2023 Cybersecurity Threats to Watch (and Tips to Protect Yourself)

Cybersecurity will be more complex than ever in 2023. In June 2022, the U.S. government allocated $15.6 billion to cybersecurity efforts. From 2020 to 2021, the average data breach cost rose by nearly 10%. An Accenture report showed companies experienced 31% more attacks in 2021 than in 2020. Companies and governments alike are bracing for the continued impact.

For research administration in particular, cybersecurity is a critical risk to consider. Privacy is imperative, and compliance regulations are strict.

As we enter a new year with the potential for new cybersecurity attacks, it’s a good time to learn about the leading threats and steps research organizations can take to protect themselves.

Top cybersecurity threats to watch in 2023

Experts are predicting a few key cybersecurity threats to watch for in 2023. Here are seven that could most directly impact research organizations.

• Artificial intelligence. AI has burst onto the scene in the past few months with the public release of ChatGPT and several trending photo-generating apps. But AI also poses a greater threat to privacy and safety. Hackers and cybercriminals are increasingly deploying “smarter” malware and using AI and machine learning to create more sophisticated cyberattacks.
• Threats targeting mobile and cloud systems. An IEEE survey of 350 chief technology officers, chief information officers, and IT directors found 51% of respondents prioritize cloud vulnerability as a top concern for 2023 (up from 35% for 2022). Cloud security measures must be stringently practiced to protect against malware, phishing, and other attacks. Mobile is also a target, as all devices are potential prospects for cybercrime.
• Data breaches. Data is currency — and the leading target of cybercrime. Safeguarding digital data is the top priority for nearly every major company and a critical goal for research organizations. Even the smallest bug in a system can create vulnerability to a data breach.
• Malware and ransomware. Malware is malicious software that infects networks, systems, and devices. The main goal of malware typically is to steal data or private information, deny service, or control systems. Ransomware is a type of malware that disrupts and stalls systems or steals data and demands a ransom (usually cash) to restore systems to normal.
• State-sponsored cyberwarfare. Experts expect high-profile data breaches and governmental, political, and industrial secrets to become targets in 2023. The United States, Russia, and China are all steeped in tensions regarding cyber warfare.
• Insider threats. An insider threat typically is a human error problem. Human error is one of the primary reasons for data breaches. A Verizon report estimates 34% of company attacks were directly or indirectly caused by employees.
• IoT vulnerabilities. The Internet of Things (IoT) is becoming far more widespread, with 5G networks connecting our homes, offices, vehicles, and devices in ways we never dreamed possible. Because 5G architecture is relatively new, experts expect network attacks to become common. Manufacturers will need to develop stringent security software to protect our connected lives.

Tips to protect your research program from cybersecurity threats

The surge of technological innovation doesn’t just make cyber threats more daunting. It also makes our security responses more robust. Here are some top tips for approaching cybersecurity within your research program:

• Build a security-aware culture. Ensure your employees and teams are trained on potential threats and know what to do if they find they’ve made an error that could put the system at risk.
• Deploy cloud security. Your software vendors should be able to demonstrate the best in cloud security measures and have a track record of excellent response to any risks.
• Adopt AI. While AI can constitute a threat, it can also help protect your systems through facial recognition, automatic threat detection, and natural language processing (NLP).
• Investigate other new security technologies. We now have access to state-of-the-art security measures like biometrics, which includes retinal scanning, voice recognition, face recognition, etc.
• Layer your security. Don’t just use one approach to security. Layer your security strategies, like firewalls, interception software, multifactor authentication, data encryption, etc. Keep all your software up to date, and pay attention to old-fashioned techniques like locking your facilities.
• Partner with technology providers who prioritize security. Don’t settle for less. Find technology partners who make your security their #1 priority.

How Cayuse delivers the best in cybersecurity

At Cayuse, client security is the foundation of its entire platform. According to Cayuse Chief Information Officer John Nord, “Cayuse takes the security of our environment seriously. We know our customers put their trust in us to protect their data, and we do not take that lightly. The team at Cayuse continues to adjust our security program to account for new threats, and we are continually ensuring our compliance with regulations in the regions in which our products are utilized.”

Cayuse deploys a powerful three-step approach to keep clients protected:

• Prevent
• Isolate
• Recover

Cayuse security services include features such as access management, incident response, data protection, security monitoring, and more. Its secure cloud infrastructure is hosted through Amazon Web Services (AWS), which is audited to SSAE 16, SOC 2, and PCIA standards, among others. They are also ISO 27001 certified and comply with HIPAA.

Nord says, “Cayuse has leveraged the power of our AWS investment to integrate continual vulnerability checking across all our regions, which has allowed our team to even further enhance our prevention step and ensure these items are resolved before they require any form of isolation or recovery.”

“Cayuse continues to expand our portfolio of security compliance standards for all our products and is currently going through their SOC 2 Type 2 and ISO 27001 audits, expecting completion by the end of Q1/start of Q2 2023. We will add these to our already impressive list of security compliance standards that we currently hold and are continually looking to meet our customers where they are in the use of our products, as it relates to future security compliance standards.”