DOWNLOAD the free report.
The year 2023 was marked by three milestone events that raised the stakes for cybersecurity professionals.
In July, the United States The Securities and Exchange Commission has adopted new rules which require publicly traded companies to notify regulators within four days of a significant system compromise and to provide details of their governance of cybersecurity risks in their annual public filings.
(Editor’s note: The following is an excerpt from the report “Review of the year 2023 in terms of cybersecurity” – a comprehensive look back at the major cybersecurity events of 2023 that will shape the year to come. DOWNLOAD your FREE PDF copy of the report here.)
The rules are being phased in from December 2023 to July 2024, but have met with criticism in Congresswhere a bill in both houses seeks to dismantle the new rules.
Meanwhile, a ransomware group used the new regulations in November to “report” an alleged victim to the SEC, even if the rules are not yet in force. Some security experts fear that such Reporting violations could become a standard extortion tacticand another maintains that new SEC rules help investors rather than companies or CISOs.
The world has been fascinated by the potential power of ChatGPT and artificial intelligenceand it didn’t take long before virtually everyone could use ChatGPT to craft phishing emails and crude malware.
In November 2023, it became clear that the best way to fight AI-based opponents was to use AI in defense. THE The White House issued an executive order on AI increase federal oversight of rapidly expanding AI systems and promote the safety and security of AI development to reduce its risks to consumers and national security. The United States and the United Kingdom have also published common AI security guidelines which have been approved by 16 additional countries.
Ransomware sets new records for monthly incidents and almost exceeded previous annual payments. This resurgence has been accompanied by a breakdown in international cooperation to combat cybercrime, as tensions have increased due to Russia’s stalled but ongoing invasion of Ukraine and relations between the United States and China have deteriorated.
DOWNLOAD the free report.
Russian foreign intelligence services Malicious actor Cozy Bear, aka APT29, has increased its spying activities and the head of the FBI said that Chinese economic cyberespionage and intellectual property theft pose ‘unprecedented threat’ to innovation.
In response to these threats, cybersecurity buyers, suppliers, influencers, and decision-makers have worked to improve their practices. around ransomware preventionprivacy and third party riskvulnerability management, cloud security, and identity and access management. However, respondents in several CyberRisk Alliance Business Intelligence surveys reported numerous challenges in achieving these goals.
The SEC rule change and AI executive order signaled greater U.S. government involvement in private sector cybersecurity. The SEC also filed fraud charges against SolarWinds following the supply chain hack of its Orion network management software in 2020, and the Federal Trade Commission has more zealously enforced its life violation rules private, both of which we examine in more detail on the following pages.
The potential power of AI looms over every aspect of cybersecurity. Although its impact on attackers and defenders was more theoretical than real in 2023, the coming year could see real-world examples of AI-enhanced threats and protection measures, particularly around ransomware and vulnerability management.
(Editor’s note: The following is an excerpt from the report “Review of the year 2023 in terms of cybersecurity” – a comprehensive look back at the major cybersecurity events of 2023 that will shape the year to come. DOWNLOAD your FREE PDF copy of the report here.)