Top security threats organizations need to watch out for
The pandemic made us realize that we cannot undervalue the unpredictable and transformative nature of the rapid changes in digital initiatives that forced organizations to control and manage disruptions to their businesses. Nearly every industry is now affected by the issue of cybersecurity, from SMEs to numerous organizations in charge of managing critical infrastructure. Cybercrime is a growth industry that cost the internet an estimated $6.9 billion last year and will continue to expand and diversify. Here are the key trends I expect in 2023.
Threat actors target trusted employees increasing insider risk
Insider risks will rise as attackers try to extort and compel otherwise reliable insiders into doing bad things. In the meantime, attacks on federated identity and authentication manufacturers will intensify to hit additional software-as-a-service (SaaS) providers. Targeted phishing or whaling attacks are also expected to increase significantly in the coming years, where senior executives are more often targeted for getting sensitive company information through legitimate emails.
Cybersecurity risks soar with economic issues
Last year, we witnessed various cybersecurity developments, ranging from cyberattacks on Ukraine and Costa Rica, to alerts about state-sponsored threat actors endangering critical industries. The tech sector took a sharp blow from the looming recession, which will continue this year, increasing the risk of security breaches as the cybersecurity sector is not immune to these changes.
Increased risks for critical infrastructure
Critical infrastructure industries like manufacturing, healthcare, education, and energy, to name a few, will be among the sectors under high attack in 2023. The most vulnerable sectors are healthcare and education, where the latter saw a 38% increase in ransomware attacks last year. And as both of these sectors are expanding their IoT footprints, this has made them more susceptible to digital attacks.
Maximizing efforts by cybercriminals for continued ransomware
Ransomware has roughly extorted $100mn from companies since June 2021. It is a growing threat through double extortion tactics, ransomware as a service, and massive DDOS attacks, forcing governments and companies to work together to eliminate ransomware forever. Experts believe one way to eradicate ransomware and ensure a robust framework for cyber security solutions is to stop paying for any such malicious activity entirely.
New threats coming up with the metaverse
As much as the hype has been surrounding Metaverse lately, attracting significant collaboration from well-known brands, the technology does not stand immune from cyber criminals who will try to steal and extract sensitive information as it opens opportunities for gaming, commerce, and social interaction. Extortionists and cybercriminals can follow a Metaverse exchange recorded on the blockchain, which could result in a very sophisticated and specific scam effort.
AI gives an edge to both attackers and defenders
With AI making it much easier to analyze data from multiple endpoints, it also shows capabilities that could bring benefits and risks to various industries. AI and machine learning will strengthen social engineering-based attacks because it is simpler and faster to collect sensitive data on businesses and employees implementing these capabilities.
Attackers are leveraging these technologies for social engineering attacks and impersonation, referred to as ‘deep fakes.' They use them to create fake images and videos of real people to infiltrate organizations that can be "difficult to prevent." Biometric authentication methods can prove less useful in security, with deep fakes becoming more sophisticated.
Supply chain attacks on the rise
Supply chain attacks now pose a "massive risk" for companies doing external business, as attackers are more than swift to pick up on flaws and exploit them to their advantage. Once a vulnerability is exposed, it is just a matter of minutes for attackers to exploit it. With the evolving landscape, defenders in 2023 will have to position themselves ahead in cyber resilience and prepare for future risks to build strong cyber security solutions.
Multi-factor authentication (MFA) needs an upgrade
MFA has developed as a protective layer of cybersecurity solutions, but criminals have found ways to undermine it by taking advantage of systemic and human flaws.
Firms that have regular security awareness training have developed a positive security culture.
Attack risk is decreased through a robust security culture, and personnel are operationalized as the last line of defence. Many tech CEOs (87%) think robust security cultures are just as crucial as technical measures.
Priya Kanduri
Priya Kanduri is the Senior Vice President and Chief Technology Officer at IMSS.