(By Elizabeth Tuico) Data security challenges will continue to plague enterprise and government entities in 2023. Some industries like healthcare and banking must adhere to a high level of data security to comply with regulatory requirements. Even if your organization is not subject to a regulation or compliance standard, the survival of a modern business depends on data security, which impacts both an organization’s key assets and private customer data.

Below are data security trends to look out for in 2023:

More Complicated Liability Issues

Fallout from data breaches will influence employment laws. One example is a 2016 data breach at Uber which involved the data of 57 million passengers and drivers.

Uber did not disclose the incident for a year. A jury convicted Joseph Sullivan, Uber’s former Chief Information Security Officer, on two counts: obstruction of justice and deliberate concealment of felony. “Sullivan affirmatively worked to hide the data breach from the Federal Trade Commission and took steps to prevent the hackers from being caught,” said Stephanie Hinds, U.S. Attorney for the Northern District of California.

2023 will see questions of personal liability and accountability for data breaches come into focus as well as the means by which employees protect themselves. Experts predict a shift in employment laws to address this emerging issue.

IoT and OT Vulnerabilities

Cyber criminals will continue to exploit vulnerabilities in IoT devices and Operational Technology (OT) that are often overlooked. OT systems are almost always network-based and regularly accessed remotely by contractors, facilities management staff and technicians. Attackers can easily find their way into OT environments through connected IoT devices and converging networks. IT departments must remember to safeguard these important systems.

High Cost of Cybersecurity Insurance

Cyber insurance protects organizations against a variety of information security risks like ransomware and data breaches. Most of the time, this coverage is not included with traditional commercial general liability policies. Given the high rate of cyberattacks, many organizations could benefit from these policies. However, the cost of insurance is rising.

Cyber insurance premiums increased by an average of 28% in the first quarter of 2022 compared with the fourth quarter of 2021, according to the Council of Insurance Agents & Brokers, an association for commercial insurance and employee benefits intermediaries.

Insurers are increasingly implementing stricter underwriting requirements. For example, cyber security protocols such as multi-factor authentication and a cyber-resilience recovery plan. Cyber insurance could become mandatory in the future, and while this prerequisite could adversely affect small businesses since the costs are so high, the consequences of not recovering from a breach are far more severe.

More Credential Stealing

According to IBM’s Chief Architect of the Security X-Force, hackers will continue to find ways to steal credentials and publish passwords on the dark web. Expect attacks against legacy second-factor authentication (like SMS) to escalate in addition to push-based, multi-factor authentication solutions. To mitigate this risk, IT staff should encourage password managers apps, passwordless authentication and hardware identity tokens (which are physical devices used for strong authentication into a system).

Conclusion

The bottom line is that organizations must continue to prioritize data security to reduce the risk of business disruption and reputational loss from major breaches, and at the same time implement strong and regularly tested cyber-resiliency programs if a breach does occur.

Elizabeth Tuico owns Rebel Road Creative. She helps tech clients boost revenue with quality content. Do you need a writer? Get in touch.