Experts Predict Anticipated Cyber Threats for 2023 in the Realm of Information Security
In the rapidly evolving world of cybersecurity, predictions for the coming year paint a picture of persistent threats and changing tactics. Here's a roundup of some key predictions and insights from industry experts.
Mauricio Sanchez, research director at Dell'Oro Group, anticipates that ransomware and data exfiltration will continue to be prevalent threat vectors, primarily through end-user compromise and IT misconfigurations.
The White House is urged to revamp cyber regulations, as attacks against OT/IoT are predicted to increase, potentially leading to another event similar to the Colonial Pipeline incident. Michael Diamond, technology analyst at Futurum Research, emphasises the importance of staying vigilant against cyber threats, without providing specific predictions.
Corporate stakeholders are increasingly interested in understanding the risk calculus of their technology stacks, to determine if they are potential targets. This shift in focus is reflected in the evolving role of CISOs, who are now expected to provide more detailed risk assessments.
Jon Geater, chief product and technology officer at RKVST, believes that most threats in supply chain attacks arise from mistakes or oversights originating in the supply chain. He highlights the digital supply chain as being as critical as the physical one, and stresses the need for suppliers to provide quality and for consumers to take control of their own risk.
Phishing and spear phishing attacks are highlighted as significant concerns by experts. Nicole Darden Ford, CISO for Rockwell Automation, expects cyberattacks to continue as a weapon of choice, with critical infrastructure becoming a growing target. She suspects that publicly available models like Dall-E and ChatGPT3 will be quickly adopted by criminals to improve phishing and business email compromise scams.
Chester Wisniewski, principal research scientist at Sophos, expresses concern about the malicious use of machine learning technologies in 2023. He warns that these advanced tools could be used to create increasingly sophisticated cyber attacks.
German cybersecurity experts and analysts expect that in 2023, AI-supported attacks (KI-supported attacks) will be the most significant cyber threat, especially targeting sensitive data and critical infrastructures such as healthcare. This outlook was presented by Andreas Müller (Delinea) and supported by surveys of 670 cybersecurity-involved participants in companies.
Geopolitical tensions are expected to drive the threat landscape in 2023, with implications from the Russia/Ukraine war and China/Taiwan tensions likely to persist. Nation-state supported attacks are expected to increase, with attacks from North Korea and Iran likely to be joined by an increased number from Russia and China.
Rick Holland, CISO and VP of strategy at Digital Shadows, predicts that extortion, targeting of vulnerable supply chain partners, malicious crypto apps, and hacktivist activities will continue in 2023.
In a positive note, Palo Alto Networks shares surge after the company releases a strong annual forecast. The Water sector expands partnership with volunteer hackers, and public and private entities are advised to follow cybersecurity guidance by government entities, such as CISA, to mitigate risks.
Businesses are focusing on AI and cloud, despite cyber defense oversights. However, the increasing interest in understanding the risk calculus of technology stacks suggests a growing awareness of the need for robust cybersecurity measures in these areas.
The majority of user training has focused on users looking for clues that the perpetrators are not likely native English speakers. However, the advent of tools like ChatGPT3 means that criminals now have a freely available tool to help eliminate that suspicion for many users. This underscores the need for ongoing training and vigilance in the face of evolving cyber threats.
