2023 Rewind: The year in cybersecurity

The year 2023 saw three significant events that raised the stakes for cybersecurity professionals.

In July, the U.S. Securities and Exchange Commission adopted new rules that require publicly traded companies to notify regulators within four days of a meaningful system compromise, and to give details about their cybersecurity risk governance in annual public filings. The rules are being phased in from December 2023 to July 2024, but have met with some flak in Congress, where a bill in both chambers seeks to defang the new rules.

The world became transfixed by the potential power of ChatGPT and artificial intelligence, and it wasn’t long before practically anyone could use ChatGPT to write phishing emails and rudimentary malware. By November 2023, it became clear that the best way to fight AI-powered adversaries was to use AI in defense. The White House issued an AI executive order increasing federal oversight of rapidly expanding AI systems and promoting the safety and security of AI development to reduce its risks for consumers and national security. The U.S. and the U.K. also issued joint AI security guidelines that were endorsed by 16 additional countries.

Ransomware set new records for monthly incidents and nearly topped previous yearly payouts. The resurgence was accompanied by a breakdown in international cooperation to fight cybercrime, as tensions rose over the stalled but ongoing Russian invasion of Ukraine and U.S.-China relations deteriorated. In response to these threats, cybersecurity buyers, vendors, influencers and decision makers worked to improve their practices around ransomware prevention, privacy and third-party risk, vulnerability management, cloud security, and identity and access management.

SC Magazine 12/22/2023