New laws and regulations, as well as geopolitical and economic crisis situations, are also impacting companies’ cybersecurity measures. Continuing education remains a critical success factor. TÜV SÜD lists current trends in cybersecurity for 2023 for more security of your latest scores at live online casino.
Cyber threats are one of the biggest risks for companies. Due to the threat situation as well as new regulations and their implementation, investments in cybersecurity are becoming increasingly important. However, small and medium-sized enterprises (SMEs) in particular will pay more attention to the cost efficiency of cybersecurity solutions in the future. The following trends and developments in cybersecurity will become important in 2023.
Cybercriminals know no standstill. They are constantly improving their methods and intensifying their attacks on attack surfaces that present themselves. This also has a significant impact on the IT teams themselves and on the framework conditions for their work.
2022 was not a quiet year for IT security. Hackers pushed new boundaries: organized criminals attacked governments, as Conti did in the Costa Rica case. The Lapsus$ group attacked notable digital economy players such as Microsoft, Nvidia, Uber, Globant and others.
COST-EFFICIENT CYBERSECURITY SOLUTIONS
Inexpensive and effective security solutions and services will be in greater demand in 2023. Uncertainty in view of the general economic situation and negative effects from pandemics and the Ukraine war are making themselves felt here. Small and medium-sized enterprises (SMEs) in particular are therefore targeting their IT security budgets more closely and questioning cost efficiency. In addition, to strengthen supply chain security, suppliers should not be burdened by different cybersecurity specifications, but should comply with uniform security specifications and standards wherever possible.
REGULATIONS: IMPLEMENTATION BEGINS
Now that some cybersecurity laws and regulations have been launched nationally and internationally, the implementation phase is beginning. Some examples: The EU’s Network and Information Security (NIS) Directive is being replaced by the NIS-2 Directive, with, among other things, stricter monitoring measures and reporting requirements, as well as EU-wide harmonized sanctions. The draft legislation for the European Cyber Resilience Act (CRA) mandates mandatory cybersecurity measures for Internet-enabled devices and products across the EU for the first time. From August 2024, the EU’s Radio Equipment Directive (RED) regulation also includes mandatory cybersecurity for all wireless devices such as cell phones, tablets and smartwatches. In the U.S., there have been an increasing number of cybersecurity enforcement regulations, prompting U.S. agencies such as CISA to work on implementing cybersecurity requirements for multiple industries. For all regulations, companies must consider whether they will be affected and how to most efficiently implement appropriate changes. Standards and certification by independent third parties will become even more important with a view to transnational implementation.
CRITICAL INFRASTRUCTURE MORE IN FOCUS
The number of phishing, malware and ransomware attacks is steadily increasing and this trend will continue. With the increasing professionalization of cyber criminals as well as virtual warfare, Critical Infrastructure Protection therefore remains in focus, especially in highly sensitive sectors such as energy supply and healthcare. Cyber resilience is an important factor in the National Security Strategy presented by U.S. President Biden. In Germany, a CRITIS umbrella law is to be introduced that will make the overall system more resilient by setting minimum requirements across sectors.
TARGET GROUP-ORIENTATED TRAINING
The human factor remains a neuralgic point in cybersecurity. In addition to technology and processes, employees are the third relevant element. Until now, the focus has been on broad-based awareness training for the entire workforce. In the future, the trend will increasingly be toward training measures for specific target groups and their needs. This also involves the requirements in specific industries such as automotive or medical technology. Technical experts and the management level also need regular training on cyber threats and the right behavior.
DIGITAL TRUST THROUGH STANDARDIZATION
Ensuring digital trust in AI is a key factor. Norms and standards are therefore becoming more relevant. On the regulatory side, the EU Commission presented the Artificial Intelligence Act in April 2021. Therefore, discussions about AI certificates and auditable standards must now be held in order to build the most secure IT environment possible. Standardization organizations such as ISO (International Organization for Standardization) are addressing this. Industry is also developing proposals and solutions for possible AI labels. One example is the Charter of Trust, a cybersecurity alliance of global companies, of which TÜV SÜD is also a member. A key aspect of developing and deploying AI-based applications is to ensure that trust in digital technologies grows.