Cybersecurity in 2023

Issue 1 2023 Information Security

Cybersecurity is a problem for everyone, whether you are in IT, security (including physical security), or even a home user. In the article below, Hi-Tech Security Solutions offers two views from industry players on what to look out for in the cyber world in 2023.


Controlling access

By Lee Smyth, Technical Manager, Gallagher Security, South Africa.


Lee Smyth.

The risk of cybercrime continues to be a major challenge. Hackers are increasingly sophisticated, exploiting new technologies. Cybersecurity is arguably the most important way organisations can reduce the risk of unauthorised access to information.

With smartphones, computers, and the internet comprising such a fundamental part of modern life, cybersecurity has never been more important.

Data security includes several cybersecurity practices used to secure your data from misuse, such as encryption and access restrictions – both physical and digital.

Data security has always been important, but with more people working from home the internal network boundary increases, and so too does the security risk. A company’s security is only as strong as the weakest part of its network.

Remote working has widened the net in terms of vulnerabilities across business networks – with more devices being plugged in, employees accessing corporate data, and sensitive information being shared across unstable networks, there are more opportunities for unauthorised access to company data.

Why is data security important?

Organisations across all industries are seeing the very real risks of data security breaches with loss of income, disruption to operational continuity, data exposure, and reputational damage, all too important to ignore. There have been many well-documented examples of cyber breaches over the years. Targets for cybercriminals have included government computer networks and even countries’ health systems – which have seen hospitals and clinics forced to turn away patients after losing access to computers. Another example of a globally orchestrated event was the 2017 WannaCry ransomware cyberattack, which hit more than 200 000 computers in 150 countries, encrypting data and demanding ransom payments in Bitcoin cryptocurrency.

According to a report issued this year by the World Economic Forum, 93% of cybersecurity experts and 86% of business leaders, believe that there is a heightened risk of a ‘catastrophic cyberattack’ and that that threat is due to the geopolitical turbulence in the world. These are prime examples of why data security matters. A cyber breach can have serious ramifications for organisations – both financially and reputationally.

As technology advances, so too does our interconnectivity between devices, networks, and systems. Each new thing connected to your platform or network is a potential vulnerability – your system is only as strong as the weakest device. It is imperative the technology and risk correlate.

It is clear that the IoT now possesses a significant threat. With more and more things connected to the internal network, there are numerous external threats to consider. External threats such as access control systems; building management systems, e.g. lighting and heating control, air conditioning, room booking services, and fire; systems for parking, surveillance, and perimeter; and the list goes on.

Security solutions can offer effective protection against these increasing attacks. These solutions are not restricted only to organisations operating within the information security environment, but are available commercially for any organisation seeking a robust solution that adheres to national standards.

Reduce your cyber risk

A cyber breach of your security system could have far-reaching consequences. There are six critical success factors for high-security solutions.

First, encryption and authentication are key. Potential cybersecurity risks can be reduced through end-to-end encryption and user authentication. End-to-end encryption protects against installer and insider attacks, and encryption and authentication must be built into all aspects of a security system.

Second, government-assured compliance sets the benchmark and ensures products stand up to regional security standards, such as CAPSS (Cyber Assurance of Physical Security Systems) in the UK.

Third, security systems should be simple to operate, while also providing rich and detailed information that allows security officers to effectively handle any security incidents.

Fourth, it is important that your controllers and readers are secure. Controllers and readers should have hardware security modules on board to protect the secret keys for encryption and authentication. All devices should have certificates and serial numbers loaded in the manufacturer’s factory to protect against supply chain and substitution attacks.

Fifth, auditability and easy patching are essential. Eventually, security vulnerabilities will be exposed in every software system as techniques and technologies evolve. It is essential that software and firmware can be updated over the network, quickly and efficiently.

Finally, you need to ensure your system is configured to mitigate security threats. Hardening is the review of every system component looking for possible weaknesses that could enable an attacker.

Gallagher provides hardening guides for its Command Centre, Controller 6000, and Visitor Management Kiosk. These include information on best practice operating system configuration, card technologies, and the impacts of legacy hardware.

At Gallagher, our solutions are designed from inception to be as cyber secure as possible. We continuously evolve our solutions to meet the changing threat at a software and physical level, building in robust cybersecurity at every stage. With a dedicated cybersecurity research team, we regularly carry out internal and external vulnerability testing that provide ongoing protection in an ever-evolving cyber threat landscape.


Focusing on the cybersecurity world

By Monique Hart, Lead Solutions Engineer at VMware.


Monique Hart.

