Among the relevant data of the Report from Clusit, Italian Association for Computer Security, released last November, emerges those concerning the growth of serious cyber attacks. From 2011 to date, the Association's researchers have detected more than 15 thousand events, more than half of which (8,285) occurred in the last four and a half years. Comparing the first half of 2018 with the same period in 2022, the increase is 53%, with the monthly average of serious attacks globally rising from 124 to 190.
The data only confirms the main global trend in cybersecurity: the steady increase in incidents and breaches. Within this general picture, we can identify five specific trends in the evolution of cybersecurity that will characterize the current year.
Over the past few years, a specific type of attacker has developed: supranational organizations. Three names for example: Revil, Ragnar Locker and Lockbit. They are increasingly being joined by leaner and younger cybergangs. Like Lapsus$, an emerging group capable of targeting tech giants such as Nvidia, Microsoft or Uber. Their strength lies in implementing mass phishing strategies and extremely sophisticated ransomware. The 2022 attacks confirm that this trend will continue this year.
The dwell time of ransomware
Speaking of increasingly sophisticated ransomware, one figure that shows a trend in 2023 is the decrease in the average time the software stays on the target systems. We are talking about less than thirty days, compared to almost eighty days in 2020 (source: Mandiant). Two insights can be gleaned from this data: ransomwars are increasingly effective and needs less time to study the systems it has infiltrated, and companies have greatly reduced detection times and are therefore reacting more promptly.
Recovery procedures, if one is affected by ransomware, continue to take time and money. This is why it is estimated that in 2023 companies will reduce downtime by increasingly relying on automation, in particular Infrastructure as Code, software that allows infrastructures to repair themselves and automatically restore their functions.
Investing more in the cloud
According to forecasts by Gartner for 2023, the largest IT security investments will be allocated in the cloud: the estimate is almost USD 6.7 billion, an increase of close to 27 percent compared to 2022. Data breaches caused by incorrect configurations or lack of encryption are a 'hot' topic, not least because of regulations that impose them on both stored data and data in transit.
As costs increase, so does the number of organizations asking providers to prove, through certification, that they are enforcing and monitoring encryption of their storage and cloud usage. The regulatory theme is therefore high on the agenda this year, driven also (at least in Europe) by the coming into force of new regulations such as the European Directive NIS 2.
Employee awareness of cyber risks is a long-standing pain point in the security posture of organizations. In 2023, the goal is to improve it through an expansion of social engineering audits to check employee security policies and procedures. The human factor is still the weakest link that attackers exploit for their activities. According to Kaspersky, 13% of the sample believe that employees lacking in training are the main threat to IT security; specifically, the rate rises to 22% among small and medium-sized companies (those with between 50 and 999 employees).
In larger companies, only slightly more than half of the employees have attended cyber security training sessions. To make employees more aware, it is the general intention of organizations to increase the number of courses and moments dedicated to improving knowledge of basic cybersecurity practices.
More corporate investment
As previously highlighted, the cloud is the area of highest spending on cybersecurity assets. In general, companies are expected to spend more in 2023 than last year to protect their business. Gartner estimated a $190 billion global investment: in 2022 it was $172 billion, and in 2021 $151 billion. The increase is not likely to stop, as the average annual growth trend until 2026 is calculated at +11%, with a global spending projection of USD 260 billion.
Besides the cloud, the main areas of investment will be digital identity protection (IAM) and zero-trust networks. Also according to Gartner, spending on application security is expected to increase by 25 percent, to about $7.5 billion. But over 40 percent of 2023 spending will be intercepted by security vendors (over USD 76 billion).