In the old days of cybersecurity, all network administrators had to worry about was drawing a perimeter around their network to protect their data and keep their employees from allowing threats through the gates. Now with the growth of cloud computing, hybrid work environments, and around-the-clock access to data, cyberthreats are on the rise faster and more elaborate than ever.
Well, the best defense against cyberthreats is understanding the threat landscape as it stands today. That’s why we’ve put together a list of the top cybersecurity threats your business should watch out for in 2023, as well as a rundown of measures you can take to mitigate these attacks.
What Are the Top Cybersecurity Threats To Watch Out For?
- Insider threats
- Hybrid work
- Rapid shift to the cloud
While the list of cyberthreats is always changing, these are the most prominent threats that we’ve seen on the rise since the beginning of the pandemic and continue to grow now in 2023.
Ransomware attacks have been all over the news since the beginning of the pandemic. While this threat has increased over the years, this attack method has spread like wildfire over the past two years with average payments reaching new heights of more than $200,000.
2021 was a particularly banner year for ransomware attacks with several notable examples:
- Colonial Pipeline: Remember that temporary shortage in gasoline on the East Coast in 2021? You can thank hackers for that, even though their actions didn’t lead to true supply shortages. The ransomware attack led to a panic-buying surge in gasoline with the public rushing to fill whatever they could with gasoline, causing a shortage. This hack resulted in Colonial Pipeline giving in to the demands, paying out $4.4 million in bitcoin, which was mostly recovered in the end.
- Acer: This story doesn’t inspire any confidence in the Acer brand. Not only was it hit with a ransomware attack in March of 2021, but also with a network breach a few months later in October. The first attack was conducted by the REvil ransomware group, which demanded $50 million ― the highest recorded ransom so far ― while the second attack was carried out by the Desorden Group for an undisclosed amount. Acer tried negotiating with REvil by offering $10 million and was rejected. It’s unclear whether Acer has paid the ransom or recovered its data.
- CD Projekt: The famed video game developer responsible for The Witcher and Cyberpunk 2077 games was hit with a ransomware attack that breached employee records and valuable game data. Luckily, CD Projekt had backed up information and refused to pay the ransom to the attackers. This, of course, didn’t dissuade the hackers from leaking the information they had obtained. This is more of a “half-a-loaf” ransomware story.
There were many other ransomware attacks, but these are three different examples of how bad it can get and how certain mitigation measures can help soften the blow.
2. Insider Threats
The phrase “insider threat” probably conjures images of shady employees breaking into your office building, hacking into your network, and stealing all of your money and information. Bonus points if you imagined them looking something like the Hamburgler.
While this is a real threat (well, probably not the Hamburgler part), it’s not the only insider threat faced by your business. A major chunk of insider threats aren’t malicious, they’re incidental.
Tessian compiled statistics from a 2021 Verizon Data Breach Investigations Report and the numbers on insider threats were quite astounding:
- Incidents caused by insider threats ― malicious and unintentional ― increased between 2018 and 2020 by 47%
- Negligent insiders account for the majority of incidents at 62%
- Negligent insiders who are the victims of stolen credentials account for 25% of incidents
- Malicious insiders come in around 14 of all incidents
So, while there are instances of malicious attacks, the vast majority are unintentional and caused by negligent behavior. This kind of negligent behavior can range anywhere from leaving work devices unattended in public settings to emails sent to the wrong address.
This means that the vast majority of employees aren’t intentionally trying to sink their companies, but their ignorance of security protocols and lack of top-down security controls are leaving the door open for all kinds of potential breaches.
3. Hybrid Work
This one sort of goes hand-in-hand with insider threats, but the security issues created by the hybrid work environment that many of us are experiencing are putting the current capabilities of our security infrastructures to the test.
These issues include:
- Disabling security functions: Businesses that weren’t equipped to make the rapid shift to remote/hybrid work at the start of the pandemic were forced to adopt new security tools that weren’t tested and optimized for their workforce. This includes tools like virtual private networks (VPNs) that if not set up correctly lead to slowdowns in traffic, such as “hairpinning” when using tools like Zoom. When security measures get in the way of productivity, workers are far more inclined to throw those precautions out the window to get their jobs done.
- Operation outside of the network perimeter: The traditional network perimeter wasn’t created to deal with an entirely remote workforce. While solutions like VPNs create security barriers, these measures aren’t infallible as discussed in the last point. This creates issues when accessing sensitive company data on personal home networks or public Wi-Fi networks, leaving you exposed to breaches.
