2. Agenda
1. Introductions
2. Top Cyber Trends for 2023
3. Q&A

3. Introduction
Madhu Maganti, CPA, CISA
 20+ years in Cybersecurity/Risk &
Compliance
 Partner in the Risk Advisory practice
within Baker Tilly, an international
CPA and advisory firm.

4. Introduction
Colleen Lennox
 25+ years experience in business
development & recruiting
 Founder of Cyber Job Central, a
recruitment platform for
cybersecurity related jobs

5. Employees continue to pose the greatest threat to cybersecurity
People Remain A Risk
• Phishing attacks continue to be one of the main causes of data breaches.
• Access controls can help reduce this risk, but organizations must continue to invest
in awareness training and building a cybersecurity-oriented culture.

6. New privacy regulations lead to higher burden on organizations
• Several states have already passed their
own set of privacy requirements, with
many more on the way.
• Organizations will need hire dedicated
GRC staff and maintain a compliance
matrix for privacy obligations on a state-
by-state basis.
This includes foreign requirements
such as GDPR, PIPEDA, and more.
Increased Compliance Requirements

7. High level of M&A in the security space
• Security vendors are focusing on refining their own software instead of
developing new features.
New features are added to existing security software through acquisitions.
• This allows organizations to outsource tasks to fewer security vendors and
reduce the burden of IT staff in managing those vendors.
Even when outsourcing security functions, it’s important that an organization still
maintains in-house experienced cybersecurity staff to manage the vendors.
Vendor Consolidation

8. Leaders are expected to place a higher priority on cyber risk
• Despite economic uncertainty, spending
on cybersecurity is still expected to
increase, as funding for other areas may
slow.
Leaders are recognizing the value of
cybersecurity, and prioritizing risk
mitigation efforts.
• Many leaders are seeking budget-
friendly cybersecurity investments to
help reduce risks.
• At the same time, cybercrime is
expected to reach record highs.
Prioritization of Cyber Risk

9. Economic uncertainty results in budget cuts and increased risks
• Although security spending is projected to
increase, leaders may not be comfortable
spending the amount required to mitigate
cybersecurity risks.
• This includes additional experienced security
staff, employee training, advanced
cybersecurity tools, process improvements,
and more.
Budget Constraints

10. • Over the past 2 years, the top 20 cyber
insurers have had record high loss
rates.
• Insurance providers will seek to better
quantify risks using security data and
risk modeling techniques.
• More thorough security assessments
and increased security requirements
will help keep policy holders safe.
Cyber Insurance
Insurance will quantify risks

11. Healthcare providers will remain the highest priority target.
• Medical data remains some of the most
sought-after information on the black
market.
• Use of emerging technologies in the medical
field creates additional vulnerabilities for
healthcare providers.
• Other industries with time-sensitive
operations, sensitive data, financial
information, and poor security will also be
prioritized.
Industry Specific Attacks

12. Many IT teams are struggling to keep everything up-to-date
• Many IT teams either lack the means or the
know-how to keep up with current patches for all
systems used by their organization.
The Ponemon institute found that 64% of
organizations are looking to hire more IT staff for
patch management.
• In the current environment, hiring and retaining
experienced IT staff can be difficult.
• Outdated software can lead to vulnerabilities and
increase the risk of a data breach.
More Software Patches

13. More businesses will adopt zero trust to mitigate risks
• Zero trust means that every stage of a digital interaction will be validated.
This prevents unauthorized users from freely moving around systems, networks,
and applications.
• Organizations are relying on Identity and Access management software and
combining it with other security solutions to manage and monitor access
across all IT systems.
Zero Trust Adoption

14. The government may begin talks on how to protect businesses
• Ransomware and other cyberattacks are a
growing threat for US Businesses.
Payment is often the only way out for an
unprepared organization.
• Though it’s unlikely that the government
will pass any legislation this year, they may
begin discussions on how to protect US
based businesses.
Government Intervention

15. Phishing attacks are being designed with MFA in mind
• New phishing techniques are designed with
MFA in mind – tricking employees into
granting access to the attacker.
• While MFA can make breaching a system more
difficult, it is not a catch-all security measure
that guarantees the prevention of
unauthorized access.
MFA Aware Phishing
Image by storyset on Freepik

16. THANK YOU
Q&A
colleenlennox
madhumaganticpa
madhu.maganti@bakertilly.com
Colleen.Lennox@cyberjobcentral.com

17. Baker Tilly US, LLP, trading as Baker Tilly is a member of the global network of Baker Tilly
International Ltd., the members of which are separate and independent legal entities.
The content in this presentation is a resource for Baker Tilly US, LLP clients and prospective
clients. The information provided here is of a general nature and is not intended to address the
specific circumstances of any individual or entity. In specific circumstances, the services of a
professional should be sought. Tax information, if any, contained in this communication was not
intended or written to be used by any person for the purpose of avoiding penalties, nor should
such information be construed as an opinion upon which any person may rely.
The intended recipients of this communication and any attachments are not subject to any
limitation on the disclosure of the tax treatment or tax structure of any transaction or matter that
is the subject of this communication and any attachments.
© 2023 Baker Tilly US, LLP
Disclosure