Cybersecurity in 2023

Issue 1 2023 Information Security

Cybersecurity is a problem for everyone, whether you are in IT, security (including physical security), or even a home user. In the article below, Hi-Tech Security Solutions offers two views from industry players on what to look out for in the cyber world in 2023.


Controlling access

By Lee Smyth, Technical Manager, Gallagher Security, South Africa.


Lee Smyth.

The risk of cybercrime continues to be a major challenge. Hackers are increasingly sophisticated, exploiting new technologies. Cybersecurity is arguably the most important way organisations can reduce the risk of unauthorised access to information.

With smartphones, computers, and the internet comprising such a fundamental part of modern life, cybersecurity has never been more important.

Data security includes several cybersecurity practices used to secure your data from misuse, such as encryption and access restrictions – both physical and digital.

Data security has always been important, but with more people working from home the internal network boundary increases, and so too does the security risk. A company’s security is only as strong as the weakest part of its network.

Remote working has widened the net in terms of vulnerabilities across business networks – with more devices being plugged in, employees accessing corporate data, and sensitive information being shared across unstable networks, there are more opportunities for unauthorised access to company data.

Why is data security important?

Organisations across all industries are seeing the very real risks of data security breaches with loss of income, disruption to operational continuity, data exposure, and reputational damage, all too important to ignore. There have been many well-documented examples of cyber breaches over the years. Targets for cybercriminals have included government computer networks and even countries’ health systems – which have seen hospitals and clinics forced to turn away patients after losing access to computers. Another example of a globally orchestrated event was the 2017 WannaCry ransomware cyberattack, which hit more than 200 000 computers in 150 countries, encrypting data and demanding ransom payments in Bitcoin cryptocurrency.

According to a report issued this year by the World Economic Forum, 93% of cybersecurity experts and 86% of business leaders, believe that there is a heightened risk of a ‘catastrophic cyberattack’ and that that threat is due to the geopolitical turbulence in the world. These are prime examples of why data security matters. A cyber breach can have serious ramifications for organisations – both financially and reputationally.

As technology advances, so too does our interconnectivity between devices, networks, and systems. Each new thing connected to your platform or network is a potential vulnerability – your system is only as strong as the weakest device. It is imperative the technology and risk correlate.

It is clear that the IoT now possesses a significant threat. With more and more things connected to the internal network, there are numerous external threats to consider. External threats such as access control systems; building management systems, e.g. lighting and heating control, air conditioning, room booking services, and fire; systems for parking, surveillance, and perimeter; and the list goes on.

Security solutions can offer effective protection against these increasing attacks. These solutions are not restricted only to organisations operating within the information security environment, but are available commercially for any organisation seeking a robust solution that adheres to national standards.

Reduce your cyber risk

A cyber breach of your security system could have far-reaching consequences. There are six critical success factors for high-security solutions.

First, encryption and authentication are key. Potential cybersecurity risks can be reduced through end-to-end encryption and user authentication. End-to-end encryption protects against installer and insider attacks, and encryption and authentication must be built into all aspects of a security system.

Second, government-assured compliance sets the benchmark and ensures products stand up to regional security standards, such as CAPSS (Cyber Assurance of Physical Security Systems) in the UK.

Third, security systems should be simple to operate, while also providing rich and detailed information that allows security officers to effectively handle any security incidents.

Fourth, it is important that your controllers and readers are secure. Controllers and readers should have hardware security modules on board to protect the secret keys for encryption and authentication. All devices should have certificates and serial numbers loaded in the manufacturer’s factory to protect against supply chain and substitution attacks.

Fifth, auditability and easy patching are essential. Eventually, security vulnerabilities will be exposed in every software system as techniques and technologies evolve. It is essential that software and firmware can be updated over the network, quickly and efficiently.

Finally, you need to ensure your system is configured to mitigate security threats. Hardening is the review of every system component looking for possible weaknesses that could enable an attacker.

Gallagher provides hardening guides for its Command Centre, Controller 6000, and Visitor Management Kiosk. These include information on best practice operating system configuration, card technologies, and the impacts of legacy hardware.

At Gallagher, our solutions are designed from inception to be as cyber secure as possible. We continuously evolve our solutions to meet the changing threat at a software and physical level, building in robust cybersecurity at every stage. With a dedicated cybersecurity research team, we regularly carry out internal and external vulnerability testing that provide ongoing protection in an ever-evolving cyber threat landscape.


Focusing on the cybersecurity world

By Monique Hart, Lead Solutions Engineer at VMware.


Monique Hart.

What should we expect from the well-funded and highly skilled cyber-criminal organisations in 2023, who are they targeting, and how do we protect ourselves against these sophisticated attacks?

