. A business is a business and at the end of the day; everyone has a bottom line. Lay-offs aside, let’s say a company develops a widget for an app. That company needs to make money and waiting on IT to make sure all their ducks in a row isn’t always going to cut it. Producers and developers aren’t necessarily putting out a product that is vulnerably malicious on purpose, but it happens. When the product goes out and something goes wrong, whose personal information or money is on the line? The user. As budgets get tighter, we may be seeing a lot of that this year.

(Source: Tim Starks, Washington Post- RE: Luca Bertuzzi of Euractiv)
Europe’s cybersecurity dance card is full – The Washington Post

4. “Securing critical infrastructure like the energy and health care sectors plays a key part in mitigating cyber risks,” said Josephine Wolff, an associate professor of cybersecurity policy at the Tufts University Fletcher School of Law and Diplomacy.

Supply chain attacks like SolarWinds are the first thing that came to mind when reading this. Hackers are incredibly good at playing the long game to infiltrate a system like a hospital or energy source. With budget cuts this year, it’s going to make a vulnerable industry even more penetrable. For example, when the pandemic hit, hospitals were packed but filled ERs don’t necessarily equate to money back to the hospital. We know that, for some hospitals, meant freezing or cutting the budget on cybersecurity. For many, this means relying on an outdated and thin security system to fend off these skilled hackers. Whether it’s a federal step in or higher compliance standards, there needs to be a focus on these sectors or there will be a major issue.

(Source: The Hill, Ines Kagubare)
Four cyber concerns looming in the new year | The Hill

What should we take away from this? It’s going to be a busy year when it comes to cybersecurity. I know we say that every year, but that’s what happens when you are in an ever-evolving industry.

We invite you to learn more about our services and products on our website Ondefend.com. We look forward to helping our partners around the world secure our world.

About OnDefend

OnDefend helps companies prepare for and defend against real-world cyber adversaries by providing preventative information security services as well as its patented and proprietary cyber defense products BlindSPOT and Confirm4Me. By working with companies ranging from Fortune 500 corporations to regional businesses, OnDefend helps strengthen the private and public sectors security posture against continually evolving and persistent cyber adversaries throughout the US and around the world.