2022 has been a landmark year for cybersecurity, but mostly for the wrong reasons. Although technological advancements in the security industry have been dynamic throughout the year, cyberattacks across industries have reached record highs. According to the latest reports, 76 percent of organizations across North America, Europe, and Australia experienced at least one cyberattack in 2022 — a staggering 20 percent increase from 2020.
Most of these attacks originated from malicious emails and credential leaks. In fact, phishing attacks increased by 61 percent in 2022, with businesses reporting over 255 million phishing attacks last year. Unfortunately, things are not looking good for 2023. The ongoing cyber skills shortage, coupled with the crushing economic crisis across industries, mean that cyberattacks will continue to soar this year. Inevitably, the security teams will be tasked with the monumental challenge of keeping such soaring threats at bay. So, what major challenges should industry leads expect in 2023? And what advanced practices can businesses leverage to address these issues?
The critical challenges of the cyber skills gap
The security industry has been experiencing a prolonged skills shortage for the last few years, and this gap will likely widen into the new year. In 2022, there was a shortage of 3.4 million skilled workers in the industry, which was 26.2 percent more than the previous year. This shortage could stretch to well over four million this year. So, how will this impact businesses and their current security teams?
It is likely that the overburdened security professionals will face increased alert fatigue, as they become overwhelmed with too many security alerts. Current-generation security solutions used by most organizations are often ineffective in terms of categorizing and prioritizing alerts. Most importantly, such alerts often require human intervention for effective response. With too many uncategorized and low-quality alerts, coupled with a limited workforce, security teams are bound to become desensitized and as a result may fail to respond appropriately to such warnings. This will add to the likelihood of a successful breach.
The prolonged skills shortage and alert fatigue will likely make the role of security analysts more stressful going forward. Organizations can safeguard against the likelihood of burned-out Security Operations Center (SOC) analysts by automating some of the analysis and response processes required to resolve alert.
Will automation be the definitive answer?
To counteract these challenges, organizations will need to improve their threat detection capabilities, while also relying less on human intervention. Automation will be the most effective solution in this case to move forward. In 2023, businesses focusing their attention on investing in automated incident response solutions will be able to proactively detect and automate responses to potential threats in real-time without requiring any significant intervention from the security teams.
Businesses need to implement such solutions on channels that are most vulnerable to potential threats and where the frequency of alerts is notably higher, such as email. Automation can eliminate the effort associated with initial investigation of alerts — tasks like querying threat intelligence databases or sandbox analysis of a file to identify possible malware. There are also solutions that use Artificial Intelligence (AI) and Machine Learning (ML) to automate incident response workflows. Together, these steps to automate detection and response help reduce the amount of manual effort required of security teams flooded with a high volume of alerts. Instead, they can focus on critical assets and more strategic initiatives like increasing the efficiency and maturity of the security program.
The high prevalence of email attacks in the past few years alongside the ongoing skills shortage has already made businesses wake up to the critical importance of automated solutions. Therefore, in 2023 we are likely to see more businesses focus on this shift towards automation. Either this, or they will outsource their threat investigation and incident response entirely to ease the burden on their security teams — likely to existing vendors.
Overall, as cyberattacks become more advance, email security practices will need to evolve along the same lines as other areas of enterprise security. Businesses will need to adopt more defense in-depth strategies beyond traditional email filters and implement solutions that automate detection of novel threats and the ensuing incident response.
Whether it’s email, remote exploit, or phone scam, attacks will always find a way through our defenses. Automation both with and without technologies like AI/ML can improve the efficiency and efficacy of processes used not only to block threats but also detect and respond to the ones that get through. For this future to come to fruition, organizations must focus on practical, incremental steps to improve cybersecurity resilience.
Image credit: jorgenmac/depositphotos.com
Mike Fleck is Senior Director of Sales Engineering, Cyren.