Email Security Intelligence - Guardian Digital Perspective on Gartner’s Top Cyber Predictions for 2023

As 2023 begins, the cyber threat landscape has never been more dynamic and dangerous. Over the last year, the average cost of cybercrime for an organization has increased by $1.4 million to $13 million with the average number of data breach rising by 11% to 145, a trend that is expected to be magnified in the New Year.

Amidst the ongoing Russia-Ukraine war and the continuing economic uncertainty, businesses need to be prepared for an increase in both the prevalence and sophistication of cyberattacks, over 90% of which begin with a phishing email. A successful cyberattack or data breach can have severe and lasting consequences for any business, including increased costs, operational disruption, reputational damage and lost revenue.

Recently, Gartner analysts shared their top cybersecurity predictions for 2023. Predictions include the need for adaptable endpoint protection against advanced and emerging threats, an increase in the prevalence and sophistication of human-operated ransomware, and the need for a Zero-Trust strategy for risk management. This article will discuss what you need to know about these predictions, and how to keep your business safe in 2023. 

Gartner’s Cybersecurity Predictions for 2023

Human-Operated Ransomware Will Become a Bigger Threat

The prevalence and impact of ransomware has become clearly apparent in recent years. This dangerous type of malware designed to block access to a computer system until a sum of money in the form of untraceable Bitcoin is paid dominates security news headlines daily, so much so that people have begun to dismiss it as inevitable. 

Gartner predicts that in 2023, “As advanced attacks continue to emerge, human-operated ransomware is becoming an inevitable threat.” and warns, “As these ransomware gangs use increasingly sophisticated techniques, security teams must adapt their protection strategies accordingly.”

According to Gartner, effective defenses against sophisticated ransomware involve multiple detection and prevention controls and a solid backup/recovery process, alongside a program of foundational security techniques and processes. Gartner analysts explain, “No single technique or control is a ‘silver bullet,’ but implementing the right balance of multiple techniques assures a robust endpoint security ecosystem.” Since the vast majority of ransomware is delivered via email, having a proactive, multi-layered email security strategy in place is critical in preventing attacks.

Endpoints Will Need Adaptable Protection Against Advanced & Emerging Threats

It has become clearly apparent that while endpoint security is a valuable component of a defense-in-depth cybersecurity strategy, endpoint protection that works at the client level on devices such as laptops, desktops and mobile devices is limited in its ability to safeguard users and key assets against phishing, ransomware and other dangerous threats, and should be viewed as the last line of defense. Endpoint security solutions fall short in protecting against cyberattacks and data breaches in the following key areas:

• Critical security gaps leave corporate networks, cloud-based services and sensitive data susceptible to attack. Corporate networks are more than endpoints. They also include the cloud, network data and log data, which all must be secured to prevent compromise. 
• There are no preventative safeguards against human error. Endpoint protection takes a non-specific, retrospective approach to addressing email risk, leaving the responsibility of identifying and responding to these threats in the hands of the end-user. 
• Protection is not customized to meet businesses’ unique security needs. The “one-size-fits-all” approach that is characteristic of endpoint protection fails to assess and cater to the varying risks and requirements of each organization. 
• Solutions are complex to manage and difficult to patch, leading to frequent vulnerabilities. Endpoint security solutions are not accompanied by the expert ongoing system monitoring, maintenance and support required to keep solutions updated and key business assets secure. 
• Organizations have limited visibility into their email security. Endpoint protection does not equip organizations with the real-time insights on the daily risks that they face and the security of their email required to make informed, proactive cybersecurity business decisions.  

Watch: Quick Overview of Endpoint Security Limitations

Gartner analysts predict that in 2023, “Endpoints remain a big target for advanced adversaries. Instead of just stealing sensitive information from endpoints, adversaries are now using them as a foothold to launch more commercially attractive attacks, such as ransomware and business email compromise (BEC).” Relying on endpoint security alone to defend against modern cyber threats is not enough to prevent damaging, costly security incidents. Rather, securing email and endpoints in this complex and dynamic threat environment requires additional layers of proactive protection accompanied by expert, ongoing system monitoring, maintenance and support. This protection must be able to anticipate and learn from emerging attacks, and offer the real-time cybersecurity business insights required to improve decision making and policy enforcement. 

Zero Trust Will Play a Critical Role in Risk Management 

Implementing a zero-trust model for cybersecurity is becoming increasingly critical in managing risk and securing email against cyberattacks. Zero-trust security is a policy consisting of zero trust among users, providers, network traffic, and even those inside the network. Zero-trust policies allow you to take a network breach as a given and assume that all activity is malicious while forcing you to ask how to best protect assets and whether the network itself can be trusted. It encourages that organizations should “never trust, always verify,” as users, platform providers, email senders and network traffic should be treated as potential threats. Applying this framework to an email security strategy helps verify sender identity and protect the integrity of sensitive content.

Gartner predicts that “In 2023, enterprises will increasingly use Zero Trust to enhance and risk-optimize the organization’s overall security posture.”

"Adopting a zero-trust framework forces senders to prove they deserve to enter your inbox before they actually do. Adding a filtering solution that is multi-layered and works harmoniously to detect and block threats in real-time is the only way to confirm email can truly be trusted."

- Dave Wreski, CEO, Guardian Digital

Keep Learning

In 2023 and beyond, a robust cybersecurity strategy is critical in protecting your business against attacks leading to compromise. By heeding Gartner’s advice and adopting the best practices discussed in this article, organizations can mitigate risk and foster security and productivity in the New Year.

• Prepare your business for cyberattacks to make sure employees stay safe online.
• Improve your email security posture by following best practices to protect against attacks and breaches.
• Keeping the integrity of your email safe requires securing the cloud with spam filtering and enterprise-grade anti-spam services.
• Learn more about the consequences of modern phishing attacks in our Phishing eBook.