Follow us on LinkedIn, Instagram, Facebook, YouTube and Twitter
“With spending on digital technology by organisations across Asia Pacific predicted to grow at 3.5 times the economy next year, 2023 will be a landmark year for cybersecurity as it will remodel itself to meet the emerging threats and growing challenges.
High profile data breaches will continue to hit the headlines in the new year. Disruption is today’s villain, and developing cyber resilience strategies will help protect organisations and minimise the impact of successful cyberattacks, by keeping businesses running as smoothly as possible during recovery.” – Stanley Hsu, Regional Vice President, Asia, Mimecast
As we approach the end of 2022, it’s time to look ahead and think about cybersecurity priorities for the new year. So, what do organisations need to take into consideration in 2023 regarding upcoming trends? And where should businesses choose to invest their time, resources, and budgets? Here are some key predictions from Mimecast, an advanced email and collaboration security company, for the security landscape in the coming year:
Phishing attacks targeting new employees
Phishing attacks will continue to iterate as these are low cost with a high return on investment for cybercriminals, especially initial access brokers. Recent research has shown that an email impersonating a colleague has the highest chance of success. We’re therefore likely to see phishing attacks on new employees grow as a phenomenon. As new starts make a splash on LinkedIn, they are more susceptible to fake welcome emails from “senior executives” or fake company onboarding portals etc. These are used for credential harvesting, account takeover or even multistage malware droppers in some cases.
More sophisticated spear phishing
Fraudsters will continue using social engineering, a method of attack where cybercriminals weaponise personal information to target a specific user. Sophisticated attacks like spear phishing – where attackers send emails that appear to be from a known or trusted sender – will grow.
Most prominently, whaling will be on the rise, which is an even more specialised variety of spear phishing, and targets a specific user high in an organisation’s hierarchy – also known as CEO or CFO fraud.
Increase in Malware-as-a-service
Malware-as-a-service (MaaS), which is a model similar to Software-as-a-Service will continue to grow as a booming business for cybercrime organisations. MaaS is available for purchase on the dark web, to target big businesses with sensitive and critical assets.
Harvest now, decrypt later
Quantum computing is closer to becoming a reality and as we move towards Q-Day – when this technology will be readily available – organisations need to prepare for ‘harvest now, decrypt later’ attacks. Bad actors will ‘harvest’ data from organisations, with the intention of decrypting the data later, when quantum computing reaches maturity.
Ransomware evolution
Ransomware will continue to evolve and research shows that attacks are becoming more harmful each year. According to Mimecast’s State of Ransomware Readiness Report 2022, two-fifths of cybersecurity leaders (40 per cent) have encountered ransomware attacks that use compromised credentials tactics this year, compared to 33 per cent last year.
Cyber insurance will no longer be a guaranteed safety net and preventing an attack altogether is the only safe path.
Concerningly, businesses’ ransomware defences appear to have remained static, with many firms lacking basic security measures, which increases vulnerability and exposure in the event of an attack. It’s critical to properly invest in fundamental measures, like robust email security and employee training.
AI voice cloning technology
Threat actors will take social engineering to the next level. As artificial intelligence (AI) voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilise audio deepfakes. These will be used in combination with compromised email and collaboration accounts.
Malicious use of Large Language Models
Large Language Models (LLMs) will be used by criminals to increase the number of attacks. These are AI tools that read, summarise and translate texts and predict future words in a sentence, letting them generate sentences similar to how humans talk and write.
Bad actors will use accessible LLMs to create campaigns using Natural Language and automatic social engineering, aimed at the most vulnerable people in companies. This will allow them to carry out more attacks while at the same time improving their success rate.
Increase in insider threats
Insider threats are likely to increase as other, more traditional cybersecurity solutions are strengthened. This includes both malicious and unintentional activity by employees. The threat increases significantly when accounts are not removed following a staff departure from an organisation. Employees may also be bribed or coerced to assist threat actors. Such employee fraud can be extremely difficult to detect but the maintenance of normal day-to-day processes and procedures – such as the “CIA (Confidentiality, Integrity and Availability) Triad” – should limit any attack. Other forms of insider threats such as compromised internal accounts and / or non-malicious or accidental insiders (e.g. using shadow IT) must also be protected against.
Skills gap in cybersecurity
The skills gap in cybersecurity, particularly AI/ML expertise, will probably be felt more acutely in 2023. In 2022, newsworthy attacks were typically very targeted, methodically planned, but still very manual in nature. Customers will be looking for cybersecurity products that can effectively protect against a multi-stage attack like this. But to detect these attacks, the existing detection systems need to be harmonised effectively and turned into a meta-system. As a result, cybersecurity companies will be looking for AI/ML experts to design and implement these meta-systems, in an already tight labour market.
Editor’s Note: You can now download our app on the Google Play Store or the Apple Store, or write your next best-selling novel with our sister app Toolis, available on the Apple Store and Google Play Store or purchase something from us at www.tapiroo.com, yayaezzy.com or at lazybumskincare.com.au.
We are happy to note that we are also now on Amazon Australia. Purchase our products as a show of support to us. They are Yaya, Ezzy, Tante June and Xeno backpacks or our beauty products such as LazyBum Skincare Facial Cleanser, LazyBum Skincare Toner and Moisturiser and Blitz Hair Oil Spray.
Also, check out our rate card and media kit here if you would like to advertise with us on this website. Thank you!
Like What You Read?
Howdy! Thanks for dropping by and reading our stuff. DailyStraits.com is an independent website that covers all things business and entrepreneurship related. If you like what you read, a little donation from your good self will go a long way in helping us run this site successfully. Thank you!
$5.00
Welcome to dailystraits.com. Please send all interview requests and press releases to editor@dailystraits.com.