1. Dangers and Opportunities of AI and Machine Learning

The year 2022 ended with a bang: ChatGPT made a significant impact on how the public perceives AI, its current capabilities, and its potential applications. As OpenAI's servers continue to be overwhelmed by the enormous interest generated, it is important to reflect on its repercussions, both positive and negative, on cybersecurity.

AI can help make cybersecurity measures and tools more effective in recognizing and countering threats, but it also simplifies the lives of criminals. Machine learning platforms like ChatGPT make it easier to craft even more convincing phishing emails or write and refine code for launching new malicious software provided as a service.

OpenAI has created a tool that can assist millions of people, such as small business owners or students, but at the risk of exacerbating already concerning threat levels. Preparing the public to face this new reality will rapidly become an essential aspect of cybersecurity strategies at all levels, for both large corporations and SMEs. Waiting passively is certainly not a solution.

2. Security Awareness for Business Leaders

Cybersecurity is no longer solely the concern of the person in charge of managing the company's IT department. It is a responsibility increasingly shared by employees and their leaders. The recent green light given to the revised Directive on Security of Network and Information Systems (SRI2) formalizes this shift. The directive not only requires essential industries and services (as well as their suppliers, stakeholders, and affiliates) to take measures to strengthen their security but also obligates their business leaders to undergo cybersecurity awareness training.

The leadership will not only need to be trained, but organizations must also be able to demonstrate that they have taken appropriate measures. Whether it's the CEO, CFO, COO, manager, or director, everyone should know what is expected of them. With the SRI2 directive scheduled to take effect from January 2024, there is no time to waste in implementing the appropriate measures and strategies. Waiting would be a losing strategy.

3. Cyber Insurance: Will It Still Be Possible to Insure?

The number of cyber incidents skyrocketed once again in 2022, as did the number of organizations forced to pay a ransom. For some, the impact could be mitigated because they already had "cyber insurance," a specific policy designed to limit some of the effects of a cyber attack.

Given the growing number of organizations falling victim to criminal acts, Gartner predicts that 45% of all companies will experience a cyber hack at some point by 2025. Consequently, experts fear that obtaining cyber insurance may become more difficult, if not entirely impossible, in the coming months or years.

Expectations are that insurance brokers will impose various new requirements on those seeking protection in this manner. Standards will need to be strengthened, people will need to be trained, and results will need to be demonstrated. Security awareness will become a minimum requirement for any organization seeking financial protection through cyber insurance.

4. The Unstoppable Rise of Ransomware

No war is fought solely on the battlefield. Civilian casualties are inevitable, and in today's world, the Internet can serve as a dangerous weapon capable of indiscriminately targeting anyone globally, like a machine gun. Since the start of the war in Ukraine, cyberattacks resulting from initiatives likely carried out by states, not only Russia or Ukraine but also their allies, have multiplied everywhere.

Ransomware represents a very concrete result of this conflict and relentlessly attacks anyone it can infect. While criminals still devote a lot of effort to targeted attacks, such as spear-phishing, there is an undeniable increase in "wide-spectrum" attacks, where hackers cast a wide net and patiently wait for a victim to fall into it. Some of the most notable examples of this approach, particularly targeting hospitals and municipal administrations, made headlines in 2022.

The only way to limit the rise of ransomware is to educate the public. Regardless of the level of your firewalls and other similar technical measures, some threats will inevitably exploit system vulnerabilities. The only way to prevent your employees from falling into the trap is to teach them to be vigilant and to take action when confronted with real threats.