2022 was a tough year in cybersecurity, with global attacks in Q4 increasing 28% compared to 2021. The threat landscape is likely to continue evolving throughout 2023. Here are some of the cybersecurity predictions from the wider community to help you prepare for the year ahead.
1. Ransomware attacks will continue and likely increase
In particular, targeted ransomware attacks will increase. These require more sophisticated techniques that target a specific company’s technology stack. They will also continue to target the public sector too, with governments, healthcare and other critical infrastructure potential targets. As a result companies and organisations need to be extra vigilant to this threat.
2. Professionalism among bad actors will grow
Ransomware-as-a-Service (RaaS) – where groups develop and sell ransomware for others to use – will continue throughout 2023. This means that more bad actors will have access to malware which, combined with underprepared enterprises, could lead to more high-profile breaches.
3. Identity and authentication attacks will continue
According to Google, these threats will continue as relatively unsophisticated threat actors will be able to buy credentials on the Dark Web or con their way into organisations. This puts the pressure on suppliers and platforms to defend their customers against malware that could enable criminals to steal data.
4. MFA adoption will fuel social engineering attacks
As the adoption of MFA increases, bad actors will be forced to develop techniques to bypass it so we’re likely to see increased social engineering attacks to force human error. For example, tricking or harassing users into providing them access.
5. Drone hacking will emerge
According to Kaspersky, there will be an increased use of commercial-grade drones to enable proximity hacking. For example, drones could be mounted with a rogue Wi-Fi access point or tools to allow them to collect WPA handshakes used for offline cracking of passwords.
6. The recession will hit cybersecurity training
Despite the increased threat of cyber attacks, the looming recession will likely cause a reduction in spending on cybersecurity training. However this will leave many companies vulnerable to attack. Training is still a crucial part of protecting your business, and there are many new and innovative ways to incorporate it, regardless of your budget.