DOWNLOAD the free report.
The year 2023 saw three significant events that raised the stakes for cybersecurity professionals.
In July, the U.S. Securities and Exchange Commission adopted new rules that require publicly traded companies to notify regulators within four days of a meaningful system compromise, and to give details about their cybersecurity risk governance in annual public filings.
[Editor's Note: The following is an excerpt from the report "2023 Cybersecurity Year in Review" - a comprehensive look back at major cybersecurity events of 2023 that will shape the year ahead.. DOWNLOAD your FREE PDF copy of the report here.]
The rules are being phased in from December 2023 to July 2024, but have met with some flak in Congress, where a bill in both chambers seeks to defang the new rules.
Meanwhile, a ransomware group used the new regulations in November to “report” an alleged victim to the SEC, despite the rules not yet being in effect. Some security experts worry that such criminal reporting could become a standard extortion tactic, and another argues that the new SEC rules help investors rather than companies or CISOs.
The world became transfixed by the potential power of ChatGPT and artificial intelligence, and it wasn’t long before practically anyone could use ChatGPT to write phishing emails and rudimentary malware.
By November 2023, it became clear that the best way to fight AI-powered adversaries was to use AI in defense. The White House issued an AI executive order increasing federal oversight of rapidly expanding AI systems and promoting the safety and security of AI development to reduce its risks for consumers and national security. The U.S. and the U.K. also issued joint AI security guidelines that were endorsed by 16 additional countries.
Ransomware set new records for monthly incidents and nearly topped previous yearly payouts. The resurgence was accompanied by a breakdown in international cooperation to fight cybercrime, as tensions rose over the stalled but ongoing Russian invasion of Ukraine and U.S.-China relations deteriorated.
DOWNLOAD the free report.
The Russian foreign intelligence service’s Cozy Bear threat actor, aka APT29, increased its espionage activities and the head of the FBI said that Chinese economic cyberespionage and theft of intellectual property posed an “unprecedented threat” to innovation.
In response to these threats, cybersecurity buyers, vendors, influencers and decision makers worked to improve their practices around ransomware prevention, privacy and third-party risk, vulnerability management, cloud security, and identity and access management. However, respondents in several CyberRisk Alliance Business Intelligence surveys reported more than a few challenges in meeting these goals.
The SEC’s rule change and the AI executive order signaled greater U.S. government involvement in private-sector cybersecurity. The SEC also brought fraud charges against SolarWinds over the 2020 supply-chain hack of its Orion network-management software, and the Federal Trade Commission more zealously enforced its privacy-breach rules, both of which we examine in more detail in the following pages.
The potential power of AI looms over all aspects of cybersecurity. While its impact upon both attackers and defenders was more theoretical than actual in 2023, the upcoming year may see real-life examples of AI-augmented threats and protective measures, especially with regard to ransomware and vulnerability management.
[Editor's Note: The following is an excerpt from the report "2023 Cybersecurity Year in Review" - a comprehensive look back at major cybersecurity events of 2023 that will shape the year ahead.. DOWNLOAD your FREE PDF copy of the report here.]