Whatever industry we operate in, no matter the size of an organisation, we are all running in the same race – the race to ensure that we are at the forefront of operating as efficiently as possible against cyberattacks and potential threats. We are undoubtedly facing an expanded threat landscape with advanced technology and cybercrime, all of which we are exposed to daily due to changing work environments, open working options, and the Internet of Things. The list goes on as we evolve and become more connected.

There is no sign of attackers slowing down in the future. According to cyberattack statistics, “Cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015 at a growth rate of 15% year over year.”

In 2022, 82% of breaches involved the human element, indicating that human error will be at the forefront of exposure to highly skilled cybercrime as cybercriminals start turning to phishing and targeted social engineering to launch their attacks.

High-risk organisations

Healthcare organisations: Due to the large amount of very sensitive patient information they hold, they are a target for cybercriminals, as the data can be used for nefarious activities.

Government/public sector: Many government data breaches are the result of theft for financial gain or espionage. Malicious actors can conduct attacks against government databases to obtain strategic information, such as national security information.

Financial institutions, banks and investment firms: These organisations are another major target for cybercriminals. Organisations such as these hold abundant financial data that can be used to commit either fraud or theft.

Retail businesses: Hold a lot of customer data, such as credit card numbers and contact information. Again, this data can be used for malicious intent, including selling it on the dark web.

Educational institutions: Hold a lot of sensitive data, including student and faculty records, financial information, and research data.

Simplify, secure, and scale

All the information being stored in these different sectors can be very useful to cybercriminals. What becomes important to consider is not just who is targeted, but how? Security is never a single-point solution; various areas in an organisation must be protected, such as the network, endpoints, workloads, devices, data, and applications.

Securing your organisation needs to be a first thought, not an afterthought, which is usually when more significant mistakes get made as not enough time is put into the plan due to panic buying. Educating users is becoming an essential factor in minimising breaches.


Credit(s)





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Managed security solutions for organisations of all sizes
Information Security News & Events
Cyber attackers have become significantly more sophisticated and determined, targeting businesses of all sizes. PwC’s Global Digital Trust Insights Survey 2025 Africa and South Africa highlights the urgent need for organisations to implement robust cyber risk mitigation strategies.

Read more...
From the Editor's desk: The good, the bad, and the victims
Technews Publishing News & Events
When the Internet first arrived, everyone was expecting amazing things from it, well, everyone who knew what it was and how it worked. We had the dotcom boom and bust, and it’s fair to say that if we ...

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Identity, Security & Access Alliance focuses on intelligence and integration
SMART Security Solutions Ideco Biometrics BoomGate Systems Bosch Building Technologies Technews Publishing Integrated Solutions Surveillance Access Control & Identity Management
The Identity, Security & Access Alliance (ISAA) hosted several launch events in Johannesburg in August, showcasing the participating companies’ technical solutions with a primary focus on the solutions made possible by integrating high-quality systems to deliver comprehensive solutions.

Read more...
Get the AI fundamentals right
Technews Publishing SMART Security Solutions Leaderware Editor's Choice Surveillance AI & Data Analytics
Much of the marketing for CCTV AI detection implies the client can just drop the AI into their existing systems and operations, and they will be detecting all criminals and be far more efficient when doing it.

Read more...
SMART Surveillance Conference in Johannesburg
Arteco Global Africa Technews Publishing SMART Security Solutions Axis Communications SA neaMetrics Editor's Choice Surveillance Security Services & Risk Management Logistics (Industry) AI & Data Analytics
SMART Security Solutions hosted its annual SMART Surveillance Conference in Johannesburg in July, welcoming several guests, sponsors, and speakers for an informative and enjoyable day examining the evolution of the surveillance market.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...
Secure data protection without hardware lock-in
Infrastructure Information Security News & Events
New Veeam Software Appliance empowers IT teams to achieve instant protection with Veeam’s fully preconfigured, software-only appliance, delivering enterprise-ready simplified deployment and operational efficiency, robust cyber resilience.

Read more...
Check Point launches open, vendor-neutral MDR services
Information Security News & Events Products & Solutions
New Check Point MDR 360° and MXDR 360° offerings deliver 24/7 managed continuous threat monitoring protection across endpoints, cloud and network environments with built-in identity threat detection and 160+ integrations across hybrid, multi-vendor environments.

Read more...
Credential theft surges in South Africa
NEC XON Information Security
NEC XON issues a critical cybersecurity warning about the dual threat of massive credential theft and AI-powered cyberattacks sweeping across the region, with an increasing number of incidents and evolving threat tactics.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.