2022 turned out to be another year where cybercriminals kept security professionals on their toes. Although more and more organizations seem to be taking the necessary steps to combat cyberattacks, the battle rages on.
With ransomware, security vulnerabilities, and other dangers posing a seemingly endless threat, what can businesses and technology leaders expect this year in the area of cybercrime? Here are 10 predictions from cybersecurity experts.
Ransomware attackers will focus more on data exfiltration
“The threat of ransomware will persist even in the face of a decrease in attacks,” said Matt Hull, global head of threat intelligence at cyber threat advisor NCC Group. “However, we are seeing an evolution in the way the groups operate, not only due to the intervention of law enforcement, but also the cooperation between governments and regulators to solve the problem.
Hull believes that ransomware gangs will continue to diversify their operations by focusing less on data encryption and more on data exfiltration and performing distributed denial of service attacks.
“While the past few years have been marked by ransomware attacks from organized hacking groups, we are now entering an era where an increasing number of threats will come from state-sponsored actors seeking to disarm global economies” , said Asaf Kochan, co-founder and president of cloud security provider Sentra. “This poses a direct threat to specific sectors, including energy, shipping, financial services and chip manufacturing.”
These attacks will not just steal intellectual property or demand ransom, according to Kochan. Instead, they will aim to disrupt, compromise and even shut down operations and critical infrastructure at the national level.
Cyberattacks through personal communications will create tension between employees and employers
“Social engineering attacks from employee-owned communication channels are highlighted in the news every week,” said Steven Spadaccini, vice president of threat intelligence for security provider SafeGuard Cyber. “Cybercriminals are targeting high-value employees on LinkedIn, Telegram and WhatsApp to infiltrate businesses.”
In response, employers are trying to enforce safety policies, Spadaccini said, but they must weigh the risks against the benefits. A conflict between privacy and corporate visibility could see its first class action lawsuit in 2023 to test the limits.
SEE: IT Physical Security Policy (TechRepublic Premium)
Third-party vendor security compliance is on the horizon
“Enterprises today rely on a network of third-party vendors for microservices and other outsourced solutions,” Kochan said. “While these third-party service providers can be more efficient and cost-effective than in-house tools, they often serve as unprotected conduits for malicious activity.”
A Gartner study found that more than 80% of third-party vendor risks are uncovered after the initial onboarding and due diligence process, showing that traditional due diligence methods fail to uncover risks, added Kochan. As a result, organizations are already implementing higher standards for third-party vendors, a trend that will become even more formal in 2023.
On-premises environments will become more vulnerable to security threats
“The future is in the cloud, and the world’s most talented engineers and developers are highly motivated to work on this cutting-edge technology,” Kochan said. “This leaves organizations operating on legacy on-premises systems – including a significant number of Fortune 500 companies and other industry leaders – at a competitive disadvantage when looking for new talent.”
As more IT professionals turn to cloud-centric work, organizations will struggle to retain their best engineering and security teams, Kochan added. In turn, on-premises environments will be more vulnerable to compromise, as cybercriminals exploit unpatchable legacy technology.
Continued cloud transition will increase security needs
“Enterprises are embracing cloud-first technology to move faster in their domain while improving cost and time efficiency,” said Dan Garcia, chief information security officer at software provider EDB. “While hybrid and multicloud approaches provide greater accessibility and workload compensation options, these environments can also expand security gaps.”
To address the risks and vulnerabilities of cloud environments, organizations will need to step up education and training for their employees, Garcia said. Organizations that lack the internal resources to effectively manage cloud environments should consider external parties with the appropriate expertise in privacy, security, and cloud deployment.
SEE Security Awareness and Training Policy (TechRepublic Premium)
Data storage solutions must guarantee proven protection and security
“Distribution solution providers and end users will prioritize data storage solutions that can provide the most reliable and real-world proven protection and security,” said Surya Varanasi, CTO of the provider. StorCentric enterprise storage. “Features such as lock mode, file fingerprinting, asset serialization, metadata authentication, private blockchain and robust data verification algorithms will go from nice to essential, while the immutability will become a ubiquitous data storage feature.”
Consumer attitudes towards online security and privacy will increase
“As companies hacked and hit by ransomware continue to dominate the headlines, cybercriminals have begun to hit not only deep-pocketed businesses, but also SMBs and individuals,” Varanasi said.
SMBs and individuals are more vulnerable to cyberattacks because they don’t have the level of protection or the big budgets of large corporations, Varanasi noted. However, with remote work and remote access – the model for today’s worker and consumer – people will demand and demand data protection and security that can protect them wherever they are.
Software Defined Perimeters Will Begin to Overtake VPNs
“In 2023, I predict that SDP will finally overtake VPNs as the dominant technology for remotely connecting people and devices,” said Don Boxley, CEO and co-founder of enterprise security provider DH2i. “More and more IT professionals are already using it successfully to connect to cloud or on-premises applications wherever they are, and they’re talking about it.”
Boxley also thinks VPNs will lose popularity due to bugs and performance issues. In the past, a small number of people depended on VPNs, but with the move towards a remote workforce, the risks of VPNs have multiplied, many of which are mitigated by SDPs.
CISO responsibilities will continue to expand
“CISOs are already tasked with ensuring business compliance, hiring the right people, implementing strong threat management and controlling vulnerabilities,” said Ulfar Erlingsson, chief architect of the platform. -Lacework cloud security form. “Increasingly, CEOs and boards are giving CISOs an even broader mandate and asking them to reduce the likelihood of intrusions, data exfiltration, ransomware, and more to zero.”
To manage increased responsibilities for preventing security breaches and other threats, CISOs may not have the time to build their own in-house solutions, Erlingsson added. Instead, they should consider third-party technologies based largely on automation as a way to supplement the skills and resources of their internal teams.
Read next: Security Risk Assessment Checklist (TechRepublic Premium)