• Courses
    • Oracle
    • Red Hat
    • IBM
    • ITIL
    • PRINCE2
    • Six Sigma
    • Microsoft
    • TOGAF
    • Agile
    • Linux
    • All Brands
  • Services
    • Vendor Managed Learning
    • Onsite Training
    • Training Subscription
  • Managed Learning
  • About Us
    • Contact Us
    • Our Team
    • FAQ
  • Enquire

OUR BLOG


Forecasting 2023: Three Major Predictions in the Year of Risk

Posted by Marbenz Antonio on February 22, 2023

Top 5 Cybersecurity Predictions for 2023

As 2023 draws near, it’s only natural to reflect on the most significant security events of the current year and speculate on their potential impact in the coming year. The past two years have demonstrated that despite the advancements in data gathering, automated compliance operations, and SaaS technology, our world remains complicated and unpredictable.

Risk modeling professionals and analytics experts understand that we cannot accurately predict or completely control the world, but it’s crucial to prepare for the potential threats and opportunities that the upcoming year may bring. Below are three crucial risk management forecasts for 2023 that will significantly impact the risk management sector.

1. Internal assessments will become more important as security breaches hit the news

In 2022, cybersecurity breaches have been a widely discussed subject, with numerous notable instances gaining national attention. One such instance involves Joe Sullivan, who was in charge of security at Uber and was recently convicted of intentionally concealing a breach of customer and driver data from government regulators.

More specifically, Uber’s bug bounty program is currently facing criticism, and regulators are closely scrutinizing the ride-sharing behemoth’s practice of compensating “white hat” researchers up to $10,000 for identifying security flaws. This case has already triggered a transformation in how security experts approach data breaches, and its far-reaching impact is expected to extend into 2023.

Another recent incident that garnered attention was the FTC’s move to take action against Drizly, a company, and its CEO, Cory Rellas, for cybersecurity breaches that impacted more than 2.5 million customers. Noteworthy is that the FTC specifically singled out and penalized Rellas – a departure from their typical approach. This change in approach could signify a broader shift toward stricter enforcement by the FTC, particularly for entities that lack sufficient measures to secure and manage consumer data.

Lastly, Twitter came under scrutiny when Peiter “Mudge” Zatko, a former head of security and whistleblower, filed an 84-page complaint against the social media company. The complaint contained allegations of a wide range of cybersecurity deficiencies, including:

  • Poor access controls left the company in violation of a consent decree with regulators
  • Ill-defined roles and responsibilities for cybersecurity
  • An inability to segregate different types of data

To say the least, these accusations were not received well, particularly given Twitter’s recent challenges since Elon Musk’s acquisition of the company in October 2022. The company’s Chief Privacy Officer, CISO, and Chief Compliance Officer have all left their positions, and the FTC is closely monitoring the tech giant. As a result of the turmoil, numerous individuals are now resigning from Twitter en masse.

A key takeaway from these incidents is the significance of conducting thorough internal assessments, as they are essential in identifying vulnerabilities in your security program and ensuring their remediation. In light of these major news stories and their real-time consequences, we anticipate a substantial surge in internal investigations with adversarial discovery in 2023. The ongoing turmoil at tech giants such as Twitter and Uber has led to significant layoffs, underscoring the profound business ramifications of cybersecurity breaches, particularly during times of economic instability.

2. Cryptocurrency regulation will quickly evolve

In light of FTX’s recent downfall and the resulting economic turmoil, cryptocurrency has become a prevalent topic, even for those with minimal knowledge of the subject. Retail investors are now hastily withdrawing their investments after the once-revered cryptocurrency company, which had an initial value of $32 billion, experienced a sudden and dramatic decline in value, causing substantial losses and ripple effects throughout the market.

John J. Ray, FTX’s newly appointed CEO following the departure of founder and CEO Sam Bankman-Fried, claims that the company attempted to conceal the misappropriation of customer funds. Ray, who has previously led the cleanup efforts at Enron, conducted an evaluation of FTX’s management practices and identified deficiencies in areas such as record-keeping, system integrity, regulatory compliance, and the experience levels of senior management.

John J. Ray, FTX’s newly appointed CEO following the departure of founder and CEO Sam Bankman-Fried, claims that the company attempted to conceal the misappropriation of customer funds. Ray, who has previously led the cleanup efforts at Enron, conducted an evaluation of FTX’s management practices and identified deficiencies in areas such as record-keeping, system integrity, regulatory compliance, and the experience levels of senior management.