- Unsecured work devices: When devices aren’t protected by cybersecurity software and other protective tools, your employee-assigned endpoints become weak spots in your corporate infrastructure. Even if you take the basic precautions, it’s hard to prevent employees from leaving devices unattended in public spaces or moving sensitive company data to personal storage devices or services like external hard drives and cloud storage.
Hybrid work has allowed the economy to chug along with mild interruptions, but the risks associated with devices leaving the protections of the office network are putting a strain on the safety of company assets. Luckily, new security capabilities are in the works that are taking these shifts into account.
4. Rapid Shift To the Cloud
The cloud has created a monumental shift in the way we do business, create software, store our data, and conduct our day-to-day operations. It’s a revolutionary development that allows all of us to work and access our data from anywhere.
The introduction of the cloud has also opened the door for many cybersecurity issues, especially in 2023, including:
- Cloud-delivered malware: Malware delivered via the cloud saw a massive increase in 2021 according to a Heimdal Security report. This report also found that by Q2 of 2021, 43% of all malware downloads originated from malicious Office documents, up from 20% at the beginning of 2020.
- Data exfiltration and mishandling: Personal cloud data applications like Google Drive and Dropbox are also a rising concern thanks to the ease with which employees can move sensitive data to these services. Organizations without data loss prevention solutions and rules struggle to even realize when sensitive information is flowing out of their databases.
- Unsecured applications/application programming interfaces (APIs): Unsecured cloud-based applications are another major concern for companies that rely on SaaS companies for their day-to-day operations. 2021 saw several noteworthy API breaches that led to lost data, including Parler, Experian, and the most recent Log4j vulnerability.
As with any new technological breakthrough, the cloud has the potential to make or break a company over something as simple as the lack of API authentication.
How Do You Protect Your Small Business from Cybersecurity Threats?
- Educate your employees on best practices
- Run an audit of your attack vectors, tools, and practices
- Adopt new tools and security plans
Use the following steps to help protect your small business against possible cybersecurity threats.
1. Educate Your Employees on Cybersecurity Best Practices
Start at the ground level with your 2023 cybersecurity strategy. If you didn’t notice, many of the threats facing businesses in 2023 revolve around employee behaviors, such as moving company data to personal storage services, downloading malware via Microsoft Office documents, credentials being stolen, and disabled security functions due to poor performance.
All of these behaviors involve intentionally or unintentionally risky decisions made for whatever reason that open your business up to all kinds of threats, including data breaches, ransomware, network takedowns, and so much more.
That’s why it’s so crucial to educate your employees on cybersecurity best practices, including:
- How to handle and store company data properly
- Notifying information technology (IT) and security teams about intentions to adopt new, unvetted software as a service (SaaS) tools
- Understanding the consequences of operating without protections like VPNs or other security tools on public Wi-Fi
- How to avoid leaving devices unattended and unprotected
These lessons should also include active discussions about best practices, instead of just the bare minimum online portal courses with short multiple-choice questions afterward. While those assessments are important, the discussion on these topics is even more important since it solidifies the information and allows employees to ask questions.
2. Run an Audit of Your Cybersecurity Attack Vectors, Tools, and Practices
Luck favors the prepared. You can’t possibly know your next steps without taking into account your entire corporate ecosystem, including devices, threats, risks, and other assets. So, here’s a basic outline on how to run an audit of your security plan:
- Map out your threat surface: Develop an understanding of the ins and outs of online infrastructure, including all of your assets, and map out the entirety of your attack surface and vectors, such as outdated software, lack of encryptions, and weak credentials.
- Prioritize all of your assets and risks: Once you’ve mapped out your assets and threats, develop a risk assessment and prioritization matrix to find out what’s most important when developing a new cybersecurity strategy.
- Create new security policies and plans: Develop new policies that address the priorities and risks listed in the previous step. Make sure to document all of these policies and plans to instruct your employees on their roles in keeping the business safe from breaches.
Be sure to check out my complete guide on developing a small business cybersecurity plan for more information on creating and executing new strategies.
3. Adopt New Security Tools and Implement New Security Plans in 2023
Now that you have a deep understanding of your current cybersecurity needs and fleshed them out into a new security plan, let’s look at the different software options and strategies you can take to prevent these common threats to your business:
- Dealing with cloud threats and data exfiltration
Old network perimeter technologies aren’t equipped to handle our rapid adoption of cloud technologies. Data no longer lives only within the perimeter. It’s moving in and out of the perimeter through all kinds of cloud applications and storage solutions that are invisible to legacy solutions like network firewalls and packet monitoring software.
Additionally, old network perimeters are usually pieced together by different vendors that don’t work in a cohesive manner which leads to gaps created in the security structure.
