Irena Yordanova, <\/strong>Product Manager Software, Polycomp Ltd.<\/em><\/p>\nWe expect cyberthreats to rise in 2023, as unrest in the world contributes to an increase in cybercrimes. Malware attacks like ransomware will happen to businesses more frequently. And IT teams should be prepared to deal with evolving threats posed by emerging technologies which are becoming widespread, such as geo-targeted phishing or attacks related to Cloud Security, IOT and AI. Most probably more attacks on the education and healthcare sectors will occur plus targeted campaigns against industry leaders \u2013 especially those that hold critical information: sensitive data, top expertise, and latest technologies. Given that, employees should be educated and equipped to fight these mature attacks; and their companies can contribute by having experienced outside security partners to support them on this issue. End-users can prepare themselves with an easy-to-use security solution for upcoming challenges, whether it’s phishing attacks or threats related to multiple layers of security.<\/p>\n
What cybersecurity challenges will industries face next year?<\/h2>\n
Vladimir Dashchenko,<\/strong> Security Evangelist, Kaspersky<\/em><\/p>\nThreat modeling approaches will be changed in 2023. Internet ‘balkanization’, ongoing military conflicts, changes, and tensions in existing political groups of countries are influencing cyberspace and cybercrime. We will see an increasing number of cybercriminals taking political sides and breaking the law with political statements<\/strong>. Also, script-kiddies (low skilled hackers) will be joining groups of cybercriminals led by more skilled perpetrators, or state sponsored hackers more often.<\/p>\nThe major challenge for cybersecurity itself will be a lack of transparency and information sharing between companies<\/strong>. It will be extremely difficult to follow the ‘business as usual’ concept and remain neutral. Global political conglomerates will unfortunately influence cyberspace and cybersecurity.<\/p>\nArthur Laudrain, <\/strong>Strategic Analyst (Cyber Program), The Hague Centre for Strategic Studies<\/em><\/p>\nNext year should see a continuation of existing trends. In particular, governments, critical infrastructure operators, and businesses with a large international footprint will face the continued challenge of ensuring the safety and integrity of their supply-chains, both in terms of software and hardware. Often, this will require closer integration with their contractors and suppliers, none the least to comply with new regulatory obligations in the U.S. and the E.U.<\/p>\n
James Range<\/strong>, President of White Rock Security Group<\/em><\/p>\nGiven the continued surge of ransomware attacks, which soared 288% in the first half of 2022 alone, the need for cyber insurance will be a bigger priority, especially in the SMB market. Although many industry experts argue against payouts, making cyber coverage a controversial topic, the evolving threat landscape means cyber insurance should be a top consideration as part of organizations’ cyber strategy. As such, we anticipate a booming cyber insurance industry as many organizations heed these warnings and seek to guard against ransomware attacks. Yet, in addition to cyber insurance, companies will need a designated DR or RR (Rolling Recovery) plan.<\/p>\n
Kubo Ma\u010d\u00e1k<\/strong>, Legal Adviser, Tilman Rodenh\u00e4user<\/strong>, Legal Adviser, Mauro Vignati<\/strong>, Adviser on Digital Technologies of Warfare, ICRC<\/em><\/p>\nA key concern for 2023 is that civilians will be further impacted by cyber operations during armed conflict. Civilian data, devices, and networks \u2013 such as government services, critical infrastructure, or companies \u2013 risk being deliberately disrupted or damaged, often in violation of the laws of war. Civilians \u2013 individuals and companies \u2013 may get drawn into digital warfare activities, encouraged to engage in cyber operations or to support kinetic military operations through digital means. Such developments put people and societies in danger and undermine the cardinal rule that belligerents must at all times distinguish between what is military and what is civilian.<\/p>\n
Stefan Soesanto, <\/strong>Senior Cyber Defense Researcher, Center for Security Studies (CSS)<\/em><\/p>\nI expect that the theft of medical data (ex. Finland’s Vastamoo in 2020 & Australia’s Medibank in 2022), as well as highly private personal data (ex. Ashley Madison in 2015) will become the major focus of ransomware groups and other cybercriminal actors alike. Underpinning this trend, the lesson learned is that imposing massive psychological pressure directly on thousands of separate victims, increases the likelihood of individual extortion payouts being made.<\/p>\n
