On a daily basis, every organisation, small or large, profit or non-profit and even governments are relying on IT networks and infrastructure connected to the internet. As a result, over time their attack surface grows, resulting in greater cybersecurity risks.
Combined with an increasingly demanding list of compliance this results in making safeguarding data and cybersecurity overall a primary focus for organisation. Or at least it should, as not every organisation believes they make an attractive target for cyber attacks.
Cyber threats are evolving rapidly and therefore it’s essential for every CISO to stay up to date with the latest trends, technologies and tactics as part of their cyber defence strategy. We have listed the top 7 trends in cyber security for 2023.
Ransomware is here to stay unfortunately. Like in 2022, we expect a further rise in the number of ransomware attacks. According to Cybersecurity Ventures, ransomware is predicted to cost $ 265 billion annually by 2031. In recent years there has also been a rapid increase in the number of ransomware strains; a total of 130 are now known.
Ransomware has now also entered the cloud environments. The favourite choice of attack vectors for ransomcloud attackers are the good old malware and phishing emails targeting cloud-based mail servers like Office 365. A popular method is file piggybacking. The attacker sends a phishing mail with an attachment, which when downloaded initiates the installation of ransomware in the user's system. This ransomware presents itself as a harmless pop-up to the user. When clicked, the ransomware disseminates itself, giving the threat actor access to the network. When the user initiates a file sync interaction with the cloud, the ransomware will 'piggyback' on the file sync service and help the threat actor infiltrate the cloud environment.
Although it’s been mentioned plenty of times before, but the Internet of Things (IoT) will actually find more traction in 2023. This is supported with the wider rollout of 5G networks.
The internet of things, or IoT, is an object that contains software, sensors, and a connection to a network or the internet. As you can imagine this encompasses a huge array of technology at home and the workplace.
Almost everything we can buy in the consumer world has some form of internet connectivity, like your app controlled robot vacuum cleaner, washing machine, lights and doorbell. The connected world is upon us. Security by design for many is severely lacking. Manufacturers are looking to mass produce at the lowest possible cost of sale. As such common hardware and software is likely to be widespread. This is likely to mean that a single vulnerability can impact a wide range of products, including those that are totally unexpected.
How does it affect organisations? In a basic network structure, the attack surface is restricted to the common entry points to enterprise systems, whereas in the case of an IoT network, the attack surface increases, which leads to a higher number of vulnerabilities.
There is an additional strain of IoT, referred to as IoMT (Internet of Medical Things). This consists of devices that can connect with IT systems in healthcare organizations. These can be either sensor-based or remote patient monitoring devices like wearables. The increasing use of these devices among patients opens up a wide-range of vulnerabilities and entry points that criminals can use to gain access to patient data. This makes monitoring these endpoints 24/7 an absolute priority for all healthcare organisations.
Mobile malware cyberattacks have risen by 500% during the first few months of 2022, and Android devices are the more common targets. We expect this trend to continue in 2023. Our phones contain almost all our sensitive, personal data. Our photos, financial transactions, emails, messages and information of our contacts. Malicious apps and websites, mobile ransomware, phishing, Man-in-the-Middle (MitM) attacks, advanced jail breaking and rooting techniques, and device and OS exploits are the major threats concerning mobile devices.
Corporations and other organisations must implement Enterprise mobile security solutions and extensive employee training programs will teach employees device security and aid in staying ahead of attackers.
Within this category, there is also an additional trend emerging. This is cryptojacking, where cyber criminals create malicious apps infected with malware. Apps can be as simple as tax or tip calculators or flashlights. The app roots the phone in the background and installs crypto miner software to create crypto and thus value for the cyber criminals. As a result the infected phone become slower and slower due to the strain on battery and CPU. Victims often don’t even realise their phones are infected, but think their phones require replacement. Although this trend is emerging, it primarily affects older Android phones.
Further development and implementation of AI technology will increase significantly throughout 2023 in the world of cyber security. Unfortunately, it will be implemented on both sides of the fence, or law in this case.
AI is and will be paramount in building automated security systems, natural language processing, face detection, and automatic threat detection. Although, it is also being used to develop smart malware and attacks to bypass the latest security protocols in controlling data. AI enabled threat detection systems can predict new attacks and notify admins for any data breach instantly.
In recent years we have seen an increased number of reports about state sponsored hacking and cyberattacks, allegedly from China, Iran and/or North Korea. The tensions between the East and the West will not ease in 2023, both sides continue their efforts to gain superiority. The Russian invasion of Ukraine helps further increase the expected increase in cyber warfare.
Additionally, globally there will be plenty of democratic elections held in 20223 with the potential of further increased state sponsored cyber warfare. Overall, we expect high-level data breaches, including at top political and industrial level in 2023.
Supply chains have been in the news since the Covid-19 pandemic and it will continue in 2023, however not only for shortages or delays.
The X-Force Threat Intelligence Index 2022 found that at least 62% of organisations worldwide faced a supply chain attack this year. In 2023, we believe this will continue to increase. Large organisations are improving their cybersecurity defence measures and therefore making it harder for cybercriminals to find vulnerabilities to gain access to their IT infrastructure. This is why cyber criminals are focusing on smaller organisations that are part of the supply chain of the large organisations, i.e. through supplying raw materials or finished products and services. Cybercriminals will use the less sophisticated cyber security defence systems of these smaller organisations to gain entry to their IT infrastructure. They’ll then use these breaches as a springboard to attack the large organisations.
Increased compliance and improving cybersecurity measures will become more important for smaller organisations to maintain business with larger organisations in 2023 and beyond.
This may be a more left field trend, but we think believe cybersecurity will become more important for the automotive industry in 2023. Modern vehicles are already packed with lots of automated software, i.e. cruise control, door locking, airbags and other driver assistance systems. Modern vehicles also come with Wifi connectivity and Bluetooth. With more automated vehicles, the automotive industry will face more scrutiny with regards to cybersecurity. We don’t expect large scale hacking of vehicles, but increased compliance to the highest cyber security standards.
Lastly, we do have an honourable mention for people in this list. With the rapidly evolving world of cyber threats and implementation of cybersecurity, people with the right skillsets are becoming scarce. Highly skilled and qualified cybersecurity specialists and developers will be in popular demand. This also fuels the trend of development and implementation of AI in cybersecurity.
Hackurity.io is redefining cybersecurity through our innovative, automated and powerful cybersecurity and attack simulation tools. Taking a unique outside in approach, our solutions are designed to replicate real hacker attacks to find and fix vulnerabilities before hackers can exploit them. Focused on prevention, we reduce the chance of a successful cyber attack on any business by up to 95%
Founded in 2021, hackurity.io has the dream and mission to make being connected to the internet safer for all businesses and ultimately for our next generations. Headquartered in The Netherlands, hackurity.io offers its world class cybersecurity solutions to businesses around the world.