The following eight cyber trends are expected to prevail in 2023, endangering not only the slack incumbents, but everybody else too …
As we approach the end of 2022, it is time to look ahead and think about cybersecurity priorities for the new year. Where should businesses choose to invest their time, resources, and budgets?
Here are some 2023 IT and cybersecurity predictions from all of us at Mimecast:
- Phishing attacks targeting new employees Recent research has shown that an impersonating a colleague via email has the highest chance of success. We are therefore likely to see phishing attacks involving new employees grow as a phenomenon.
- More sophisticated spear phishing Sophisticated attacks such as spear phishing will grow. Most prominently, whaling (CEO or CFO fraud), which is an even more specialized variety of spear phishing that targets a specific user high in an organization’s hierarchy will be on the rise.
- Increase in Malware-as-a-Service adoption Just like cloud services, MaaS will continue to grow as a booming business for cybercrime organizations to make it easy for practically anyone with sufficient malicious intent. MaaS is already available for purchase on the dark web, to empower threat actors to easily target big businesses.
- A pre-Quantum trend: harvest now, decrypt later As quantum computing edges closer to becoming a reality, bad actors are already stealing encrypted information now, even if they cannot crack the data yet. This ‘harvest now, decrypt later’ trend will only make cybercrime even more rampant in 2023.
- Ransomware will get worse because cyber complacency rages on Ransomware attacks are becoming more harmful with each passing year. Cyber insurance will no longer be a guaranteed safety net — preventing an attack altogether is the only safe path. Yet, businesses’ ransomware defenses appear to have remained static, with many firms lacking basic security measures. The end result will be continually accelerating ransomware threats for the rest that have already taken action.
- Deepfake audio sophistication will make any digital voice untrustable Threat actors are using AI voice cloning technology to take social engineering to the next level. We will see an increase in impersonation attacks that utilize audio deepfakes, used in combination with compromised email and collaboration accounts. Also, the use of Large Language Models (LLMs) via AI will let cybercriminals generate sentences similar to how humans speak and write. This will boost the success rate of social engineering scams as it is now assumed that fake personalities can be spotted by their machinistic use of language.
- More insider threats ahead This includes both malicious and unintentional activity by employees. Such threats increase in numbers significantly when staff accounts are not removed quickly following departure from an organization. Cybercriminals may also bribe or coerced existing employees to divulge access details to corporate networks. Such employee fraud can be extremely difficult to detect but the maintenance of normal day-to-day processes and procedures — such as the “CIA (Confidentiality, Integrity and Availability) Triad” — should limit any attack. Other forms of insider threats set to grow in 2023 include compromised internal accounts and/or non-malicious or accidental insiders (e.g., using shadow IT).
- Continued gaps in cybersecurity and data science skills In an already tight labor market, cybersecurity firms are seeking AI/ML experts to design and implement meta-systems that protect against sophisticated multi-stage attacks that 2022 saw plenty of. Yet, the skills gap in cybersecurity, particularly in AI/ML expertise, will probably be felt more acutely in 2023.
High profile data breaches will continue to hit the headlines in the new year. Disruption is today’s villain, and developing cyber resilience strategies will help protect organizations and minimize the impact of successful cyberattacks.