The Cybersecurity Challenges Businesses Are Facing in 2023

The challenges faced by cybersecurity teams are constantly changing. Not only are teams having to deal with an increase in ransomware, phishing, and supply-chain attacks, but they are also forced to contend with increasingly complex environments as organizations increase their reliance on hybrid cloud, software supply chain, and SaaS apps.

This environmental complexity overwhelms cybersecurity departments that are already struggling to find the right resources. For some, the current economic crisis has led to minimized budgets and hiring challenges, while others are overburdened with too many vendors, tools, and data sources. As a result, more than half of organizations have suffered a data breach in the past 12 months — and the majority have been asked to keep the data leak under wraps, despite the potential consequences they could face.

Bitdefender surveyed 400 IT and security professionals globally, ranging from IT managers to CISOs, in various industry sectors working in organizations with 1,000+ employees to discover the biggest cybersecurity challenges businesses face in 2023.

Evolving threat landscape

Just as an organization’s infrastructure evolves to meet changing business needs, so do the toolkits employed by hackers to compromise sensitive data. For example, ransomware attackers are adopting a double extortion tactic whereby they steal and exfiltrate data in addition to encrypting it. Similarly, social engineering techniques are evolving to the extent that phishing attacks are becoming more and more convincing.

Unsurprisingly, almost all (99%) of cybersecurity professionals are concerned about these evolving threats. Our survey results show that vulnerabilities and zero-days remain the primary concern among IT teams, closely followed by supply-chain attacks, ransomware, and social engineering attacks. More than 72% of businesses surveyed said their company has seen an increase in the sophistication of phishing attacks.

These concerns are justified, as more than half (52%) of respondents said they experienced a data breach as the result of a cybersecurity incident in the last 12 months. This figure increases to 75% among respondents in the United States with an average total cost of $4.35 million. By comparison, 51% of UK-based respondents said they experienced a data leak in the past year, as did 49% of respondents in Germany, and 42% of respondents in France.

Surprisingly, many impacted organizations say they have been told to keep the data leak confidential despite their obligation to report it. Over 40% of security professionals surveyed said they had been told to keep a breach under wraps, which again increases (to 71%) among US-based respondents. Comparatively, just 15% of respondents in Germany and 27% in France said they had kept a data breach confidential when they knew it should be reported.

Challenges — and how MDR and XDR can help

Security leaders are contending with a growing number of potential threats. Many of whom are also dealing with the fallout of being compromised by attackers and their evolving toolkits.

In many cases, these challenges are exasperated by their current security solutions. More than 40% of surveyed professionals said they could not extend capabilities across multiple environments. Others said they were hampered by complexity, too many alerts, and lacked the security skill set to drive full value. Just 2.6% of respondents experienced no challenges with their current solution, while more than half said their organization had purchased a security tool that didn’t live up to the marketing hype.

Thankfully, most IT leaders (74% of respondents) say that despite the current economic crisis, which has seen widespread layoffs and a slowdown in spending, they plan to increase their security budgets in 2023. This figure increases to more than 78% among US respondents and dips to around 70% among European businesses. Similarly, three-quarters of security leaders on a global scale say they are looking to onboard more security vendors in 2023.

So, what are businesses looking for from a security solution in 2023? Almost all (93%) of respondents said proactive threat hunting was necessary, and an even higher number (99%) said they are currently using an MSP due to the need for 24x7 security coverage, access to security analyst expertise, and, ultimately, peace of mind.

MDR and XDR ensure all of these boxes are checked. Not only do the solutions equip organizations with 24x7 security monitoring, advanced attack prevention, detection, and remediation, plus targeted and risk-based threat hunting by a certified team of security experts, but Bitdefender provides tools that help organizations prepare, protect against and mitigate human-triggered data breaches.

Ultimately, MDR and XDR solutions within the GravityZone Platform will help your cybersecurity team to win against malicious actors in the ever-evolving cyberspace.

The leaders surveyed were also clear that a change of mindset is needed from "cybersecurity is the responsibility of IT" to "cybersecurity is everyone’s responsibility.” Increasing security awareness to cover a wide range of attacks is a must, particularly as the threats that hit the headlines daily often leverage human weakness and overlooked vulnerabilities. Data shows that almost all (95%) of cyber security data breaches are primarily caused by human error, so businesses will only be safe when the human organizational aspect is also defensible.

2023 cybersecurity assessment

The Bitdefender 2023 Cybersecurity Assessment serves as a great reminder of the constant threats that on-premises, cloud and hybrid security environments currently face and will for years to come. Learn what 400 IT and security professionals state are the top cybersecurity challenges, key practices, and concerns that businesses face in today’s environment.

“The findings in this report depict organizations under tremendous pressure to contend with evolving threats such as ransomware, zero-day vulnerabilities and espionage, while struggling with complexities of extending security coverage across environments and an ongoing skills shortage,” said Andrei Florescu, deputy general manager and senior vice president of products at Bitdefender Business Solutions Group.