New Year’s Revolution: Risk Management Trends in 2023

Ryan Swann, Founder of RiskSmar

Experts predict that 2023 will see more sophisticated ransomware, a push for stronger cybersecurity within organisations, and a slew of other trends. These, along with the rising cost of living and economic conditions will force risk management teams to become more efficient, more forward-thinking, and more involved with their teams.

Cyber-attacks across all industry sectors increased by 28% in the third quarter of 2022, and this trend is expected to continue, owing to an increase in ransomware exploits and state-mobilised hacktivism fuelled by international conflicts. At the same time, as the global cyber workforce gap of 3.4 million employees widens, organisations’ security teams will face increasing pressure, and governments are expected to introduce new cyber regulations to protect citizens from breaches.

What Gives Us Access to Everything, Also Gives Everything Access to Us

The Internet of Things (IoT) has ushered in a new era of connectivity, allowing devices to function in new and expanded ways. The IoT market is expected to grow by 18% to 14.4 billion active connections by the end of 2022. It is predicted that there will be approximately 27 billion connected IoT devices by 2025, as supply constraints ease and growth accelerates.

Meanwhile, data breaches are becoming more common too. As a result, organisations are turning to analytics and automation to assist cyber specialists in their work. Of course, technology will never be able to solve all cybersecurity issues completely. Some automated actions can be carried out, however, in many cases, organisations will want to investigate problems discovered by analytics before taking corrective action. This means that the most effective cybersecurity environments will be complex human and machine intelligence hybrids, with critical handoffs between automated and analytics-driven alerts and human interventions.

This will necessitate a well-defined process for identifying, screening, and responding to threats, with roles clearly defined for intelligent machines and capable humans. The process must not only identify and qualify threats but also respond to them quickly. With several threats, this is not easy, but analytics-based prioritisation can help. This is not a future scenario, but rather the early stages of a present one.

Today, organisations in both the public and private sectors use analytics and, to a lesser extent, automation to improve their cybersecurity programmes. There may be some uncertainty about when such technological capabilities will be fully mature, but there should be none about their necessity and likelihood of adoption.

ESG and Cybersecurity

Companies large and small, public, and private, are facing increased challenges in managing Environmental, Social, and Corporate Governance (ESG) as well as cybersecurity requirements and responsibilities. Aside from maintaining a stronghold on news headlines and cutting-edge tech entrepreneurs, both fields necessitate constant attention and transparency. As demonstrated by various federal agencies, audits and investigations will determine when quality reviews and compliance certifications are inaccurate. Every level, from the C-suite to the entry-level employee, must be trained on ESG and cybersecurity as they relate to their job functions. Furthermore, corporate culture should strive to maintain awareness of the importance of ESG and cybersecurity.

ESG and cybersecurity are both broad concepts that encompass a wide range of factors across industries. Furthermore, both represent significant collections of requirements that will be used to evaluate companies and government agencies. All signs point to the workforce of the future requiring cybersecurity and ESG overlays on top of most corporate roles.

Common drivers such as legislation, international adoption, and social pressure demonstrate that the need for secure and responsible systems — considering both cybersecurity and ESG concerns — is no longer just a nice-to-have feature in the twenty-first century. Companies that anticipate and prepare for the increased importance of cybersecurity and ESG will stand out in a sea of business-as-usual competitors.

Social Media and Deep Fakes

More than one in every four people who reported losing money to fraud in 2022 said it began with a social media ad, post, or message. The data suggests that in 2022, social media was far more profitable for scammers than any other method of targeting users.

There’s a lot to like about social media for scammers. It is a low-cost method of reaching millions of people worldwide. It’s simple to create a fraudulent persona, or scammers can hack into an existing profile to find “friends” to con. They can fine-tune their approach by studying the personal information people share on social media. Furthermore, scammers could easily use the tools available to advertisers on social media platforms to target people with fictitious ads based on personal information such as their age, interests, or previous purchases.

Deep fakes are phoney computer-generated audio or video representations of real people that are increasingly being used in scams. They could be compared to a cross between animation and photorealistic art, and IT and computer programming industries are the most frequently targeted in this new fraud. Viewers are unable to identify deep fakes, as they utilise an AI-based deep database. As these technologies mature, they may have far-reaching implications for businesses. This isn’t just speculative paranoia, bank robberies and corporate fraud cases in Dubai and the United Kingdom involved the use of cloned voice technology to steal tens of millions of dollars. Finance personnel were duped into transferring funds when they thought they heard the voice of a trusted client or associate.

Preparing for 2023

As is always the case with security, technology alone is insufficient; employee education must also be considered. However, the sophistication level is rapidly increasing. At this point, users should be given a basic introduction to cybersecurity, highlighting the tell-tale signs of online scams and deep fake technology, as well as their potential misuse by cybercriminals. Employees should be taught to think twice before acting on any emergency request without first verifying it with the sender directly, preferably in person.

Furthermore, corporate culture should strive to maintain awareness of the significance of ESG and cybersecurity. Prevalent factors such as regulations, global implementation, and external influences illustrate the requirement for safe and accountable systems that take into account both cybersecurity and ESG challenges.