The cyber game is now an entire underground economy wrapped around cyberattacks. Thanks to increased international friction and the activity of groups such as Lapsus$, cybercriminals have upped the ante on cybercrime in order to turn a profit. Atakama outlines its top cybersecurity predictions for 2023.
IoT blends with shadow IT to make a security headache
With 43 billion devices connected to the internet in 2023, attackers have no shortage of targets. Although IoT devices can provide productive capabilities in commercial environments, risks abound. Manufacturers prioritize convenience and consumer-like appeal over security fundamentals. Unsurprisingly, devices are often deployed with weak or default credentials.
To make matters worse, IoT has proliferated within shadow IT systems, leaving already-weakly-protected cameras, microphones and sensors well outside the control of organized security platforms. Even within a strong perimeter, a poorly configured IoT device is bad news. Susceptibility increases many fold when the same poorly configured IoT device is within a shadow IT system.
Rise in sophisticated ransomware attacks put data exfiltration in the spotlight
The rising prevalence and sophistication of attacks targeting sensitive data will continue to plague organizations into 2023 and beyond. Double extortion attacks, pack an even greater punch by encrypting sensitive and proprietary data, hold it for ransom, and worse, publish the data on the dark web unless organizations cough up the cash. As the Verizon 2022 Data Breach Investigations Report says: “There are now more ways for attackers to monetize data.”
These attacks will increase as cyber criminals find it relatively easy to breach organizations’ defenses, and cash out.
In response, organizations will need to look beyond conventional data protection practices toward technologies that protect data at the source, such as multifactor encryption to render files useless to threat-actors who will not be able to access the data, whether it is still inside the security perimeter or successfully exfiltrated.
DevSecOps goes up a notch
Securing developer environments will become one of the most critical components to achieving optimal security for organizations in 2023. Count on highly elaborate cyberthreats targeting these complex infrastructures, as seen with the success of the SolarWinds attack, which continues to inspire malicious actors because application development is such a rich target. Inserting a few lines of malicious code can potentially open up thousands of entities in the supply chain of partners and customers.
Heightened DevSecOps practices in line with zero trust architectures and advanced encryption solutions will become more common as organizations realize these approaches are a critical business necessity.
People will continue to be the weakest link in cyber teams’ security chain
Sad to say, people will remain the main source of cybersecurity risk in any organization. Despite all the training, employees are still likely to provide threat actors with an entry point through social engineering, phishing or lapses that include sharing of passwords and log-in credentials. The Verizon 2022 report found the “human element” was a “key driver” in 82 percent of data breaches.
Insider threats from corrupt employees or individuals bearing a grudge will continue to be a serious concern. Threats from employees at partner organizations and third-party suppliers will require continued vigilance and increased implementation of zero trust strategies.
More awareness of CISO liabilities
This year’s Uber data breach conviction will focus many minds on the C-suite that the CISO role is one that carries significant ethical responsibilities.
Cybersecurity, like many other professions, has a code of ethics that’s expected of its practitioners. Individuals entrusted with the security and privacy of data, must behave ethically.
We know that the cybersecurity landscape is not always a level playing field and even the most ethical and highly technical cybersecurity teams cannot prevent the most determined attackers.
2023 may prove to be a more volatile year for CISO’s as they deal with the pressures of maintaining a ridged security posture, while also dodging the bullet of blame when attacks are successful.
They are likely to rely on degrees in information security disciplines and a wide range of professional certifications such as CISSP. What’s important is for CISOs constantly to update their knowledge because it is not just the threats that will develop, solutions will too, and they need to keep up-to-date.
Daniel H. Gallancy, CEO of Atakama adds: “Cyberthreats will continue to proliferate in number and grow in sophistication throughout 2023. While basic security practices will prevent many breaches, organizations are going to need more advanced solutions to protect themselves from the devastating consequences of a successful attack.”