9 cybersecurity trends for 2023

The COVID-19 pandemic has entered its second year. It is no exaggeration to say that COVID-19 has affected all aspects of people's personal and work lives. In terms of enterprise security, the pandemic has also changed many things.

Millions of workers now access corporate networks and cloud-based resources through their home Wi-Fi. IT workers troubleshoot critical systems through remote access. Supply chains are buckling under great pressure, and cyber attackers are wasting no time in exploiting these potential vulnerabilities. 

Unfortunately, it is clear that the scope and level of cyber attacks will continue to increase in 2023. Let’s look at nine trends related to cybersecurity expected in 2023. 




1. Bullish: Ransomware

2. Bullish: Cryptomining/Cryptojacking

3. Bullish: Deepfake

4. Bullish: Video conferencing attacks

5. Weak: VPN

6. Bullish: IoT and OT attacks

7. Bullish: Supply chain attacks

8. Bullish :XDR

9. Bearish: Crypto


Bullish: Ransomware is not going away

Ransomware attacks continue to increase and show no signs of abating. Cybersecurity expert Shira Rubinov said, “Ransomware attacks have increased exponentially and will continue to increase as the pandemic increases online activity and digital environments. With the shift to working from home, companies are quickly strengthening their cybersecurity posture. “Companies now have to deal with employees juggling work and personal activities on multiple devices in an unsafe environment.”

Rubinov advised that companies should focus on implementing cyber hygiene, including training all employees to help prevent phishing attacks, and proactively address data protection and consider implementing a zero trust security model. .

Key figures: According to Gartner's recently published ' Emerging Risks Monitor Report' , the threat of 'new ransomware models' is what business executives are most concerned about. According to the Verizon Data Breach Investigations Report , the frequency of ransomware attacks doubled in 2021. According to IDC's 2021 Ransomware Survey , approximately 37% of global companies responded that they suffered some form of ransomware attack in 2021.

Bullish: Expansion of crypto mining/crypto jacking

Crypto jacking , which is not often visible on the surface, is an attack in which an attacker infiltrates a company through a ransomware-style phishing attack and uses the company's computing resources to mine cryptocurrency. This is advantageous to the attacker in that it can avoid detection for a long period of time. Victim companies do not need to disclose the fact of the hacking because the attackers do not demand ransom or steal data. Damages suffered by companies include loss of computing functions, performance degradation, and increased electricity bills. Therefore, it is difficult to quantify the total cost of damage caused by crypto jacking. However, as cryptocurrency is recognized as having a high value, there is ample reason for attackers to engage in crypto jacking. The attacker's ultimate benefit is the reward for being the first to verify a new transaction block, i.e. cryptocurrency. 


“Crypto jacking may be less noticeable than ransomware, so businesses may not pay attention to it, but it is a serious and growing security threat,” said IDC analyst Frank Dixon. “Because crypto jacking is essentially a backdoor into corporate networks, it can also be sold to attackers looking for other types of attacks, including ransomware.” 


Key figures: Security firm Sonic Wall reported a 21% increase in crypto jacking in the third quarter of 2021. In Europe, it increased by a whopping 461%.

Strong point: Weaponization of deepfakes

Cybersecurity consultant Magda Kelly predicted that deepfakes will continue to be a hot security issue starting this year . Deepfakes have so far been primarily used in the entertainment field, such as in videos where one actor's face is replaced with another. There are even deepfake videos that make it look like a politician said something they didn't actually say.

Kelly predicted that attackers will weaponize deepfake technology as a way to steal other people's faces to breach biometric access controls. AI-based deepfakes can be exploited in many ways, especially in the enterprise sector. There was also an incident where a fraudster used the CEO's voice to trick employees into transferring large sums of money to a fake account. In addition to fraud, deepfakes can also be used to create videos of CEOs or other high-ranking executives engaging in illegal activities and use them for blackmail. 

Key numbers: “Traffic about deepfake attacks has increased 43% since 2019, based on hacker conversations tracked on the dark web,” said Alon Abats, senior director of product management for IntSights at security firm Rapid7. “He said.

Also Read : Cybersecurity tips for small businesses

Strong: Attacks targeting video conferencing software

With the pandemic showing no signs of stopping, many employees continue to work from home and communicate with colleagues through teleconferencing and videoconferencing software . James Globe, vice president of the non-profit Center for Internet Security (CIS), is concerned about cyberattacks targeting such services.  

“To prevent threat actors from infiltrating sessions, eavesdropping on conversations, and peeking into presentations that may contain sensitive information, companies should institute formal corporate policies and procedures that employees must adhere to,” Globe advised. Globe also recommends taking steps such as organizing invitation lists, protecting video meetings with passwords, sending passwords to participants in a separate means from the meeting invitation, having administrators manually allow participants, and locking meetings after they start. 


Key figures: According to Acronis' Cyber ​​Readiness Report , more than 30% of enterprises reported attacks on their video conferencing systems in 2021.


Weak: VPNs fading away

The pandemic has put the spotlight on secure remote access for employees working from home, exposing the shortcomings of traditional VPNs . VPNs are part of an older perimeter security model that isn't very secure, complicated to manage, and doesn't provide a great user experience. “I’m not saying you should ditch VPNs right now, but VPNs are not what businesses want in terms of how they protect their remote workers,” Dixon said. “A zero trust remote access solution is better than a VPN.”

