Cyber security experts predict which threats will gain traction in 2023, and provide guidance on how to protect yourself.
Seventy-five percent of cyber security experts polled by Cyber Security Hub in the middle of 2022 stated social engineering and phishing constituted the greatest threat to their organizations. A number of companies have fallen victim to phishing assaults after the survey’s close, including Dropbox, Revolut, Twilio, Uber, LastPass, and Marriott International.
Find out which kind of threats companies should be looking out for, and why they should consult individuals who are on the front lines of protecting against and responding to these threats—cyber security experts—for their predictions, in the following article.
Smart devices as a hacking target
The global market for AI-based cybersecurity products is expected to be worth US$133.8bn by 2030, an enormous 798 percent rise from the market’s $14.9bn value in 2021, according to market research and consulting firm Acumen Research and Consulting.
Around one in five (19%) cyber security professionals say their firms are investing in cyber security using AI and automation, according to research by Cyber Security Hub, corroborating this prediction. Cyber-attacks against these digital solutions will increase in frequency and sophistication as the usage of automation and AI grows.
There has been a gradual but steady increase in the number of smart gadgets that use AI and machine learning, from lamps and speakers to refrigerators and automobiles. Given that 75.4 billion IoT-connected gadgets will have been deployed around the world by 2025, it’s not surprising that smart devices will become an increasingly common target of cyber-attacks in the coming year.
Expert Tina Grant of the UK aerospace firm Aerospheres predicts that autonomous devices with multiple attack points, like smart automobiles, would be the primary targets of cyber attacks aimed at smart devices.
Automatic airbags, power steering, motor timing, door locks, and adaptive cruise control aid systems are only some of the automatic features found in modern automobiles, as noted by Grant. Because of their reliance on wireless technologies like Bluetooth and WiFi, these cars are vulnerable to a wide variety of hacking and security attacks.
Since more autonomous cars will be on the road by 2023, more people will likely try to hack them or eavesdrop on their conversations. She says, “The method that automated or self-driving cars use is a lot more complicated, and it requires very strong cybersecurity protections.”
Phishing and social engineering
The Anti-Phishing Working Group, a global coalition and fraud prevention organization, reported 3,394,662 phishing attacks in the first three quarters of 2022 alone. The first quarter of 2017 saw 1,025,968 attacks, the second quarter saw 1,097,811 attacks, and the third quarter saw 1,270,883 attacks, all of which set new quarterly records for the worst quarters ever recorded by APWG.
Brightwell’s general manager of automated prepaid card fraud protection software Arden, Ernie Moran, predicts that phishing assaults will continue to climb in 2023 as more people turn to cybercrime for financial gain.
As he puts it, “the downturn in the economy this year will almost probably lead to an increase in individuals taking higher risks to commit fraud in 2023,” yet many financial organizations are still unprepared to identify and take action against a planned and targeted fraud effort.
Moran says that this will hurt online retailers the most because they are vulnerable to Bank Identifying Number (BIN) attacks. In these attacks, criminals get the first six digits of a credit card through phishing or social engineering and then use software to randomly generate the rest of the numbers. If the details are valid and the cards are active, the bad guys will use e-commerce sites to try them out.
Moran says that there is “no evidence” that the acquiring side of the payments ecosystem will make the necessary changes by 2023 to make it harder for fraudsters to use these flaws.
According to Teri Radichel, CEO of cyber security training and consultancy firm 2nd Sight Lab and author of Cybersecurity for Executives in the Age of Cloud, attacks based on phishing and credentials are here to stay.
To prevent and lessen the impact of such assaults, Radichel advises businesses to “implement a tiered security approach to limit damage if and when attackers compromise credentials” in developing their security strategy and threat defense measures. Radichel says that simple web attacks are being replaced by more complicated ones that use automation and cloud infrastructure.
Crime as-a-service
Statista, a company that keeps track of market and consumer trends, says that by 2025, cybercrime will cost the world $10.5 trillion. According to blockchain intelligence firm Chainalysis, hackers have stolen over $3 billion in crypto-based cyber attacks between January and October of 2022.
As cybercrime is now a reliable way to make money, some bad actors are shifting gears and providing their services to the public for a price. “Crime as a service” is a way for criminals to sell their hacking skills to other people in exchange for money. In 2022, a Meta employee was fired after it was discovered that they had been using company credentials to gain unauthorized access to Facebook pages in exchange for tbitcoins of bitcoin.
