Security incidents, data theft and ransomware: numerous companies such as Metro, Continental or the German Press Agency (dpa) were affected. No industry is immune to it. 2023 brings both opportunities and challenges for IT security.
According to Illumio's expert assessment, two topics or trends will become particularly important in 2023 when it comes to IT security: cyber resilience and that governments and companies will start to take more effective measures to eliminate ransomware.
Cyber resilience is more than recovery time
The first trend is that cyber resilience is becoming the sole measure of success for IT security programs. The World Economic Forum has long championed cyber resilience, but next year it will be high on the agenda of boards. The prevention of security incidents, i.e. a breach of the perimeter, will no longer be a measure of success. Cyber resilience is becoming a goal that all companies want and need to achieve. They will be judged on whether and how extensively they have achieved cyber resilience.
Downtimes become unacceptable
While organizations today still measure the success of their business continuity plan by their ability to fully recover their IT within the recovery time objective (RTO) to the recovery point objective (RPO), is a year 2023 any downtime will be unacceptable. Rigorous testing and the development of industry-wide metrics that make it easier to compare against other companies and what “success” looks like will force companies to reconsider their risk appetite and achieve a minimum acceptable level of cyber resilience to avoid fines, profit or to avoid reputational damage.
Legislation against ransomware
The second trend is that governments and companies will start taking more effective measures to eliminate ransomware. An Illumio study shows that more than two-thirds of German companies that fell victim to ransomware were forced to pay ransoms. These cash flows into the informal economy help fund further attacks and campaigns.
Ban ransom payments like Australia
The only way to stamp out ransomware is to stop ransom payments entirely. We've already seen countries like Australia considering a ban on ransomware payments and expect global discussions to continue and intensify in 2023. With Germany still lagging behind when it comes to cybersecurity, it is unlikely that legislation will be introduced in the next year.
But cyber insurance companies will be increasingly reluctant to make payments in the event of ransomware attacks. They will also seek to tighten policy eligibility requirements and require more extensive measures to demonstrate cyber resilience (such as sufficient segmentation).
Only Zero Trust will help
Unfortunately, attackers are always finding new ways to penetrate the IT landscape of companies. This is also confirmed by a report by the Federal Office for Information Security (BSI). Organizations need to embrace this new reality and adapt their IT security programs accordingly. With a Zero Trust approach, companies prevent attackers and ransomware from moving in their IT environment - they stop them early. This is cyber resilience: A single cyber attack must not threaten the functionality of the entire company. Thanks to cyber resilience, companies continue to operate effectively despite a cyber attack. And if ransomware payments are banned in the future, cyber-resilient businesses won't be affected because ransomware can't harm them.
More at Illumio.com
About Illumio
Illumio, the pioneer and leader in zero trust segmentation, prevents security breaches from becoming cyber disasters. Illumio protects critical applications and valuable digital assets with proven segmentation technology built specifically for the Zero Trust security model.