The 2023 cybersecurity landscape promises to be dynamic. Let’s take a look at our shortlist of core events that’ll affect cybersecurity in 2023
2022 was another “record-breaking year” in cybersecurity. Ransomware, social engineering, critical infrastructure attacks, and data breaches have become more sophisticated and impactful. Particular attention should be paid to the rise of state-sponsored cyber troops disrupting critical infrastructure, defacing websites, launching DDoS attacks, and stealing information.
Given the fact that cyber threats exponentially grow every year, 2023 will definitely not be an exception. However, we are not going to make cybersecurity predictions for 2023. We’ve made a shortlist of core events that are likely to affect cybersecurity in 2023.
2023 may become the year Congress will pass ADPPA – an all-American comprehensive data protection regulation act. It is the one that aims to unify the national data privacy framework and a robust set of consumer privacy rights under one umbrella. If passed, we’ll mostly say goodbye to the patchwork of state data privacy laws. If not, five U.S. states – California, Colorado, Connecticut, Utah, and Virginia – will still have their own data privacy laws rolled out or updated in 2023. It means that safeguarding sensitive data will be one of 2023’s business priorities.
At any rate, don’t expect the state privacy laws to be immediately negated when ADPPA is passed. Initially, businesses might have to consider both state and federal laws to ensure compliance. For instance, unlike state legislation, the pending ADPPA draft will not rely on consent for data protection. It will also obligate businesses to collect only essential information and protect it until it is permanently disposed of or deleted. Unlike most state counterparts, ADPPA will add advertisement protection for minors and require data brokers to delete consumer data within 30 days of receiving a removal request. More on these and the other characteristics of ADPPA read in our blog article Congress Released ADPPA – Draft Federal Privacy Law.
2023 will change government contractors’ compliance requirements. First, the Cybersecurity Maturity Model Certification (CMMC) program will ramp up by the summer of 2023. For those unaware, CMMC is a cybersecurity framework aimed at protecting controlled unclassified information (CUI) and implementing cybersecurity across the Defence Industrial Base (DIB) sector. The fact that the U.S. Department of Defense mandates the framework in light of the growing global security tension gives the document a special significance.
Second, NIST SP 800-171 – the backbone of the whole CMMC framework – will publish updates. The requirement to institute the controls under NIST SP 800-171 is nothing new for contractors holding CUI. Updates to it, however, may prompt contractors to review their approach to following the standard. Furthermore, the changes will definitely affect the current DoD regulations, including Defense Federal Acquisition Regulatory Supplement (DFARS) 252.204-7012, 252.204-7019, and 252.204-7020 – clauses requiring contractors to provide “adequate security” for CUI. To unscramble confusion with all these documents, read our articles CMMC Compliance: a Guide for DoD Contractors, Unscrambling Confusion with CUI Protection Requirements, and NIST SP 800-171: Key Reasons For Maintaining The Standard.
Strengthening national attention to data privacy and security is logical due to the intensification of malicious state-sponsored activities. 2022 showed how state-sponsored criminals turned the cyber environment into a battlefield. For example, powerful DDoS attacks launched the Russian military aggression against Ukraine. Ransomware was revealed to be the main source of sponsoring the North Korean nuclear program. Special apps and media were used by Chinese officials to obtain valuable intellectual property from high-tech targets. Last year revealed that state-sponsored cyber threats are real as never before. This year, in turn, should become the year of safeguarding from those threats.
Remember this phrase because you will be going to hear it throughout 2023. The main reason is that wireless technologies and cloud computing have outgrown traditional VPN capabilities. VPNs were designed in the 2000s to connect devices with on-premises networks and protect the network perimeter. Hence, being authenticated once, users can navigate freely within a defined network.
Zero trust, on the other hand, is a multitiered approach that is both scalable and highly secure. The concept “never trust, always verify” demands continuous validation, reassessment, and reauthorization using multiple authentication methods.
The exponential growth in remote working and cloud computing has proven that traditional VPN technologies do not meet the scalability and security demands. That’s why the zero trust approach is likely to become one of the legal requirements. Biden administration has released a memo mandating federal agencies to adopt a zero-trust architecture by the end of 2024. It means that you need to start implementing zero trust in 2023 to get things right in time. Find more on zero trust in the article Building a Successful Zero Trust Strategy.
Cybersecurity has become far too complex for organizations to manage on their own. Many businesses lack budgets to retain high-skilled cybersecurity experts and manage full-fledged data security programs. On the other hand, those who can afford top tech experts keep them overwhelmed with multitasking. Furthermore, skills shortages for cybersecurity talent make it difficult to recruit and retain security experts. Evaluating the situation, businesses think creatively and will likely outsource their day-to-day security operations more intensively. Among the best and most reasonable ways to maintain your cybersecurity is outsourcing security operations to managed service providers or leveraging the leadership services of virtual CISOs.
Planet 9 can take your part of cybersecurity on its shoulders. We provide a wide spectrum of services, from risk assessments to vCISO, to provide your cyber environment with the highest level of protection.
To keep updated on the most acute trends and challenges in cybersecurity, keep reading our blog or contact the Planet 9 team. We’ll be happy to assist!