Stu Sjouwerman is the founder and CEO of KnowBe4 awareness training and a phishing simulation platform.

Predicting the future isn’t easy, but careful analysis of attack vectors and the future of technology can give us a good idea of ​​where we’re headed. For an effective cybersecurity program, organizations must first understand how the overall threat environment is changing. Below are the top cybersecurity trends and predictions organizations can expect in 2023.

1. Social media scams give rise to a new battleground of social engineering

Adversaries and state-sponsored attackers use social engineering techniques as a first step (initial access vector) in large-scale campaigns to break into systems, distribute ransomware, or steal sensitive information . With commerce and social media markets constantly growing, people are increasingly relying on trust metrics, such as the number of logins or followers of a person or business account, whether the account is verified and how long the account has been active, which makes them vulnerable. scams and cyberattacks.

The figures show an alarming trend. In 2017, around 5,000 people were scammed out of $42 million. In 2021, nearly 100,000 people reported being scammed for a total of $770 million. Security professionals have ranked social engineering as the “most dangerous” threat in 2022.

2. Catastrophic Attacks on Critical Infrastructure

Critical infrastructure has always been a major target for cybercriminals and state-sponsored attackers. Given the Russian-Ukrainian war, cyberattacks and threats have grown exponentially. Nearly 90% of all US critical infrastructure is thought to have been hit by a successful ransomware attack in 2021. And most CISOs (nearly 80%) believe the world is now in a “perpetual state” of cyber warfare .

With inflation and the rising cost of living, the world could witness digital civil disobedience in the form of hacktivism, where citizens attack their own government or infrastructure as a way to stage protests.

3. Deepfake attacks become more convincing

The rise of deepfakes (synthetically manipulated audio, video and images) as a tool to create a layer of trust in scams and social engineering attacks will increase exponentially. The level of maturity of deepfakes technology is compelling enough to fool most unsuspecting people.

A relatively new form of attack technique, most organizations are unaware of the dangers of deepfakes and therefore do nothing to educate employees about it. This situation creates a huge risk that could cost them dearly in 2023. According to recent research, deepfake content is increasing by more than 400% year-over-year, and attacks involving fabricated audio and video also increase. Europol revealed that deepfake technology could soon become a staple tool for cybercriminals.

4. New threats emerge with the metaverse

The Metaverse has been getting a lot of hype lately, with well-known brands announcing entry into several prominent virtual worlds. While this technology opens up opportunities for social interaction, gaming, and commerce, attackers will find a way to hijack identities and extract or steal sensitive data. If a metaverse interaction is recorded on the blockchain, extortionists and cybercriminals can track it, leading to a highly sophisticated and targeted scam attempt. Interpol believes the metaverse will open up new avenues for cybercrime.

5. Organizations focus on creating a culture of safety

Not all will be bleak in 2023. A recent ClubCISO survey shows that the transformation to remote and hybrid working has had a positive effect on employee attitudes towards safety. Research indicates that a good security culture has become the norm for organizations that have received ongoing security awareness training.

Organizations are realizing that human causes are responsible for 95% of cybersecurity breaches, underscoring the importance of building a strong security culture. A strong security culture reduces the risk of attacks and operationalizes employees as the last line of defense. A majority (87%) of technology CEOs think a strong security culture is just as important as technology controls.

As 2023 dawns, it is important that organizations do not relegate cybersecurity to the background. Threat actors are opportunistic and thrive in times of uncertainty. Perhaps the most important step an organization can take in 2023 is fostering a culture of awareness and establishing a foundation of safety. If they focus on these two things, they will be much better prepared for the new year and beyond.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs, and technology executives. Am I eligible?

Source link

Leave A Reply