Top 10 Security Challenges of 2023

There are an estimated 213 million companies worldwide, and every year many more appear in the business world. Among so many different businesses, do you think everything goes smoothly for them - building from scratch to deliver continuous success of security and business continuity? Absolutely, not. 

Some of these businesses are proficient enough to have the awareness and take coherent steps. Usually, the biggest challenge of any organisation is effective security management. But the significance of security has often been undervalued. 

In terms of security management, here are the top 10 challenges most businesses will be facing. 

10. Retention Policies 

People often forget the importance of digital security in information management. 

Data is everything; hardware and software have no bearing on this. The ultimate aim of data security is to guarantee that the correct information reaches the correct individuals (with integrity) and does not travel to any other location.

Having proper control over data comes with various challenges such as mapping data flows and classification of data among others. 

When you read like that, it sounds easy. But why do so many companies fail?

Over 56% of business organisations have problems with properly classifying information. This of course comes with another problem; access control. As they cannot properly classify the information, they cannot control the access given over to data. 

Think of it like a chained car accident that started out of one single mistake. 

9. Insurance 

Making sure that insurance itself and the insurance market are prepared to handle the dangers and challenges brought by the digital marketplace will be the challenge for 2023 (as it has been in the past). Most entities' insurance plans may not be sufficient to cover new dangers including fraudulent wire transfers, supply chain disruptions, third-party liabilities, company reputation management and cryptocurrency loss.

 In addition, many small and mid-sized enterprises are being priced out of the market because of the rise in the cost of cyber insurance. Finally, claims relating to state-sponsored cyberattacks and systemic supply chain (third party) claims may require different solutions from those offered by the existing commercial cyber insurance industry.

8. Ransomware 

Ransomware continues to be a major problem for businesses, not just because it has spread so widely but also because of the serious consequences that one ransomware assault could have on a business, as well as on every other business or client that depends on that organisation.

Did you know? 

Every 40 seconds, a business is affected by ransomware. ignificant investment in cybersecurity and personnel security awareness training is needed to withstand this volume of attacks.

7.Supply Chain Security

Supply chains are challenging to manage and complex to comprehend. Any entity's security (and resilience) depends on the security (and resilience) of all of the hardware, software, people and procedures that it relies on because of the many interdependencies between them. Third-party audits, data protection agreements and regulatory standards might all be helpful, but the issue is extremely complex and is likely to continue.

6. Multi Factor Authentication 

I am sure you’ve all seen or heard about MFA in many different sources. The term becomes familiar, doesn't it? 

Even though the term is familiar to the majority of us, it doesn’t mean that organisations are all successful in implementing this solution. Some organisations aren’t even aware of the importance of having MFA solutions in place. 

According to Microsoft, “99.9% of cyberattacks can be prevented by using Multi-Factor Authentication(MFA).” 

5. Data Protection 

Businesses only directly control a small portion of the infrastructure they rely on. A third-party cloud service provider handles their mail. Similar statements may be made about Salesforce infrastructure, billing, invoicing, HR and more. They work with consultants, independent sales reps, lawyers, suppliers, vendors; all of whom have access to various levels of data, networks and devices. 

We trust third parties that handle our data and processes that are not under our direct control to "do anything" to protect it. Informing us of a data breach is not always optional. Sometimes it’s required to adhere to a data privacy or security requirement (think ISO or NIST security standards). 

Additionally, we believe that we are protected because the third party has a contract in place guaranteeing that they will protect our data. Protecting data is not the sole responsibility of third party suppliers, as an organisation you should also take the necessary steps to be in a safe zone. 

4. Regulatory Compliance – GDPR 

Did you know that 95% of companies are using error-prone and time-consuming manual processes for GDPR DSAR requirements?

When this is the case, it becomes more problematic to store all the collected information securely and fulfil its requirements.

3. Teleworking

During the pandemic, many sectors had a problem with continuing their day-to-day businesses. Companies started to promote remote work or telework, which of course has its positives in terms of freedom and comfort. 

But this heaven can easily turn into hell if you do not know your security responsibilities. In the previous corner, we mentioned that just 27% of companies practise security awareness training. 

Unsurprisingly following the pandemic, the percentage of security breaches increased drastically. 

According to statistics from ISACA; 

The COVID-19 pandemic drastically escalated cyber issues, as shown by several key statistics:

  • Cyberattacks during the early months of the COVID-19 pandemic increased (30,000 cyberattacks between 31 December 2019 and 14 April 2020).
  • Daily cybercrime complaints increased by 300– 400 percent.
  • From January to April 2020, 907,000 spam messages, 737 malware incidents, and 48,000 malicious uniform resource locators (URLs) were registered.
  • Average ransomware payment amounts increased by 60 percent during quarter 2 (Q2) 2020.
  • Google blocked 18 million COVID-19-related scams daily.
  • Phishing attacks increased by 220 percent compared to the annual average.

2. Shortage of staff 

We've always had trouble finding qualified security personnel, in part due to the nature of the job. 

A good security guard adheres to complicated guidelines. A good security guard often disregards intricate regulations and damages things. A good security guard makes things right. A good security professional is able to communicate with others and impart their knowledge. A good security professional is more interested in thinking imaginatively about how to exploit people's flaws than they are in other people or sharing their discoveries. 

Those that work well in security are team players. A skilled security guard can operate unsupervised for several hours or even days. A good security professional has the heart of a hacker. A trustworthy security expert would never take actions that a hacker would.

1. Security Awareness 

The issue is that a lot of users either don't know how to maintain security or don't care. However, the majority of the time, it's because users think that getting around a security restriction is either required or helpful in order to complete their task. 

Finding out how and why people are evading security is thus part of the CISO's responsibility in order to develop a solution to assist them in completing their tasks. And to cultivate a culture of safety, interest, and concern within and throughout the business. Because, why not?

Many of these issues aren’t new issues that have only emerged this year. Why then can't many businesses conduct a thorough investigation of these issues? The funding set aside for security and the priority assigned to it by management are insufficient, according to security experts from numerous organisations.  

Of course, it doesn't give the impression that everything is the management's fault. Even though management and security experts put up their best efforts, if staff members are unaware of their security responsibilities, success will be difficult to attain. 

If security awareness is not promoted well within an organisation, increasing security management to an effective level is almost impossible.

Beyza Bayam-Trojanowska
Beyza Bayam-TrojanowskaSecurity Consultant
Life at NordcloudSecuring CloudTech Community

Get in Touch.

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.

Ilja Summala
Ilja Summala LinkedIn
Ilja’s passion and tech knowledge help customers transform how they manage infrastructure and develop apps in cloud.