Cybersecurity in 2023

Issue 1 2023 Information Security

Cybersecurity is a problem for everyone, whether you are in IT, security (including physical security), or even a home user. In the article below, Hi-Tech Security Solutions offers two views from industry players on what to look out for in the cyber world in 2023.


Controlling access

By Lee Smyth, Technical Manager, Gallagher Security, South Africa.


Lee Smyth.

The risk of cybercrime continues to be a major challenge. Hackers are increasingly sophisticated, exploiting new technologies. Cybersecurity is arguably the most important way organisations can reduce the risk of unauthorised access to information.

With smartphones, computers, and the internet comprising such a fundamental part of modern life, cybersecurity has never been more important.

Data security includes several cybersecurity practices used to secure your data from misuse, such as encryption and access restrictions – both physical and digital.

Data security has always been important, but with more people working from home the internal network boundary increases, and so too does the security risk. A company’s security is only as strong as the weakest part of its network.

Remote working has widened the net in terms of vulnerabilities across business networks – with more devices being plugged in, employees accessing corporate data, and sensitive information being shared across unstable networks, there are more opportunities for unauthorised access to company data.

Why is data security important?

Organisations across all industries are seeing the very real risks of data security breaches with loss of income, disruption to operational continuity, data exposure, and reputational damage, all too important to ignore. There have been many well-documented examples of cyber breaches over the years. Targets for cybercriminals have included government computer networks and even countries’ health systems – which have seen hospitals and clinics forced to turn away patients after losing access to computers. Another example of a globally orchestrated event was the 2017 WannaCry ransomware cyberattack, which hit more than 200 000 computers in 150 countries, encrypting data and demanding ransom payments in Bitcoin cryptocurrency.

According to a report issued this year by the World Economic Forum, 93% of cybersecurity experts and 86% of business leaders, believe that there is a heightened risk of a ‘catastrophic cyberattack’ and that that threat is due to the geopolitical turbulence in the world. These are prime examples of why data security matters. A cyber breach can have serious ramifications for organisations – both financially and reputationally.

As technology advances, so too does our interconnectivity between devices, networks, and systems. Each new thing connected to your platform or network is a potential vulnerability – your system is only as strong as the weakest device. It is imperative the technology and risk correlate.

It is clear that the IoT now possesses a significant threat. With more and more things connected to the internal network, there are numerous external threats to consider. External threats such as access control systems; building management systems, e.g. lighting and heating control, air conditioning, room booking services, and fire; systems for parking, surveillance, and perimeter; and the list goes on.

Security solutions can offer effective protection against these increasing attacks. These solutions are not restricted only to organisations operating within the information security environment, but are available commercially for any organisation seeking a robust solution that adheres to national standards.

Reduce your cyber risk

A cyber breach of your security system could have far-reaching consequences. There are six critical success factors for high-security solutions.

First, encryption and authentication are key. Potential cybersecurity risks can be reduced through end-to-end encryption and user authentication. End-to-end encryption protects against installer and insider attacks, and encryption and authentication must be built into all aspects of a security system.

Second, government-assured compliance sets the benchmark and ensures products stand up to regional security standards, such as CAPSS (Cyber Assurance of Physical Security Systems) in the UK.

Third, security systems should be simple to operate, while also providing rich and detailed information that allows security officers to effectively handle any security incidents.

Fourth, it is important that your controllers and readers are secure. Controllers and readers should have hardware security modules on board to protect the secret keys for encryption and authentication. All devices should have certificates and serial numbers loaded in the manufacturer’s factory to protect against supply chain and substitution attacks.

Fifth, auditability and easy patching are essential. Eventually, security vulnerabilities will be exposed in every software system as techniques and technologies evolve. It is essential that software and firmware can be updated over the network, quickly and efficiently.

Finally, you need to ensure your system is configured to mitigate security threats. Hardening is the review of every system component looking for possible weaknesses that could enable an attacker.

Gallagher provides hardening guides for its Command Centre, Controller 6000, and Visitor Management Kiosk. These include information on best practice operating system configuration, card technologies, and the impacts of legacy hardware.

At Gallagher, our solutions are designed from inception to be as cyber secure as possible. We continuously evolve our solutions to meet the changing threat at a software and physical level, building in robust cybersecurity at every stage. With a dedicated cybersecurity research team, we regularly carry out internal and external vulnerability testing that provide ongoing protection in an ever-evolving cyber threat landscape.


Focusing on the cybersecurity world

By Monique Hart, Lead Solutions Engineer at VMware.


Monique Hart.

What should we expect from the well-funded and highly skilled cyber-criminal organisations in 2023, who are they targeting, and how do we protect ourselves against these sophisticated attacks?

Whatever industry we operate in, no matter the size of an organisation, we are all running in the same race – the race to ensure that we are at the forefront of operating as efficiently as possible against cyberattacks and potential threats. We are undoubtedly facing an expanded threat landscape with advanced technology and cybercrime, all of which we are exposed to daily due to changing work environments, open working options, and the Internet of Things. The list goes on as we evolve and become more connected.

There is no sign of attackers slowing down in the future. According to cyberattack statistics, “Cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015 at a growth rate of 15% year over year.”

In 2022, 82% of breaches involved the human element, indicating that human error will be at the forefront of exposure to highly skilled cybercrime as cybercriminals start turning to phishing and targeted social engineering to launch their attacks.

High-risk organisations

Healthcare organisations: Due to the large amount of very sensitive patient information they hold, they are a target for cybercriminals, as the data can be used for nefarious activities.

Government/public sector: Many government data breaches are the result of theft for financial gain or espionage. Malicious actors can conduct attacks against government databases to obtain strategic information, such as national security information.

Financial institutions, banks and investment firms: These organisations are another major target for cybercriminals. Organisations such as these hold abundant financial data that can be used to commit either fraud or theft.

Retail businesses: Hold a lot of customer data, such as credit card numbers and contact information. Again, this data can be used for malicious intent, including selling it on the dark web.

Educational institutions: Hold a lot of sensitive data, including student and faculty records, financial information, and research data.

Simplify, secure, and scale

All the information being stored in these different sectors can be very useful to cybercriminals. What becomes important to consider is not just who is targeted, but how? Security is never a single-point solution; various areas in an organisation must be protected, such as the network, endpoints, workloads, devices, data, and applications.

Securing your organisation needs to be a first thought, not an afterthought, which is usually when more significant mistakes get made as not enough time is put into the plan due to panic buying. Educating users is becoming an essential factor in minimising breaches.


Credit(s)





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.