What cyberthreats will pose the most danger to end-users?<\/h2>\n
Yury Slobodyanuk<\/strong>, head of content filtering research, Kaspersky<\/em><\/p>\nAs the geopolitical situation is quite tense, different types of fraud will take advantage of new events that will take place. Also, various techniques of generating fake news using AI may be used.<\/p>\n
Sven Herpig<\/strong>, Director Cybersecurity at think tank Stiftung Neue Verantwortung<\/em><\/p>\nI believe cybercrime is the biggest threat to end-users, but mainly in an indirect fashion. Cybercrime is looming over providers of essential services and goods such as municipalities, hospitals and even producers of baby food offline, rendering them less or non-operational for several days or weeks. This has a direct impact on citizens’ lives in the real world and is therefore something that I would see as one of the most prevailing threats to individuals.<\/p>\n
Prof. Dr. Dennis-Kenji Kipker<\/strong>, Professor for IT Security Law at the University of Bremen; Visiting Professor at Riga Graduate School of Law; Member of the Board of the European Academy for Freedom of Information and Data Protection (EAID)<\/em><\/p>\nRemote workers in home offices continue to play a major role in everyday working daily life, along with the increased use of BYOD, which takes control of devices away from administrators. Since 2020, therefore, forms of spear phishing, social engineering and CEO fraud, as well as ransomware, become increasingly prevalent and will continue to be of considerable importance in 2023. The professionalization of cybercrime, now an independent “industry”, is contributing to a further tightening of the security situation for end users, as low-cost mass attacks are made possible in this way.<\/p>\n
H.E. Dr.Mohamed Al Kuwaiti<\/strong>, UAE Cyber Security Council<\/em><\/p>\nIoT Vulnerabilities.<\/strong> Security issues keep plaguing IoT devices dominating the market today. As IoT combines the physical world and virtual space, home intrusions are being added to the list of the scariest possible threats that IoT brings.<\/p>\nVulnerabilities in Autonomous Vehicles.<\/strong> Due to the inherent risks of Autonomous Vehicles, they are increasingly vulnerable to attacks resulting in data breaches, supply chain disruptions, property damage, financial loss, and injury or loss of life.<\/p>\nWhat are the main challenges cybersecurity will face in 2023?<\/h2>\n
Ivan Kwiatkowski, <\/strong>senior security researcher, GReAT Kaspersky<\/em><\/p>\nThe security industry will face direct pressure resulting from the political situation. Things were complex before and they will only get worse. The biggest challenge that vendors will have to face in 2023 will be to remain neutral, if they haven’t decided to align with one block or the other already. (My opinion on this bigger matter is explained in this talk<\/a>.) Generally speaking, politics and threat intelligence will become more and more entwined, and we’re very unprepared for this as a community.<\/p>\nYury Slobodyanuk<\/strong>, head of content filtering research, Kaspersky<\/em><\/p>\nI think attacks will evolve a lot quicker next year, and a main challenge will be to still be a couple of steps ahead.<\/p>\n
Sven Herpig<\/strong>, Director Cybersecurity at think tank Stiftung Neue Verantwortung<\/em><\/p>\nI don’t think that there will be anything substantially new in 2023 \u2013 one of the key challenges will still be the lack of adoption of basic security and resilience measures which cybercriminals will successfully exploit.<\/p>\n
Prof. Dr. Dennis-Kenji Kipker<\/strong>, Professor for IT Security Law at the University of Bremen; Visiting Professor at Riga Graduate School of Law; Member of the Board of the European Academy for Freedom of Information and Data Protection (EAID)<\/em><\/p>\nCybersecurity requires not only secure software, but also sufficiently trustworthy hardware. For too long, we have relied on globalization in IT security and placed too little emphasis on protecting the digital supply chain. In Germany, this was made clear by the debate about protecting sensitive 5G networks; in the geostrategic conflict between the People’s Republic of China and Taiwan, we are now seeing that we are already in the midst of a semiconductor crisis that threatens the security of supply with trustworthy IT. Here, it can be assumed that significant cybersecurity challenges will continue to rise in 2023 as political tensions grow.<\/p>\n
