RackTop’s Chief Technology Officer, Jonathan Halstuch, shares his top 3 data security trends to prepare for in 2023 including AI for IT operations, the rise of data theft over ransomware, and continuing changes to cyber insurance coverage and protection expectations.
1. Increasing Use of Artificial Intelligence (AI) for Security and ITOPs
Looking back 20 years ago, our predictions for how Artificial Intelligence would be used in 2022 were very ambitious. For example, we didn’t get flying cars as predicted by Popular Mechanics magazine, but we have seen the introduction of self-driving cars. Nonetheless, we have recognized that AI has been a valuable resource in IT operations and improving the response time and effectiveness in critical situations.
In 2023, I see AI being a fundamental element of security that detects malicious activity and responds accordingly. AI can be used to rapidly detect a cyberattack and take countermeasures to contain and isolate that attack across the entire environment, both on premises and in the cloud. We need to implement AI in ways that don’t create machine learning (ML) burdens on the proposed beneficiary that, counterproductively, outweigh the benefit of AI. We have seen a large uptake in AI to detect failures of hardware and software and take restorative action; most of this has been provided by vendors. I see vendors providing more cloud and on premises AI capabilities in the same way for data security. Approaches that don’t rely on manual training of the model and work without too many false positives will motivate organizations to adopt AI enabled solutions.
2. Changes in Cyber Insurance Coverage and Protection
Until 2020 many public and private sector organizations considered the risk and cost of falling victim to a cyberattack as low and unlikely. But today organizations and insurance companies have a much different perspective. Insurance companies now require organizations to have security controls in place before they will issue a policy. And organizations have seen a significant rise in insurance premiums but with less damage coverage. In the past, organizations have relied on cyber insurance as part of their risk mitigation plan instead of improving cybersecurity controls with active data protection against theft from insiders and attackers. Organizations who rely on cyber insurance coverage to recoup losses and cover damages are extremely exposed and more likely to go out of business after a breach. Cyber insurance can offset the expense of bringing your company back online, but your team still has to put in the time and work to recover your data while working to repair its reputation. Contributing to the risk of relying on insurance, cyber insurance agencies are seeking provisions to avoid payouts when attacks are state sponsored, terrorist acts, acts of war, or God.
Focus on preventing attacks and creating cyber resiliency. How? Organizations should be regularly improving cyber hygiene, reducing risk, and defining policies and procedures. Doing this will help reduce your insurance premiums while also reducing risk by minimizing the impact of attempted cyberattacks.
3. Increased Focus on Data Theft versus Ransomware
Ransomware attacks got the world’s attention about the critical nature of cybersecurity. Even non-technical citizens recognized that they would be affected by disruptions to services when businesses succumb to cyberattacks. The uncertain nature of these disruptions can impact citizens and critical infrastructure in cities, schools, hospitals, utilities, and the finance sector for hours, days, and in some cases – months.
Now, as double and triple extortionware become the norm for ransomware attacks, the private sector is aware of what cybersecurity subject matter experts and the federal government have known for decades – the ramifications from the silent data theft of intellectual property and PII is far worse. For example, cybercriminals who are financially motivated may both extort money from the victim and sell the information to other nefarious actors. While yet another motivation, driven by power, is to steal secrets that can later be exploited by an attacker or their sponsor. In these cases, attackers want to steal secrets without detection, which provides no alarm to the victim and leaves the possibility of stealing more secrets in the future. In conclusion, as organizations and government regulations posture to fight the data theft problem, the global focus will shift away from a recovery mindset to the attack prevention and damage minimization mindset.