How will cybersecurity fare in 2023?
IT security remains a major concern for companies worldwide, and 2023 was no exception. Indeed, data from ANSSI (Agence nationale de la sécurité des systèmes d'information) highlights a worrying breakdown of organizations targeted by attacks, with businesses predominating (69%), followed by local authorities (20%) and healthcare establishments. This breakdown underlines not only the vulnerability of infrastructures, but also the growing value of healthcare data, which has become a prime target for cybercriminals.
Some key cybersecurity statistics for 2023 in France :
- The average cost of a data breach for an SME is €130,000.
- 41% of SMEs are unable to recover their data after a breach.
- 94% of malware is distributed via e-mail.
- A third of companies that paid a ransom were confronted with a new attack.
- There will be 330,000 successful attacks on SMEs in 2023.
Focus on the cyberthreats of 2023
Ransomware on the rise
In 2023, ransomware attacks reached unprecedented levels. Businesses of all sizes and industries were targeted, underlining the need for increased preparedness, and the use of effective recovery solutions.
An explosion of Zero-Day vulnerabilities
Zero-Day vulnerabilities have been exploited more frequently, highlighting the need for companies to strengthen their early detection and rapid response capabilities. Collaboration with security researchers to identify and mitigate these vulnerabilities has become crucial.
Increased emergence of social engineering
Attacks based on social engineering have continued to grow in sophistication. Hackers exploit psychological techniques to deceive users and gain access to sensitive information. Companies have had to invest in security awareness and employee training.
Tougher regulatory compliance requirements
Cybersecurity regulations have tightened in several jurisdictions. Companies have been forced to implement stricter security measures to remain compliant, with significant financial consequences in the event of non-compliance.
What trends are on the horizon for 2024?
The focus is on emerging trends in cybersecurity for 2024, where Artificial Intelligence (AI) occupies an increasingly prominent place, reinventing both defense strategies and attack approaches in the cyber domain.
The use of Artificial Intelligence in cybersecurity is set to grow by 2024. The predictive capabilities of AI algorithms can be leveraged to anticipate and counter emerging threats, strengthening enterprise security.
As quantum technologies advance, companies are turning to quantum cybersecurity to ensure robust protection against potential attacks based on quantum algorithms. Investment in this field is set to grow significantly.
The entry into force of the NIS 2 directive in 2024 will bring new security requirements for companies operating in the European Union. This directive will broaden security and incident reporting obligations, affecting a wider range of businesses, including digital service providers. Companies will have to carry out in-depth security audits and implement robust compliance measures to comply with these regulations, which may require upgrading existing infrastructures and training staff.
Demand for cyber insurance is set to increase, with policies tailored to the specific risks faced by each company. Insurance companies are expected to incorporate more sophisticated models to assess risks and offer customized solutions, leading to an expansion of cyber insurance.
By 2024, phishing attacks are expected to be more localized and targeted, exploiting the linguistic and cultural peculiarities of non-English-speaking countries. Cybercriminals will use more subtle social engineering tactics to deceive users in these regions, making it harder for traditional filters to detect phishing attacks. As a result, companies will need to strengthen their anti-phishing filters and invest in multilingual training programs to make their employees aware of the signals indicating a phishing attempt, whatever the language used.
What impact will this have on your business?
To face this challenging future, companies will need to strengthen their cybersecurity and data protection policies more than ever. This includes the use of technological resources focused on automation and orchestration, with a growing adoption of Artificial Intelligence, notably through machine learning algorithms.
Beyond technological tools, it is crucial to adopt or maintain a mindset and strategy focused on resilience and risk management. The traditional cybersecurity strategy, based on detection and response after an online attack, has not been sufficient for several years now.
It is essential to integrate a proactive approach, which involves anticipating and analyzing the ecosystem to detect malfunctions or breaches before an incident occurs. Proactivity also relies on the correlation and in-depth analysis of cyber-attacks to feed Threat Intelligence. In addition, training and awareness-raising for users and all non-IT specialists within organizations remain essential to ensure optimal system protection.
Finally, good management means constantly bearing in mind the possibility of a cyber-attack, and being ready to deal with it at any time. While cybersecurity remains an ongoing challenge, companies must persevere in their evolution to counter emerging threats. In 2024, the incorporation of advanced technologies and close collaboration between the public and private sectors will be essential to safeguard corporate data and operations in the face of cyberattacks.
Why is a company like Ellisphere concerned?
More specifically in the corporate world, three key business sectors are particularly targeted by cybercrime: Technology, Media & Telecoms, Financial Services and Energy. Two-thirds of French companies in these sectors have already experienced at least one cyber attack in the past year.
In this context, companies must be able to protect data exchanged with their customers in compliance with current regulations and regulatory frameworks. Companies must implement security measures to protect their information systems and data from all possible threats, such as attempted theft, loss, alteration and unauthorized distribution of personal, financial, technical or commercial data.