UK Cyber Security Trends to Look Out for in 2023
Published: 13th January 2023
We’ve combined our insights from the Red Helix team with feedback from senior security professionals to bring you what we think will be the top 10 cyber security trends for 2023.
1. Remote and hybrid working are here to stay
Working from home is here to stay. While the number of people working from home may have peaked in the pandemic (at 49%). There are still around 1 in 5 people working at least one day a week from home. These workers need access to their company files and companies are increasingly looking to Zero Trust Network Access (ZTNA) to provide this.
ZTNA provides granular access based on specific roles and permissions and works on a ‘never trust, always verify’ philosophy. It’s time to embrace ZTNA and move away from VPN.
The need to train staff and build a strong security culture remains important too. But, with the continuing skills shortage we will come onto, we expect companies will favour an out of the box training solution to save time and guarantee effective behaviour change.
We’ve recently suggested that cyber awareness training and spoofing protection be made mandatory in UK digital workplaces. With 95% of all cyber security issues traced to human error, this will go a considerable way to reducing the success of cyber criminals.
2. Ransomware attacks will continue and evolve
Last year only the US and Canada suffered more ransomware attacks than the UK. Endpoints are the most common initial point of infection for ransomware. That’s why companies must embrace EDR (Endpoint Detection and Response) and the ZTNA from the previous point to minimise the likelihood of a successful attack.
Increasingly ransomware is being offered ‘as a service’, reducing the bar for entry into the market. This is being offered across the dark web with the most sophisticated providers even offering customer portals where you can track the progress of an attack. With it becoming easier to access, companies must expect and prepare for an attack.
3. Cyber insurance is becoming increasingly expensive
As the threat of cyber-attacks continues to grow, more companies, seeking to improve cyber resilience, are purchasing cyber security insurance to protect themselves against financial losses resulting from a breach.
This is leading to higher costs for insurance and some companies even being refused a policy all together. As regulations tighten and threats grow, it is becoming increasingly difficult to secure the right cover. Of the security professionals we surveyed, over 40% reported that the evidence of effective cyber security protection required by insurers has increased significantly.
4. Cyber security regulation and compliance will tighten
Governments around the world are enacting stricter cyber security regulations to protect sensitive data and critical infrastructure.
The UK government recently announced plans to strengthen their Network and Information Systems (NIS) regulations established in 2018. They are extending the regulation to cover managed service providers (MSPs). MSPs will face fines of up to £17 million for failing to implement effective cyber security measures. After all, they play a major role in supporting the providers of crucial infrastructure.
Remember the British Airways attack from 2018? Not only is this an example of the importance of implementing ZTNA, but the hackers gained access via their supply chain. With many similar examples, it is no surprise to see regulations being extended.
While the focus in 2023 will be on NIS2, the Digital Operational Resilience Act (DORA) and the Telecommunications (Security) Act (TSA), we expect the trend for more stringent regulation to continue for years to come.
5. Targeting of critical infrastructure companies and their supply chains will continue
The outage on the Viasat owned KA-SAT satellite that left tens of thousands without internet across Europe in 2022 provides an example of the far-reaching consequences from infrastructure being targeted.
We all suffer when infrastructure is compromised. In the above example Ukraine may have been the target, but internet users as far away as Portugal and the UK were affected. With such attacks increasingly likely, we all need to review and strengthen our disaster recovery plans.
It’s not just the infrastructure companies themselves that will be vulnerable. Supply chains should also expect increasing attacks. Almost a year ago now, Gartner predicted: “by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains”.
Within the supply chain, Managed Service and SaaS providers will be top of the list for cyber criminals to target. While they will have strong defences in place, should a cyber criminal successfully breach these defences, the rewards will be huge given the volume and sensitivity of data these suppliers have access to.
Security professionals need to keep these risks front of mind and deepen their understanding of the supply chain.
6. The security skills shortage remains a major hurdle
There really aren’t enough professionals in the sector to meet the needs of all companies. A recent report from the Department for Digital, Culture, Media and Sport found that over 40% of UK SMEs were not confident in carrying out a range of cyber security governance tasks inhouse.
This places extra burden on the professionals who are in the business to upskill more junior staff. As the recession deepens and the cost-of-living bites we may even run the risk of cyber-crime becoming more attractive than working for reputable companies.
7. An increasingly complex tech stack
Adding to the challenge of a skills shortage mentioned above, security professionals tell us they are overwhelmed by the tools and service providers in the marketplace. There are too many for them to know what and who to trust.
In February last year the government estimated there were 1,838 companies in the UK alone providing cyber security products and services. We expect personal recommendations becoming ever more important to help professionals navigate this crowded marketplace.
Companies will succeed by simplifying their processes and working with trusted partners. Investing in prevention strategies will also help to reduce the work of their internal teams in the long run.
8. Greater use of artificial intelligence and machine learning
AI and ML will continue to improve threat detection and response. Predicting cyber threats is another use of AI that will continue to grow.
As the quantity of data and the number of threats increase, so too do the benefits of integrating artificial intelligence and machine learning into systems and processes. Yet, we must remember that criminals will be using the same tools to their advantage in the same arms race we experience across all cyber security developments.
9. Cloud security remains a core focus
The cloud isn’t inherently insecure, but it requires work and continual monitoring to keep it secure, particularly with the increase in storage of personal information. Public clouds must provide strong cyber security and have stringent penetration testing to stay competitive. They benefit from some of the most talented engineers working at a scale that allows singular focus on security. But they offer huge rewards to cyber criminals if breached. With a private cloud, you can customise the security. And with a hybrid you can choose depending on the need and get the most out of your infrastructure budget.
Digital transformation projects will continue to be a major investment in 2023. Migrating data and applications to the cloud is among the top three digital transformation projects along with change management and introducing AI and ML
Protecting these assets in the cloud will thus continue to be a core focus for security professionals. Centralising security data and tools that support this will prove crucial for security teams working in hybrid systems or on cloud deployments that are expanding.
10. IoT security to become major focus
Research by Aviva has estimated there are at least 286 million IoT devices in the UK. That’s just in people’s homes. There is another massive increase in devices being used in industry as part of what is being referred to as the Fourth Industrial Revolution.
Recently reported attacks show that whole swathes of IoT devices are inadequately protected against cyber threats. The same cyber security principals apply to IoT devices as to the above points and need to be utilised:
- Automated detection is needed to identify anomalies and allow a rapid response
- Zero Trust should be used so that no device is trusted automatically
- AI and Machine Learning are needed to manage the huge number of devices
At the same time, we expect to see more ‘Security by Design’ by those developing IoT products so that security is a top consideration from the very earliest stages of product development.
So, what does 2023 hold for cyber security in the UK?
Collectively, our experts and the security professionals we spoke to all agree that things will get worse before they get better. We expect a higher number of attacks, which will continue to be more sophisticated.
The good news is that we collectively know how to minimise the threat of attacks and the tools to help us do this are improving rapidly. Of the security professionals we surveyed, 61% reported strengthening protection against cybercrime to be their priority over the next year and that their organisations are ready to invest as needed in protecting their systems and data.
In response to this evolving threat landscape we are organising an in-person event on: How to Prepare Yourself and Your Business for a Cyberattack. If you’re keen to hear from and network with likeminded peers, you can register here.
Book a review today
While there will be nuances for your specific company, there are certain things you should be doing as standard to keep your company secure. Let us check your cyber position and suggest the most effective measure to build on what you are doing to keep your company safe.
Contact us today for a no obligation review of your cyber security practices.