What should we expect from the well-funded and highly skilled cyber-criminal organisations in 2023, who are they targeting, and how do we protect ourselves against these sophisticated attacks?

Whatever industry we operate in, no matter the size of an organisation, we are all running in the same race – the race to ensure that we are at the forefront of operating as efficiently as possible against cyberattacks and potential threats. We are undoubtedly facing an expanded threat landscape with advanced technology and cybercrime, all of which we are exposed to daily due to changing work environments, open working options, and the Internet of Things. The list goes on as we evolve and become more connected.

There is no sign of attackers slowing down in the future. According to cyberattack statistics, “Cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015 at a growth rate of 15% year over year.”

In 2022, 82% of breaches involved the human element, indicating that human error will be at the forefront of exposure to highly skilled cybercrime as cybercriminals start turning to phishing and targeted social engineering to launch their attacks.

High-risk organisations

Healthcare organisations: Due to the large amount of very sensitive patient information they hold, they are a target for cybercriminals, as the data can be used for nefarious activities.

Government/public sector: Many government data breaches are the result of theft for financial gain or espionage. Malicious actors can conduct attacks against government databases to obtain strategic information, such as national security information.

Financial institutions, banks and investment firms: These organisations are another major target for cybercriminals. Organisations such as these hold abundant financial data that can be used to commit either fraud or theft.

Retail businesses: Hold a lot of customer data, such as credit card numbers and contact information. Again, this data can be used for malicious intent, including selling it on the dark web.

Educational institutions: Hold a lot of sensitive data, including student and faculty records, financial information, and research data.

Simplify, secure, and scale

All the information being stored in these different sectors can be very useful to cybercriminals. What becomes important to consider is not just who is targeted, but how? Security is never a single-point solution; various areas in an organisation must be protected, such as the network, endpoints, workloads, devices, data, and applications.

Securing your organisation needs to be a first thought, not an afterthought, which is usually when more significant mistakes get made as not enough time is put into the plan due to panic buying. Educating users is becoming an essential factor in minimising breaches.


Credit(s)





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
The rise of AI-powered cybercrime and defence
Information Security News & Events AI & Data Analytics
Check Point Software Technologies launched its inaugural AI Security Report, offering an in-depth exploration of how cybercriminals are weaponising artificial intelligence (AI), alongside strategic insights defenders need to stay ahead.

Read more...
The deepfake crisis is here and now
Information Security Training & Education
Deepfakes are a growing cybersecurity threat that blur the line between reality and fiction. These AI-generated synthetic media have evolved from technological curiosities to sophisticated weapons of digital deception, costing companies upwards of $600 000 each.

Read more...
From the editor's desk: We’ve only just begun
Technews Publishing News & Events
The surveillance market has expanded far beyond the analogue days of just recording and/or monitoring screens. The capabilities of surveillance technology today extend to black screen monitoring with ...

Read more...
The future of the surveillance channel
Duxbury Networking Technews Publishing Elvey Security Technologies SMART Security Solutions Surveillance
The video surveillance market has evolved from camera-based specifications to integrated solutions that solve customers’ problems. Moreover, the growth of AI and cloud has changed the channel even more, with more to come.

Read more...
AI means proactive surveillance
DeepAlert Technews Publishing SMART Security Solutions AI & Data Analytics Surveillance
SMART Security Solutionsasked DeepAlert for some insight into how AI is transforming video surveillance, even to the extent of it being taught to protect the privacy of those in the cameras’ view.

Read more...
The state of the VMS market
Arteco Global Africa Milestone Systems Cathexis Technologies Technews Publishing Surveillance
SMART Security Solutions asked three platform vendors in South Africa, one that is developed and maintained in the country with an international market, for their views on the state of the VMS market and where it is headed.

Read more...
Dahua Summit 2025
Dahua Technology South Africa Technews Publishing SMART Security Solutions Products & Solutions
Dahua Technology South Africa held its annual summit in Johannesburg in early April. The summit focused on highlighting the company’s range of new products and solutions and recognising its regional partners.

Read more...
What does Agentic AI mean for cybersecurity?
Information Security AI & Data Analytics
AI agents will change how we work by scheduling meetings on our behalf and even managing supply chain items. However, without adequate protection, they become soft targets for criminals.

Read more...
Phishing attacks through SVG image files
Kaspersky News & Events Information Security
Kaspersky has detected a new trend: attackers are distributing phishing emails to individual and corporate users with attachments in SVG (Scalable Vector Graphics) files, a format commonly used for storing images.

Read more...