The solution to these shortcomings is cloud-based security technologies, such as:
- Cloud access security brokers (CASB)
- Secure web gateways (SWG)
- Firewall as a service (FWaaS)
- Zero trust principles (ZT)
- Remote browser isolation (RBI)
- User/entity behavior analytics (UEBA)
All of these solutions work together as a combined infrastructure known as security service edge (SSE), the security half of SASE. I’ve discussed the concept of secure access service edge (SASE) in previous pieces, but for those unfamiliar, both SASE and SSE are Gartner concepts that describe the future cloud-based convergence of security and networking.
The concept is meant to provide intelligent, real-time visibility and control of company data moving from within your network to the cloud and vice versa. This gives security administrators new depths of control over sensitive data and systems that were once vulnerable thanks to the lack of visibility into application layer traffic and contextual behavior analysis.
All of this capability catches data attempting to move outside of your designated work applications and prevents exfiltrations by unauthorized personnel, internal or external.
Of course, a complete overhaul of your security infrastructure is a big ask for any company, let alone any small business. If you can’t make the switch to infrastructure like this in one go and decide to piece it together as you go, just make sure the tools you adopt are all compatible with one another.
The strength of an SSE architecture is the interconnected nature of these security tools and their ability to communicate with one another, which is exactly the problem it was created to solve.
- Workers disabling security tools like VPNs
When given the choice between security and productivity, your employees almost always default over to productivity, even if it means working outside the confines of a VPN or network perimeter. One common complaint is slow connections while using the company VPN, which is usually caused by hairpinning. Before I explain hairpinning, we have to understand VPNs.
A VPN is a security solution for protecting traffic that’s meant to access sensitive aspects of a network, such as intranets, file servers, and email. VPNs work by creating a “tunnel” that’s protected via encryption so that others out on the web can’t intercept and render the information being transmitted between the network and the individual accessing it. While this improves security, VPNs essentially create a bottleneck for traffic to flow through. The issue of “hairpinning” comes up when dealing with things like streaming video like Zoom calls or other types of video conferencing.
Hairpinning is when traffic must travel over a VPN both ways as a request to the servers of the video conferencing solution and then back through an encrypted tunnel and firewall to the user, which effectively doubles the traffic size.
This is a huge problem with hundreds or even thousands of employees doing the same thing simultaneously. The result is massive congestion within the VPN tunnel and choppy video calls and a bunch of upset employees who can’t access internal network assets.
There are two common “solutions” for solving this problem and one new solution. The first solution is the exact problem we’re trying to prevent. Employees turn off their VPNs and run all of their traffic directly to the internet, leaving all of their activities exposed. The second “better” solution that most companies rely on is split tunneling, which routes most traffic through the VPN but siphons off heavy activities like video calls to go directly to the internet. While this solves the issue of employees turning off their VPNs altogether, it does still leave video conferencing exposed. This is the “half-a-loaf” solution.
The up-and-coming solution to this problem negates the need for VPNs altogether and once again embraces the concept of SASE architecture. SASE is the convergence of security and networking solutions. SASE utilizes a software-defined wide access network (SD-WAN) along with cloud-based security tools mentioned in the previous section to create a secure perimeter wherever users are, on whatever device they are working on. This way traffic is routed securely to and through the cloud and not bottlenecked through a VPN tunnel or left exposed directly onto the internet.
Preventing ransomware attacks requires a multifaceted approach to your security infrastructure. Ransomware payloads are delivered through multiple attack vectors, including:
- Outdated/unpatched software
- Malicious email payloads via download prompts
- Misconfigured security infrastructures and software
- Insider threats
A well-established and maintained security infrastructure prevents most ransomware attacks. Additionally, backing up your data regularly helps mitigate the effects of a potential ransomware attack by denying the attackers leverage by holding data hostage. Finally, it’s important to educate your employees on the dangers of ransomware, the warning signs of malicious emails, and how to avoid coming into contact with these payloads.
- Unsecured devices
The most obvious solution to unsecured devices is to install cybersecurity monitoring and attack prevention tools onto issued devices. Anything that has access to sensitive corporate data should share the same security measures, including:
- Antivirus/antimalware software
- VPN tools or other secure traffic solutions like SD-WAN
- Secure password policies
- Remote data wiping capabilities
- Security policies against accessing sensitive data over public Wi-Fi networks
Handing over unsecured workstations to employees or allowing unsecured personal devices onto your internal network is asking for trouble.
What To Do Next
It’s important you know the difference between cyber security and IT security. If you’re already familiar with the difference, you should learn more about the best cybersecurity companies. They’ll help ensure your small business is protected at all time.