Cybersecurity 2023: The 7 Most Important Threats to Businesses

Cybersecurity in 2023 is no longer a project to tackle “someday.” Attack surfaces are expanding, attackers are becoming more professional, and regulatory requirements are increasing. Knowing the seven most important threats allows you to set priorities – instead of reacting to everything at once.

TL;DR

Ransomware remains #1: Double-Extortion is standard – data is stolen AND encrypted.
Supply-chain attacks in focus: Attackers target service providers and software supply chains to gain broader access.
AI drives phishing: GPT-generated phishing emails are grammatically correct and harder to spot.
Cloud misconfigurations: Over 80% of cloud security incidents are caused by human configuration errors.
NIS2 comes into force in 2023: The EU directive takes effect – implementation runs until October 2024.

Ransomware: More Expensive, Targeted, and Ruthless

Ransomware attacks have evolved from opportunistic mass strategies to targeted operations. Attackers research their victims, know their insurance policies, and demand accordingly. Double Extortion – stealing data and then encrypting it – is now standard. Triple Extortion is next: DDoS attacks on the victim as a third lever.

Measures: Test offline backups, practice incident response plans, check cyber insurance for exclusions. Paying is no guarantee – but prevention reduces the likelihood.

Supply-Chain Attacks: The Weakest Link is with the Supplier

SolarWinds (2020) and Kaseya (2021) set the pattern – in 2023, attackers continue this path systematically. Those who are not directly attackable are reached through trusted software updates or managed service providers. The problem: Even well-secured companies are affected.

Measures: Demand Software Bill of Materials (SBOM) from critical suppliers, tighten third-party risk management, enforce network segmentation internally as well.

AI-Generated Phishing and Social Engineering

ChatGPT and similar models make it easy to create convincing phishing emails in any language. Classic warning signs – poor grammar, odd phrasing – are a thing of the past. 2023 is the year when phishing detection needs to happen at a different level.

Ditto voice deepfakes: CEO fraud via fake voice messages or calls is becoming technically easier. Some cases from 2022 have shown that employees have little chance without clear verification processes.

Other Threats: Cloud, OT, Zero-Day

Cloud misconfigurations remain the biggest entry point in cloud environments. Open S3 buckets, overly broad IAM roles, and missing encryption affect even experienced teams.

OT/ICS attacks on critical infrastructure are increasing. Energy suppliers, waterworks, and production facilities are increasingly connected – and thus vulnerable. The convergence of IT and OT is an unresolved security problem.

Zero-day exploits remain expensive but a real threat to high-value targets. Patch management processes need to speed up – critical CVEs within 24-48 hours, not within weeks.

Key Facts at a Glance

Global ransomware costs in 2022: ~20 billion USD (Cybersecurity Ventures)

Supply-chain attacks: +40% compared to 2021 (Gartner)

Average dwell time of attackers: 21 days before detection (Mandiant)

Cloud misconfigurations: Cause of 82% of cloud data breaches

NIS2 implementation deadline: October 2024 – start preparation now

Fact: The average dwell time of an attacker in the network is 10 days, according to Mandiant.

Fact: According to the Allianz Risk Barometer 2025, cyberattacks are the biggest business risk worldwide.

Frequently Asked Questions

What is Double Extortion in Ransomware?

Attackers steal data before encrypting it. Then they threaten to publish the data if no ransom is paid – even if a backup is available.

How do you protect against supply-chain attacks?

Third-party risk management, Software Bill of Materials (SBOM), network segmentation, and zero-trust architectures reduce the risk. Absolute security does not exist – but the risk can be managed.

Are AI-generated phishing emails recognizable?

Increasingly difficult. Technical indicators (metadata, sender domains, links) remain relevant. Behavior-based detection on email gateways and security awareness training are more important than ever.

What do companies need to do for NIS2 now?

Check for applicability (sector, size), conduct a gap analysis, prioritize measures. The implementation deadline is October 2024 – 18 months are realistic for full compliance.

What is the most important protection against ransomware?

Offline backups, tested and isolated from the network. Additionally: MFA on all critical systems, network segmentation, and a tested incident response plan.

Further Articles on the Topic

→ NIS2: All details and background information on the new EU Cybersecurity Directive

→ Bitkom: Massive damage from cyberattacks to the German economy