For those in cybersecurity, 2022 was a fantastic year, much like its predecessors. A number of well-publicized data breaches, assaults on crucial infrastructure, and focused cyber warfare raised the stakes in a threat environment that was already complex. And it’s costing organisations dearly.
Despite the fact that there were so many different attack channels last year that over half of CISOs believed they were at risk of a major cyberattack, there was no agreement on which risks were the greatest. Due to this lack of clarity, rising personnel turnover, and hybrid workplaces, two-thirds of respondents reported feeling unprepared to protect against common risks.
CISOs won’t want to feel the same way in 2023. But the coming year could be much more difficult as tensions throughout the world rise and economies struggle. Here are some predictions for the upcoming year to assist in creating an effective cyber defence.
Systemic Risk Will Rise Due to Economic Pressures
There will always be more systemic risk. The danger that a threat to just one element could have catastrophic effects on entire networks and infrastructures increases as ecosystems become more complex. However, a further slump in the economy in 2023 is likely to make things worse.
The employees will experience a significant emotional toll as a result of financial strains, job insecurity, and growing living expenses. People are more likely to get tired, preoccupied, and mistake-prone when they are carrying this kind of weight. Sadly, a lot of these errors, such as erroneous URL clicks and malware downloads, might let in opportunistic threat actors.
Making matters worse, cybercriminals will intensify their social engineering activities in an effort to take advantage of and profit from our people, the weakest link in the cybersecurity chain.
Growing Consequences Due to Evolving Ransomware
Ransomware is by no means a recent addition to the security landscape. Over two-thirds of companies have had at least one attack in the last year, according to the 2022 State of the Phish survey.
However, due to threat actors’ updated strategies for this outdated attack style, it is projected to do even more harm in 2023. Double extortion tactics are being used more frequently by criminal gangs to steal data from victims’ businesses and encrypt information.
With 77% of assaults in the first quarter of 2021 involving attempts to release data, this trend is already developing quickly. However, a complete switch to double extortion techniques is very likely during the course of the following 12 months as threat actors grow bolder and more violent.
The Supply Chain is the Center of Attention
Many in the cybersecurity industry may have been given a wake-up call by SolarWinds and Log4j, but they also acted as a reminder to threat actors of how profitable supply chain hacks can be. Therefore, a lot more should follow in the next year.
Cybercriminals attempting to take advantage of the faith in third parties will find this attack vector all the more alluring as a result of the complexity of supply chains and the reliance on APIs. In reaction, CISOs will thoroughly examine supplier ties, raising the bar on due diligence along the way. Although vitally required, users can anticipate conflict when organisations demand greater resilience and openness.
A Very Real Threat Will Come from Deepfakes
Professionals in cybersecurity have been wary about deepfake technology for some time. However, as massive data and AI generators are becoming more widely available, anyone with a working knowledge of technology can now produce their own.
This may give cybercriminals the power to persuade staff members or other parties to carry out the evil deeds of a deep-fake CEO. Furthermore, unscrupulous actors might use the technology to access high-value accounts using weak biometrics or passwords.
In the long run, it’s not impossible that a CEO, CFO, or other well-known business figure might deliver a deeply false speech that would have an impact on the stock price.
Criminals will attempt to use the MFA’s strength as a weakness
The ongoing cat-and-mouse dance between cybercriminals and cybersecurity experts is exemplified by MFA. Security professionals typically take additional measures in response when threat actors become more adept at compromising credentials. MFA provides a new attack vector, but it unquestionably improves security at the enterprises that use it.
To do this, cybercriminals would use phishing kits more frequently to steal MFA tokens and torment employees with permission demands until they finally succumb to notification fatigue.
Hacking Tools Will Become Even More Popular
On the dark web, ransomware-as-a-service has grown in value. Additionally, as it gains popularity, it gives anyone with no technical knowledge necessary access to the means to launch destructive cyberattacks. Due to this attack vector’s success, it will be duplicated for many more. One may anticipate the availability of off-the-shelf hacking tools for a variety of assaults, including smishing, vishing, and others.
Even though these threats are frequently less sophisticated technically, many will succeed due to the enormous number that can be released with little effort.
Defending Against Imminent Threats
Whatever the selected strategy, forecasted cybercrime activity for 2023 all goes in the same direction: targets will continue to be people as their preferred attack surface and data as their intended reward. The modern threat landscape is quickly changing, with more entry points, greater attack surfaces, and more complex cyberattacks. People, processes, and technology must all be considered for a strong cybersecurity posture, in that order.