As if the existing security and compliance concerns were not enough to raise alarms for professionals and regulatory bodies, FTX’s problems were compounded when, just hours after filing for bankruptcy, the company reported “unauthorized transactions,” leading external analysts to suspect that the company had lost approximately $477 million in a possible hacking incident.

What are the implications of FTX’s collapse for security, compliance, and risk professionals? For starters, FTX customers may not be able to recover their assets, which could result in legal action. This type of legal battle could prompt regulatory bodies to reconsider how they monitor cryptocurrency. For example, the U.S. Securities and Exchange Commission (SEC) may view FTX’s collapse as justification for increased regulations on digital tokens and exchanges, and Congress may be more likely to pass new regulatory laws as a result.

The cryptocurrency market’s volatility and its emergence as a new frontier of economic trade have exposed regulatory and security gaps that governing bodies are still grappling with, and we anticipate the emergence of new discussions and a surge in crypto regulation in 2023.

3. SMBs will have to increase security control monitoring to avoid cyber attacks

Smaller businesses are at a higher risk of being targeted by cyberattacks, but what makes them more vulnerable? In short, they lack the financial resources to effectively counter ransomware attacks, which is why they are attractive targets for malicious actors. For instance, multi-factor authentication has gone from being optional to being essential in the past couple of years due to the pandemic, which has caused an increase in remote work and more precarious security settings.

The implementation of additional security controls requires additional maintenance processes, which results in more manual work for IT security professionals. For instance, small and medium-sized businesses (SMBs) must convert GDPR compliance requirements into actionable breach notification controls or rapidly locate CIS Control Group 3 to assist with data disposal.

To prepare for applications and renewals of their cyber insurance policies, professionals in IT, security, and risk management will need to improve their evidence collection and organization. They may also want to consider using a tool that links risks to controls, helping them determine the amount of coverage they require.

Prepare for 2023 and beyond

As we navigate the uncertain road ahead, one thing is clear: automating manual processes for risk management and compliance operations will be crucial for adapting to the changes ahead. The upcoming year will bring more cybersecurity audits, new crypto regulations, and greater control management, leading to heavier workloads for IT security professionals.

Organizations seeking to integrate risk management and compliance operations can prepare for the anticipated changes by exploring new tools that can simplify workflows. Adopting the right tools that enable evidence, control, and risk management in a single platform can help security and compliance teams concentrate on adapting to upcoming regulatory changes and ensuring the safety and security of the organization.

 


Here at CourseMonster, we know how hard it may be to find the right time and funds for training. We provide effective training programs that enable you to select the training option that best meets the demands of your company.

For more information, please get in touch with one of our course advisers today or contact us at training@coursemonster.com

Archives

  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • March 2020
  • December 1969

Categories

  • Agile
  • APMG
  • Business
  • Change Management
  • Cisco
  • Citrix
  • Cloud Software
  • Collaborizza
  • Cybersecurity
  • Development
  • DevOps
  • Generic
  • IBM
  • ITIL 4
  • JavaScript
  • Lean Six Sigma
    • Lean
  • Linux
  • Marketing
  • Microsoft
  • Online Training
  • Oracle
  • Partnerships
  • Phyton
  • PRINCE2
  • Professional IT Development
  • Project Management
  • Red Hat
  • SAFe
  • Salesforce
  • SAP
  • Scrum
  • Selenium
  • SIP
  • Six Sigma
  • Tableau
  • Technology
  • TOGAF
  • Training Programmes
  • Uncategorized
  • VMware
  • Zero Trust

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

home courses services managed learning about us enquire corporate responsibility privacy disclaimer

Our Clients

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.

Client Logo
Client Logo
Client Logo
Client Logo
Client Logo
Client Logo
Client Logo
Client Logo
  • Level 14, 380 St Kilda Road, St Kilda, Melbourne, Victoria Australia 3004
  • Level 4, 45 Queen Street, Auckland, 1010, New Zealand
  • International House. 142 Cromwell Road, London SW7 4EF. United Kingdom
  • Rooms 1318-20 Hollywood Plaza. 610 Nathan Road. Mongkok Kowloon, Hong Kong
  • © 2020 CourseMonster®
Log In Register Reset your possword
Lost Password?
Already have an account? Log In
Please enter your username or email address. You will receive a link to create a new password via email.
If you do not receive this email, please check your spam folder or contact us for assistance.