VPNs provide a secure tunnel between remote users and enterprise resources, but VPN technology cannot distinguish between whether a connecting device is infected with malware or using stolen credentials, does not provide application layer security, and does not allow users to connect to the network. After that, role-based access control cannot be provided. Zero Trust solves all of VPN's problems.

Key numbers: Gartner predicts that by 2023, 60% of enterprises will retire remote access VPNs and adopt zero trust network access.

Bullish: Attack on IoT and OT

Kelly predicted that by 2022, IoT and OT infrastructure attacks will increase across a variety of systems, from core infrastructure to traditional manufacturing facilities and smart home networks. If an attacker attacks an industrial sensor and causes physical damage, it could bring an assembly line to a halt or disrupt service. The pandemic has led to an increase in the number of personnel managing systems remotely, which provides a “very good entry point for cybercriminals.”


In particular, Kelly predicted that attackers would also launch ransomware-type attacks that would lock homeowners' smart door locks or smart thermostats. In this scenario, attackers are likely to target smart home solution companies. 


Key figures: According to one experiment that monitored attacks by setting up a home network , there were 12,000 hacking attempts in a week.


Bullish: Supply chain attacks

Supply chain strength is determined by the weakest link. Cyber ​​attackers focus on the weakest link when targeting high-value targets. A representative example of a recent supply chain hacking case is the SolarWinds attack. During the SolarWinds attack, hackers exploited a flaw in SolarWinds network monitoring software to invade hundreds of corporate networks. 


Supply chain attacks are expected to remain strong. Globe advised that third parties, partners, subcontractors, managed service providers, and cloud service providers should be especially careful. Companies should require these companies to demonstrate sound security practices and continually verify that they comply with their security policies. 


Key numbers: According to Forrester, 55% of security professionals report that their organization has experienced an incident or breach involving a supply chain or third-party provider within the past 12 months.

Strong: XDR adoption spreads

Extended detection and response (XDR) is a relatively new approach to threat detection and response that provides cloud-based services that break down security silos and span multiple security-related data streams. XDR leverages cloud-based big data analytics capabilities to interpret data from endpoint protection agents, email security, identity and access management, network management, cloud security, threat intelligence, and threat hunting.

“The focus of XDR is not on a specific product, but on building a platform that integrates multiple security tools to analyze security threats in context,” Dixon said.

Key numbers: According to Gartner, up to 40% of end-user enterprises will be using XDR by the end of 2027.

Weak: ‘Crypto’ loses, ‘Biometric authentication’ rises

Although it has long been said that passwords are a weak form of security, the adoption of alternatives to passwords has been slow. However, thanks to the momentum of companies such as the FIDO Alliance, Microsoft Hello, Apple, and Google, password- less authentication methods based on biometric information (fingerprint or facial recognition) are gaining momentum. 

Dixon recommended that companies 'eliminate passwords wherever possible.' He also explained that solutions that completely eliminate the need for passwords are better than two-factor authentication schemes that rely on passwords as one factor. 

Key numbers: A recent Verizon data breach report found that 80% of data breaches were caused by weak or reused passwords. 

Comments

Post a Comment

Popular posts from this blog

Cybersecurity tips for small businesses

Image
 Do you know the basics to protect your small business from cybercrime ? Read to learn the steps you can take to keep your small business safe in the cyber environment. When it comes to running a small business, cybersecurity solutions are not always the most fun topics to discuss and are often overlooked or forgotten. But in reality, you're only as safe as the weakest link, so making sure you adopt good protection practices to safeguard your business from data breaches, hacks and scams is paramount to maintaining a trouble-free business. Let's use an analogy to review some cybersecurity concepts for small businesses. Think about a traditional business with a physical location. What are the access points to enter the building? You are probably thinking about doors and windows. And you've probably already implemented measures to protect access. You have locks on the doors. You may have an alarm installed and possibly security cameras, motion detectors and lights. The custome...
Read more

7 cybersecurity tips to protect your company

Image
Computer viruses such as  WannaCry , which in 2017 affected companies in more than 100 countries around the world,  have managed to infect the computers and internal networks of SMEs and multinationals. The need for companies to protect themselves against the millions of  malware that are launched annually in the world is increasing. The digitalization of companies, their purchasing and selling services and other internal processes, favors the growth of these attacks. And not only are they increasing in number, they are also becoming more sophisticated. Any protection is insufficient after verifying the capacity of these attacks to completely paralyze the activity of a company, attack its assets or blackmail its leaders and employees. In this article we compile some  aspects that you should take into account when protecting your business  against this type of threats. 7 tips on cybersecurity Update the software : Although it seems like an obvious measure, thes...
Read more

How to defend yourself from a hacker attack

Image
What should you do when you suffer a hacker attack? A guide to the weapons of computer pirates and the possible countermeasures to be implemented. How to defend yourself from a hacker attack We tend to think that hacker attacks are something out of a movie, that at most they concern large companies, or unaware individuals without a certain knowledge of the internet. However, attacking individual users has fallen into disuse, and while it may seem more tempting to attack a large business, it is actually very profitable and popular to attack a small business. The favorite victims of computer hackers are hospitals , schools , financial institutions , but above all SMEs , which often do not have adequate defenses. Types of cyber attacks Hacker attacks are carried out mainly for two objectives: extortion of money , or theft of information . To achieve their goal they use various techniques/tools including: Malicious software , such as malware , of which the most popular is ransomware , whic...
Read more