According to Adam Levin, a cyber security expert and host of the cybercrime podcast What the Hack with Adam Levin, hacker marketplaces will be the biggest security risk in the next five years. According to Levin, this is because “increasingly sophisticated software built by threat actors” is being sold to criminals via a subscription model and then used to defraud both consumers and corporations. Levin claims that phishing and ransomware make up the bulk of the “crimeware as a service” market.
Using as-a-service software, which “allows anyone, regardless of tech savvy, to execute phishing, ransomware, distributed denial of service, and other cyber assaults,” he says, is extremely risky. Also, he says that “criminal software firms will continue to hurt businesses of any size” in 2023, just like they did in 2022 when they attacked Microsoft, Dropbox, Medibank, Uber, Rockstar Games, and others.
As “they can make more money helping entry-level cyber criminals to conduct crimes than they can directly targeting victims and with less risk,” Levin predicts that the cyber-crime syndicates behind existing “as-a-service” platforms will expand over the next 12 months.
Levin reassures that “frequent cyber security training, penetration testing, the usage of multifactor authentication, and the adoption of zero-trust architecture” can help protect against as-a-service assaults.
Attacks on cloud security
As the number of remote and hybrid work arrangements grows in the global workforce, it’s clear that people need to move to the cloud. According to data compiled by Owl Labs, a provider of video conferencing software, the number of people around the world who opt to work remotely has climbed by 24 percent.
The need for cloud security has grown as more and more businesses move their operations to the cloud. Cyber Security Hub polled cyber security experts and found that 25% of them said their employers were spending more on cloud security.
Abdul Rahim, the CEO of the website Software Test Tips, which gives advice on technology, says that this spending is necessary for the coming year. He says that cloud servers’ primary selling point—that employees may access the company’s files, programs, and other resources from anywhere in the world—is also their primary weakness.
Even though cyber security measures can be added to cloud-based data storage to prevent data breaches, even a partial breach can cause a lot of damage, as Matt Kerr, CEO and founder of the appliance repair website Appliance Geeked, pointed out. Since a company’s cloud storage holds “huge amounts of very valuable data,” an attacker can do a lot of damage to the company even if they only get access to a small amount of this data.
The September 2022 Revolut data leak is an illustration of this trend. In reality, the hack exposed the personal information of more than 50,000 people, despite Revolut’s claim that only 0.16 percent of its clients were compromised.
Tina Grant of Aerospheres says that to keep cloud storage safe, existing security measures need to be constantly looked at and improved. While services like Google Cloud and Microsoft Azure take security seriously, she warns that even if users are careful, they could still fall victim to malicious software or a phishing attempt and experience a breach in their cloud storage.
Third-party access risks
As cloud computing becomes more common, more and more businesses now use software from outside their company as part of their internal infrastructure. More than a third of cyber security professionals (36%) told Cyber Security Hub that supply chain and third-party risks are their top concerns when it comes to the cyber security of their organization. This means that many are aware of the risks that come with this decision.
David Attard, a digital consultant, web designer, and data handler at the web design firm Collectiveray, says that third-party access to data will lead to more data breaches in 2023. He says that the “lack of protection around third-party accesses” in the healthcare, education, and manufacturing sectors will make them especially vulnerable.
Only 39% of businesses in the industrial sector have third-party security in place, and even then, no one in those sectors is in charge of managing third-party risk. He says that the number of cyberattacks will go up if “least privilege access” is not put into place.
In October 2022, it was discovered that Toyota’s source code had been publicly shared on GitHub. After a third-party development contractor made a mistake with company data, the code was available from December 2017 to September 15, 2022. As a result, 296,019 customers’ personal information may have been compromised.
Final thoughts
Even after 2023, it’s clear that phishing risks will still be a big worry for both consumers and businesses. All of the top five phishing threats we’ve talked about so far require you to be aware and on guard at all times. You can make it much less likely that you’ll fall for a phishing scam by staying up-to-date on the latest news in this area and taking precautions to protect yourself and your business, like enforcing strict password rules and holding regular security training sessions. Be wary of responding to emails, texts, or phone calls you didn’t initiate, and never open attachments from unknown senders or download files from unknown sources. You can keep yourself and your data safe in 2023 and beyond by figuring out what hackers will do next.
