2023 was the year of cybersecurity – with new trends entering the market and massive hacks and data breaches shaking the industry at its core.
Here’s our overview of the most important trends and hacks of 2023.
Contents
Zero Trust, passwordless, keyless
Operational Technology (OT) cybersecurity
Quantum computing & Post-Quantum Cryptography (PQC) algorithms
Identity and Access Management (IAM) modernization
AI
Data security and file transfer security (MOVEit hack)
Human-to-human communications (Microsoft and Slack hacks)
Zero Trust, passwordless, keyless
Zero Trust has been on the cybersecurity radar for several years now. But only in 2023, organizations (finally) realized that they truly cannot trust anyone and must always verify.
We’ve seen Zero Trust architecture getting implemented across industries. Ranging from finance and banking institutions, which are typically concerned with cybersecurity risks and trends, all the way to industries like manufacturing and supply chain that traditionally focus more on physical safety and basic security.
Some of the key principles of Zero Trust include access security, strict access control as well as constant identity verification. Related to these principles, a new technology emerged and found its place in the Zero Trust market – passwordless, keyless, credential-less authentication.
And it is exactly what it sounds like. The goal of passwordless, keyless, and credential-less authentication is to radically reduce (and ultimately eliminate) the use of passwords, authentication keys, and access credentials. Aiming to also reduce the cybersecurity risks related to using credentials and improve the user experience, as users don’t have to handle any credentials at all.
EXPLORE FURTHER:
[Expert article] What is Zero Trust Framework >>>
A Guide to Zero Trust Architecture >>>
A Guide to Passwordless and Keyless Authentication >>>
Operational Technology (OT) cybersecurity
As hinted above, during 2023, cybersecurity found its way into another core area of our lives – critical infrastructure and OT industries.
In the past couple of years, cyberattacks targeting OT, manufacturing, and critical infrastructure have become more common and more sophisticated. As a result, OT businesses realized that managing remote access via VPNs and firewalls isn’t enough.
The supply chain especially experienced a rising number of threats and attacks – with cybercriminals exploiting relationships between organizations and gaining broad access using vendor credentials and accounts. This revealed the dire need for modern OT cybersecurity and modern OT access management, especially when it comes to third-party access.
Consequently, Zero Trust access management and architecture became important also within the manufacturing and OT industries.
EXPLORE FURTHER:
[Blog post] Zero Trust in Secure Remote Access for OT >>>
[Webinar recording] Securing Operational Technology (OT) in the Age of Digital Transformation >>>
Quantum computing & Post-Quantum Cryptography (PQC) algorithms
In 2023, the concept of ‘quantum’ in combination with computers and security took a leap.
The talk of quantum computers has been ongoing for a while, and quantum computers already exist. But this year, we’ve heard the conversations louder than previously with tech startup Atom Computing announcing breaking the 1000-qubit barrier. Only a few weeks before IBM’s announcement of their IBM Condor, an 1121-qubit quantum computer.
Also, post-quantum security saw important developments as the National Institute of Standards and Technology (NIST) selected four PQC algorithms for standardization. At the same time, cybersecurity companies started implementing available PQC algorithms into their existing solutions to offer quantum-safe products already now.
EXPLORE FURTHER:
[Guide] Future-Proof Your Organization with Quantum-Safe Cryptography (QSC) >>>
[Blog post] Why is it important to start protecting your data from the quantum threat now >>>
Identity and Access Management (IAM) modernization
Last year, Microsoft announced that they were entering the IAM market, but only this year, they launched new features that took the Microsoft Entra product family to a new level.
Microsoft is now an IAM giant that helps organizations manage their directories, user authentication, and access and identity governance to any application or resource.
This undoubtedly shook the market – only the following months will show how Microsoft’s competitors in the IAM industry will respond.
EXPLORE FURTHER:
[Expert article] Microsoft Azure AD expands into Entra ID >>>
AI
There’s no introduction needed as to why AI is a trend of 2023. In cybersecurity specifically, we’ve seen both – the good and the bad sides of AI.
We’ve seen a rise in AI-based cyberattacks. For example, using generative AI (like ChatGPT and similar tools) to write convincing phishing emails or malware.
On the good side of AI stands cybersecurity automation. AI is being utilized to spot unusual behaviors, analyze vulnerabilities, point out potential attack vectors and threats, and provide insights to enhance security-related processes.
EXPLORE FURTHER:
IBM Insights into AI and Automation for Cybersecurity >>>
Data security and file transfer security (MOVEit hack)
Data and file transfer service providers and their customers went through a roller coaster period after the software company MOVEit got hacked. And it has proven to be one of the biggest data hacks of the year 2023 and possibly also the most harmful one.
Over 1000 businesses and more than 60 million individuals were affected.
Affected businesses, mostly healthcare and financial institutions, but also governmental offices, educational institutions, or hotels, started closely inspecting their security vendors and services – and many others joined them as a precaution.
The whole incident pointed a finger at the desperate need to better protect data-in-transit, especially personal data and long-term secrets, like personal health data or bank and financial information.
EXPLORE FURTHER:
[White paper] Sharing, Transmitting, and Storing Healthcare Data Securely >>>
Human-to-human communications (Microsoft and Slack hacks)
Another security gap brought to light by hackers this year – human-to-human communication tools. Most businesses use them, but not all of these businesses consider the security of these tools.
Until 2023... during which we’ve seen two human-to-human business communication giants hacked – Microsoft and Slack.
In July 2023, Microsoft announced that its email tool got hacked by a Chinese cybercriminal group that managed to get access to the accounts and email communications of several US government agencies. It’s also likely that the hacker group got access to other cloud-based Microsoft tools, like SharePoint or Teams.
Similarly, Slack gave a scare to many businesses when they confirmed that they got hacked. Even though no customer data was allegedly stolen, this wasn’t the first time that Slack experienced security issues – and many organizations remembered.
This information shook businesses’ perception of Microsoft’s and Slack’s security, especially those who use the tools on a daily basis.
Another “nail in the coffin” of regular communications tools – when several Wall Street companies got fined more than $2.5 billion for pervasive and longstanding off-channel business communications over platforms like iMessage, WhatsApp, and Signal. These kinds of business communications are highly problematic as they are conducted over unauthorized, non-compliant, and not-secure-enough channels.
These breaches and fines pushed organizations to reflect on how they share sensitive, confidential, or secret information within and outside their company borders. As a result, many businesses started investigating alternative business communication tools that would offer the same functionality and ease-of-use, but with extra layers of security.
EXPLORE FURTHER:
[Blog post] Seven Ways to Stay Compliant in Secure Business Communications >>>
[White paper] With or Without Microsoft 365: How to Secure Your Business Communications >>>
Boost your cybersecurity with SSH Communications Security
Want to get on track with the latest cybersecurity trends and future-proof your business for 2024 and beyond?
Here’s what we at SSH can help you with:
- Zero Trust secure access and communications
- Secure access management for OT
- Quantum security for critical data and file transfers
- Strong ID-based, just-in-time access to critical targets
- Secure business communications and collaboration
Subscribe & get the latest expert content right after publishing straight in your inbox!
