As 2023 moves forward into February, cybersecurity continues to top of the list of chief information officer (CIO) concerns. This should come as no surprise. Worldwide, in the first half of 2022, there were 2.8 billion malware attacks and 236.1 million ransomware attacks. It was estimated that 6 billion phishing attacks would be launched by the end of 2022. In a continued effort to curb these attacks, it is worth predicting trends that may come to fruition in 2023 and beyond.
Crime as a Service
The cost of global cybercrime is estimated to reach US$10.5 trillion by 2025. Cybercrime is becoming an incredibly lucrative business for hackers, as it has been reported that cybercriminals stole more than US$3 billion via crypto-based cyberattacks between January 2022 and October 2022. As cybercrime becomes more established as a revenue source for malicious actors, some are pivoting to offer their services to a wider community. Crime as a Service (CaaS) allows malicious cyberactors to offer their hacking services to others for a fee. An example of this occurred in 2022 when a Meta employee was fired for allegedly using her employee privileges to hijack and grant unauthorized access to Facebook profiles, charging her customers thousands of US dollars in Bitcoin to do so.
Attacks on Cloud Security
While cloud-based data storage can be equipped with cybersecurity measures to prevent data breaches, if an enterprise hosts a large amount of valuable customer data, even a partial breach can have far-reaching negative effects. This is because an organization’s cloud storage contains enormous hordes of extraordinarily valuable data, if an attacker gains access to merely a fraction of these data, it can cause significant damage. An example of this was the Revolut data breach in September 2022. Despite Revolut reporting that the breach affected only 0.16% of its customers, this translated to the personal data of more than 50,000 users being accessed. Keeping cloud storage secure requires enterprises to regularly review and improve their security procedures. Though cloud storage programs such as Google Cloud and Microsoft Azure may have strong security measures in place, client mistakes can lead to dangerous malware and online scams, which can result in cloud storage breaches.
Third-Party Access Risk
With the advent of cloud migration, many organizations are incorporating third-party software solutions into their enterprise infrastructures. Many cybersecurity professionals are wary of the risk incurred by this decision, however, with more than one-third (36%) of cybersecurity professionals reporting that supply chain/third-party risk scenarios are top threats to their organization’s cybersecurity.
Lack of Cybersecurity Knowledge
Human error is predicted to remain a major factor of cybersecurity threats in 2023. In 2022, it was discovered that 95% of cybersecurity issues could be traced back to human error. Likewise, almost one third of cybersecurity professionals (30%) said that lack of cybersecurity expertise was the most pressing threat to cybersecurity at their organizations.
Remote Work and Zero Trust
Though remote work is nothing new, it will continue to be a security concern in the coming year. Hackers will become more innovative in their approaches to targeting remote workers. Enterprises are also struggling with ensuring privacy as their teams become more scattered geographically. Remote employment frequently results in an increase in ransomware, phishing and social engineering attacks. To address attacks related to remote workplaces, organizations must adopt zero trust policies, assuming that every device and user is a possible attacker. Zero trust is a relatively new practice, but it is gaining traction as one of the key points of
Supply Chain Vulnerabilities
Supply chain hacks, which include the infamous SolarWinds attack that found its way into several US government agencies and perhaps lesser known exploits involving JS.node vulnerabilities, are especially pernicious because the size of the threat surface is essentially wherever tainted software goes. One step that enterprises can take is to audit the security measures that their suppliers and vendors use to ensure that the end-to-end supply chain is secure.
International State-Sponsored Attackers
Nation-states frequently take part in cyberespionage and sabotage in an attempt to undermine unfriendly or competing governments or to access secrets. Today, however, it is increasingly likely that enterprises and nongovernmental organizations (NGOs) will find themselves targeted by state actors. Since the 2017 WannaCry ransomware attack, believed to have been perpetrated by hackers affiliated with the government of North Korea, there have been hundreds of thousands of attacks on servers all around the world that security agencies believe can be traced to foreign governments.
In 2023, more than 70 countries are holding governmental elections—events that are frequently targets for attack by hostile foreign interests. In addition to hacking and cyberattacks on infrastructure, this is likely to take the form of disinformation campaigns on social media, which often involve seeking to influence election results in favor of political parties whose victories would benefit the government of the hostile state. And cyberwarfare will undoubtedly continue to be a key element in armed conflict, with one analyst saying of the Russia-Ukraine war that “Digital is [as] important [to the] war as the fighting on the ground.”
Arms Race With Artificial Intelligence
Due to the ever-growing availability of artificial intelligence (AI), hackers and criminals are growing increasingly proficient at using it. AI algorithms are used to identify systems with weak security or that are likely to contain valuable data among the millions of computers and networks connected to the Internet. AI can also be used to create large numbers of personalized phishing emails designed to trick receivers into divulging sensitive information and have become increasingly good at evading automated email defense systems designed to filter out this type of mail. AI has even been used to artificially mimic the voices of senior executives in an effort to fraudulently authorize transactions.
Therefore, the use of AI in cybersecurity is sometimes referred to as an arms race because hackers and security agents race to ensure that the newest and most sophisticated algorithms are working on their side rather than for the opposition. It has been predicted that by 2030, the market for AI cybersecurity products will be worth close to US$139 billion, a near tenfold increase compared to the value of the 2021 market.
Conquering New Challenges
Planning for industry trends in the year ahead prepares cyberprofessionals to meet new challenges and conquer ongoing ones. Enterprises stand a better chance of fending off cyberattacks when they are equipped with knowledge and understanding of shifts taking place in the industry.
Hafiz Sheikh Adnan Ahmed, CGEIT, CDPSE, GDPR-Certified Data Protection Officer, ISO MS Lead Auditor, ISO MS Lead Implementer
Is an analytical thinker, writer, certified trainer, global mentor, and advisor in the areas of information and communications technology (ICT) governance, cybersecurity, business continuity and organizational resilience, data privacy and protection, risk management, enterprise excellence and innovation, and digital and strategic transformation. He is a certified data protection officer and was awarded Chief Information Security Officer (CISO) of the Year awards in 2021 and 2022, granted by GCC Security Symposium Middle East and Cyber Sentinels Middle East, respectively. He was also named a 2022 Certified Trainer of the Year by the Professional Evaluation and Certification Board (PECB). He is a public speaker and conducts regular training, workshops, and webinars on the latest trends and technologies in the fields of digital transformation, cybersecurity, and data privacy. He volunteers at the global level of ISACA® in different working groups and forums. He can be contacted through email at hafiz.ahmed@azaanbiservices.com.