The nature of cyberattacks will continue to evolve in the coming year, and companies need to adapt.
The past several years have taught us to expect the unexpected regarding world events, economics, and cybercrime. However, as we head into 2023, a few emerging trends – and several ongoing challenges – will shape the type and frequency of attacks and how cybersecurity professionals respond to them. So what will cybersecurity look like next year? Here are a few predictions.
Social media will be weaponized for targeted cyberattacks. Cybercriminals are already leveraging social media profiles to research potential phishing targets. Hackers can use publicly viewable profiles to help make their phishing emails seem more legitimate because they include more personal information about the sender or recipient. For example, LinkedIn can glean information about employees and even specific projects they may have worked on.
In addition, social media platforms can be leveraged to target social engineering attacks against employees on a non-corporate platform. Like so-called “catfishing” schemes in the online dating world, imposters can reach out to employees via LinkedIn or other platforms and trick them into revealing sensitive company information. Further, inappropriate social media postings can even be used as part of a ransomware or blackmail attack against specific employees.
While companies cannot control employees’ social media behavior directly, they can help shield profiles from prying eyes, develop company policies around social media usage at work, and provide training to help keep employees safe while using those platforms. (Corporate social media accounts should also be secured and monitored.)
Despite numerous attacks and warnings, ransomware threats will continue. Given all the news stories about ransomware, the frequency of attacks, and how no business or organization (no matter how small or obscure) is safe, companies are taking the issue seriously. But unfortunately, many firms have not taken appropriate steps to prevent and respond to these attacks.
Globally, there were 236.1 million ransomware attacks in the first half of 2022, according to Statista. Despite knowing this, an Axio survey found that only 30 percent of surveyed organizations had a ransomware-specific playbook. That means MSPs and VARs still have a lot of work to do to help clients shore up their cybersecurity defenses.
Cybercrime-as-a-service will increase. This is because it has become increasingly easy to launch attacks using ready-made tools and even outsourced cyber-attack services that have emerged worldwide. These include ransomware-as-a-service, malware-as-a-service, and other versions.
The ability to rent cyberattack capabilities has lowered the bar for other types of bad actors to launch attacks that might otherwise have been beyond their limited technical capabilities. This also opens the door for groups with less predictable agendas (terrorist organizations, fringe conspiracy groups, political actors, smaller nation-states, etc.) to successfully launch attacks that go beyond attempts to steal money or data. As a result, critical infrastructure, schools, hospitals, and government entities could face new waves of attacks enabled by these rent-a-hacker services.
Cloud services and apps will require more sophisticated security. Gartner estimates that the use of public cloud services grew more than 20 percent in 2022, and spending could reach $600 billion next year. With more companies adopting cloud-based and software-as-a-service applications, more remote workers, edge computing, connected equipment, and the increasing use of both company-owned and personal mobile devices to do business, the potential attack surface is increasing exponentially.
This means there will be a greater need for intelligent and sophisticated security tools, including:
- Artificial intelligence (AI) that can automate monitoring
- 24/7 security operations centers (SOC)
- Real-time monitoring and response solutions
- Zero Trust approaches
- Passwordless solutions and more
Humans will remain the weakest link in cybersecurity. The most significant cybersecurity vulnerability at every company continues to be their employees. Humans are imperfect, fallible creatures who are surprisingly easy to trick into sharing credentials and data. And under the right conditions, they’ll even access corporate funds without a second thought. To (sort of) paraphrase a verse from Taylor Swift’s “Anti-Hero” song, “It’s us. We’re the problem.”
Most successful attacks begin with old-fashioned phishing scams and social engineering, and cybercriminals get better at this every year. Employees are constantly under attack and can quickly become fatigued with frequent password changes, MFA requirements, and other security protocols. Education is critical. Regular security awareness training, threat bulletins, and updates can help mitigate many common cyberattacks.
While cybersecurity threats are never a pleasant topic, keeping these trends in mind will help MSPs and their clients be better prepared for 2023.
Shani Mahler is Director of Product Management for Barracuda MSP.