5 Emerging Cybersecurity Risks to Watch Out For in 2023
2023 is finally here, and with the arrival of the new year, we look forward to information technology (IT) developments that will impact our clients. But we have to start by looking backwards: in 2022, we saw historically high rates of cyberattacks, with Checkpoint Research measuring a 28% increase over the previous year between July and September.
In the coming year, this trend of rising cyber incidents will certainly continue: as organizations are forced to navigate disruptions in the global business landscape, cyber actors will innovate their tactics, techniques and procedures (TTPs), seeking out new opportunities to infiltrate your organization. Consequently, the global cost of cybercrime is projected to hit $8 trillion by the end of 2023.
In order to protect themselves, businesses across all sectors and industries - from government agencies and contractors to commercial institutions - will need to understand the dangers facing them on the cyber front, and partner with technology providers who can protect their IT infrastructure from threat actors. In this article, we'll explore 5 emerging cyber risks in 2023, and how your business can prepare for them.
Trends Shaping the Cyber Landscape
Cyber risk does not occur in a vacuum: changing circumstances bring about changing motivations, and new opportunities for disruption. With the global economy and business landscape facing turmoil, threat actors will respond to these changes in predictable ways. Here are just a few:
- Global Conflict - with major world powers embroiled in conflict, activity from nation-state actors and politically driven adversaries is rising. Last year, Microsoft reported an increased number of politically motivated cyberattacks with increased destructiveness, and we can expect more over the coming year.
- Economic Instability - inflation has hit many parts of the world, with experts anticipating recession and increased economic turmoil over the coming year. As a result, the number of malicious actors driven to cybercrime out of desperation will likely increase, with many viewing it as an opportunity to overcome poverty and hardship.
- Hybrid Environments - with the number of remote workers increasing by 24% in 2022, organizations are increasingly leaning into a hybrid workplace model. Not only does this bring new vulnerabilities through an increased number of remote endpoints, but it also increases the ease with which malicious actors can target employees, steal devices, and access sensitive data.
- Lack of Cyber Talent - last year, the ISC2 reported a worldwide gap of 3.4 million cybersecurity workers. This represents a steady increase in the number of cybersecurity positions since 2013, which is unlikely to disappear any time soon. Without cyber talent, organizations will struggle to find and eliminate vulnerabilities in their IT systems.
5 Emerging Cyber Risks
From year to year, some cyber risks - such as ransomware and phishing attacks - have maintained a steady and predictable level of growth. In this article, we are focused on new or emerging risks that represent a heightened threat to businesses in 2023.
- Cybercrime as a Service
Ransomware-as-a-Service (RaaS) groups have fundamentally changed the way global cyber actors operate, allowing low skilled cyber actors to orchestrate complex attacks with less need for sophisticated tools and talent. The Colonial Pipeline Attack in June 2021 was orchestrated by an RaaS group, threatening gas supplies across the Eastern U.S.
With the help of Darknet markets, today's cyber actors are using the same model for more than just ransomware: cybercrime-as-a-service encompasses distributed denial of service (DDoS) attacks, malware for rent, phishing kits, and much more. With a 63.2% increase in RaaS groups reported in Q1 2022, businesses can expect a general rise in cybercrime-as-a-service in 2023.
- Advanced Social Engineering Attacks
Social engineering has consistently ranked as a leading driver of cyberattacks, with 75% of cybersecurity practitioners calling it the "top threat" to their organization in 2022. But as employees wise up to well-practiced phishing tactics, cyber actors stay one step ahead, innovating new strategies to deceive their victims.
Business email compromise (BEC) is an advanced form of phishing attack in which attackers impersonate a company executive or mid-level manager at your organization to bypass SPAM filters and make the scam more convincing. In 2022, reported losses from BEC attacks surpassed $43 billion - meanwhile, social media fraud is also rising, with attackers using information about their victims to build rapport and gain access to sensitive information.
- Cloud-Directed Attacks
Although cloud service providers (CSPs) incorporate strong security controls into their products, nearly half of organizations polled in 2022 reported a cloud-based breach within the last 12 months. These breaches are typically caused by misconfigurations on the part of customers which leave APIs exposed, providing malicious actors with easy access to their sensitive data.
With more and more organizations depending on cloud-based data storage and applications, Gartner predicts that global cloud spend will reach $600 billion in 2023. Unless organizations work to protect their deployments from the configuration stage onwards, more cloud services will equate to more vulnerabilities and a higher number of data breaches.
- IoT-Directed Attacks
By 2025, the Internet of Things (IoT) will contain 75.4 billion devices. IoT attacks are nothing new: for years, mass-manufactured IoT devices have suffered from insecure design, including default passwords, lack of support for two-factor authentication (2FA), and slow firmware patches in the face of vulnerability disclosures.
Fortunately, vendors are beginning to factor security into the design of IoT devices, leading to an all-time low in discovered vulnerabilities last year. Unfortunately, IoT devices contribute to an ever-growing network perimeter that opens organizations up to attacks, and the rise of 5G IoT networks is expected to generate new vulnerabilities through API flaws that impact most IoT platforms.
- Software Supply Chain Threats
Today's organizations are heavily dependent on third-party software vendors, with the average business relying on more than 250 software-as-a-service (SaaS) apps. But as we saw during the 2020 SolarWinds attack which impacted nearly 100 companies, software vendors bring risks which may impact their customers.
Since 2020, software supply chain attacks have increased dramatically, with the average number of malicious packages in open-source repositories exploding by over 10,000%. Malicious actors have realized that third-party software vendors are a weak link in the chain of businesses who might otherwise be impenetrable. As organizations adopt new software solutions in 2023, their risk of a software supply chain attack will increase proportionally.
At Epoch Concepts, we design, source and integrate solutions to empower our customers. From storage to infrastructure, cybersecurity and cloud solutions, we architect fully customizable IT solutions and offer continual customer support, seeking to align IT strategy with your unique business requirements. When it comes to composable and next-generation technologies, we are here to help you every step of the way. Contact us to learn more.