As we approach the end of 2022, it’s time to look ahead and think about cybersecurity priorities for the new year. So, what do organisations need to take into consideration in 2023 regarding upcoming trends? Where should businesses choose to invest their time, resources and budgets? Here are some key predictions from Mimecast, an advanced email and collaboration security company, for the security landscape in the coming year.
Phishing attacks targeting new employees
Phishing attacks will continue to iterate as these are low-cost with a high return on investment for cybercriminals, especially initial access brokers. Recent research has shown that an email impersonating a colleague has the highest chance of success. We’re therefore likely to see phishing attacks on new employees grow as a phenomenon. As new start-ups make a splash on LinkedIn, they are more susceptible to fake welcome emails from ‘senior executives’ or fake company onboarding portals. Sometimes, these are used for credential harvesting, account takeover or even multistage malware droppers.
More sophisticated spear phishing
Fraudsters will continue using social engineering, a method of attack where cybercriminals weaponise personal information to target a specific user. Sophisticated attacks like spear phishing – where attackers send emails that appear to be from a known or trusted sender – will grow.
Most prominently, whaling will be on the rise, which is an even more specialised variety of spear phishing that targets a specific user high in an organisation’s hierarchy – also known as CEO or CFO fraud.
Increase in Malware-as-a-Service
Malware-as-a-Service (MaaS), which is a model similar to Software-as-a-Service will continue to grow as a booming business for cybercrime organisations. MaaS is available for purchase on the Dark Web to target big businesses with sensitive and critical assets.
Harvest now, decrypt later
Quantum Computing is closer to becoming a reality and as we move towards Q-Day – when this technology will be readily available – organisations need to prepare for ‘harvest now, decrypt later’ attacks. Bad actors will ‘harvest’ data from organisations with the intention of decrypting the data later when Quantum Computing reaches maturity.
Ransomware will continue to evolve and research shows that attacks are becoming more harmful each year. According to Mimecast’s State of Ransomware Readiness Report 2022, two-fifths of cybersecurity leaders (40%) have encountered ransomware attacks that use compromised credentials tactics this year, compared to 33% last year.
Cyberinsurance will no longer be a guaranteed safety net and preventing an attack altogether is the only safe path.
Concerningly, businesses’ ransomware defences appear to have remained static, with many firms lacking basic security measures, which increases vulnerability and exposure in the event of an attack. It’s critical to properly invest in fundamental measures, like robust email security and employee training.
AI voice-cloning technology
Threat actors will take social engineering to the next level. As Artificial Intelligence (AI) voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilise audio deepfakes. These will be used in combination with compromised email and collaboration accounts.
Malicious use of Large Language Models
Large Language Models (LLMs) will be used by criminals to increase the number of attacks. These are AI tools that read, summarise and translate texts and predict future words in a sentence, letting them generate sentences similar to how humans talk and write.
Bad actors will use accessible LLMs to create campaigns using natural language and automatic social engineering, aimed at the most vulnerable people in companies. This will allow them to carry out more attacks while at the same time improving their success rate.
Increase in insider threats
Insider threats are likely to increase as other, more traditional cybersecurity solutions are strengthened. This includes both malicious and unintentional activity by employees. The threat increases significantly when accounts are not removed following a staff departure from an organisation. Employees may also be bribed or coerced to assist threat actors. Such employee fraud can be extremely difficult to detect but the maintenance of normal day-to-day processes and procedures, such as the ‘CIA (Confidentiality, Integrity and Availability) Triad’, should limit any attack. Other forms of insider threats such as compromised internal accounts and non-malicious or accidental insiders – for instance, using shadow IT – must also be protected against.
Skills gap in cybersecurity
The skills gap in cybersecurity, particularly AI and ML expertise, will probably be felt more acutely in 2023. In 2022, newsworthy attacks were typically targeted and methodically planned, but still very manual. Customers will be looking for cybersecurity products that can effectively protect against a multi-stage attack like this. But to detect these attacks, the existing detection systems need to be harmonised effectively and turned into a meta-system. As a result, cybersecurity companies will be looking for AI and ML experts to design and implement these meta-systems, in an already tight labour market.
“With spending on digital technology by organisations across the Asia Pacific predicted to grow at over three times the economy next year. 2023 will be a landmark year for cybersecurity as it will remodel itself to meet the emerging threats and growing challenges,” said Stanley Hsu, Regional Vice President, Asia, Mimecast.
“High-profile data breaches will continue to hit the headlines in the new year. Disruption is today’s villain and developing cyber-resilience strategies will help protect organisations and minimise the impact of successful cyberattacks, by keeping businesses running as smoothly as possible during recovery.”Click below to share this article