Scott Register, VP Security Solutions at Keysight Technologies, highlights some areas where cyber threats and security may develop through 2023.
2022 brought numerous cyber security challenges, whether it was the constant threat of ransomware attacks, the ever-changing geopolitical landscape or the deepening cyber skills shortage, security teams everywhere were under constant pressure.
In 2023 there are a few signs that the pressure will ease. Cyber attacks have become increasingly frequent and hackers are developing more sophisticated skills, so the threat of a security breach continues to loom large for many organizations.
So, what can we expect from the year ahead? Here I offer some of my predictions on what I believe will be the main challenges to security professionals through 2023.
AI on the Offence
Deepfake technology to date has resulted in political confusion, Internet chatter, and some amusing mashup videos, but expect this to change in the near term. Security experts have warned for years about the possibility of social engineering attacks with deepfakes, and the technology has matured enough for 2023 to see hackers successfully leverage it.
We will see an increase in image generation, generated audio, and conversations that appear realistic, designed to trick recipients into sharing personal data or other sensitive information. The deepfake threat isn't relegated solely to consumers; we'll likely see threat actors spoof a Fortune 100 CEO in an attempt to defraud or otherwise damage the organization.
Hackers’ end game: physical damage
Hackers may have traditionally abided by a quasi-code of ethics to limit physical destruction, but those days are long gone. Expect 2023 to see more targeted operational technology (OT) attacks designed to disable or destroy system availability with the end goal of harming people. For example, ransomware attacks against life-saving equipment in the healthcare sector may take place.
Evolving cyber insurance industry
Historically cyber insurers have embraced a yes/no approach to coverage based on the company's maturity level and the types of threats facing the organization. Expect this to evolve in 2023, with insurance companies declining to cover more enterprises and introducing risk-based pricing in response to the dynamic threat environment. I believe we'll see more exemption clauses denying coverage for ransomware and other specific attack types.
Whatever 2023 brings, one thing is for certain, cyber threats will continue to increase, so the need for a robust, multi-pronged approach to your cyber security strategy will be essential. Understanding how your organization functions in the new hybrid working environment and the current geopolitical landscape should be central to your plan.
Hackers’ motivation has changed, it’s no longer about simply extorting money from individuals, it’s about political and corporate gains, which is why cyber security should be at the forefront of your organization’s agenda for 2023.