Serge Droz, <\/strong>Technical Advisor, Member of the Board, FIRST<\/em><\/p>\nCybercrime will continue to focus on optimizing gains per investment, meaning that smaller and\/or less mature organizations will be targeted even more. These may be SMEs or businesses in sectors that don’t include IT in their core business, in particular health services. The problem with this target group is that they either have very different priorities (a ransomed hospital simply cannot afford to delay recovery, and thus pays) and don’t have the resources to defend themselves, or they just don’t have the expertise. This is what Wendy Nater calls “living below the security poverty line”. And this will be the challenge to our industry: how can we provide effective protection that works and is affordable to these types of organizations. Or in other words, can we provide security services to people other than for security specialists? My guess would be that reaching this goal requires different industries working together, in particular I feel the role of insurance needs to be clarified and aligned.<\/p>\n
James Range<\/strong>, President of White Rock Security Group<\/em><\/p>\nCyber teams are going to be in the spotlight now more than ever. Understanding your security posture is crucial; knowing what current tools are available and the gaps that currently exist in your infrastructure will help you to protect your enterprise. The need for bigger cyber budgets and having the right people in place is critical. With ongoing talent shortages, consider partnering with a third-party firm to ensure you have fail-proof processes, documentation, and regular third-party assessments.<\/p>\n
H.E. Dr.Mohamed Al Kuwaiti<\/strong>, UAE Cyber Security Council<\/em><\/p>\nDDOS Botnets.<\/strong> One of the most recent severe attacks around the end of June 2021, was made using malware called the M\u0113ris botnet which has climbed to the record. Due to the new nature of the malware as it has been described as a “new assaulting force on the Internet \u2013 a botnet of a new kind” and its impact is more likely to be that similar real-time emerging malware-related DDoS attacks like this one will be used in 2023.<\/p>\nRansomware as a service (RaaS).<\/strong> Unlike other forms of malware, this new service provides “a sort of criminal Content Distribution Network (CDN) similar, in principle, to those used by major internet portals but used exclusively for malware”. Nearly half of breaches during the first six months of 2022 involved stolen credentials, Switzerland-based cybersecurity company Acronis reported in its Mid-Year Cyberthreat Report, published on August 24, 2022. This has probably been the most discussed attack in 2022 as it’s the first time a country declared a national emergency in response to a cyber-attack. Ransomware-based malware had been quite active in 2022.<\/p>\nDeep fake enabled business compromise.<\/strong> Deepfake-enabled compromise is a type of attack where threat actors leverage synthetic content. This includes video or audio altered or created using artificial intelligence and machine learning to impersonate C-suite executives and trick employees into transferring large sums of cash.<\/p>\n","protected":false},"excerpt":{"rendered":"We invited notable experts to share their insights and unbiased opinions on what we should expect from cybersecurity in the following year.<\/p>\n","protected":false},"author":386,"featured_media":107895,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[437],"tags":[683,472,1017,533,459,587,121,29,200,902,53],"banners":"","hreflang":[{"hreflang":"x-default","url":"https:\/\/securelist.com\/cybersecurity-threats-2023\/107888\/"},{"hreflang":"ru","url":"https:\/\/securelist.ru\/cybersecurity-threats-2023\/106044\/"},{"hreflang":"es","url":"https:\/\/securelist.lat\/cybersecurity-threats-2023\/97149\/"}],"_links":{"self":[{"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/posts\/107888"}],"collection":[{"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/users\/386"}],"replies":[{"embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/comments?post=107888"}],"version-history":[{"count":10,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/posts\/107888\/revisions"}],"predecessor-version":[{"id":107913,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/posts\/107888\/revisions\/107913"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/media\/107895"}],"wp:attachment":[{"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/media?parent=107888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/categories?post=107888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securelist.com\/wp-json\/wp\/v2\/tags?post=107888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}