Cybercrime (and Security) Predictions for 2023

Dec 19, 2022The Hacker NewsPassword Policy / Data Security

Threat actors continue to adapt to the latest technologies,
practices, and even data privacy laws—and it’s up to organizations
to stay one step ahead by implementing strong cybersecurity
measures and programs.

Here’s a look at how cybercrime will evolve in 2023 and what you
can do to secure and protect your organization in the year
ahead.

Increase in digital supply chain attacks

With the rapid modernization and digitization of supply chains
come new security risks. Gartner predicts that by 2025, 45% of organizations worldwide will
have experienced attacks^[1]
on their software supply chains—this is a three-fold increase from
2021. Previously, these types of attacks weren’t even likely to
happen because supply chains weren’t connected to the internet. But
now that they are, supply chains need to be secured properly.

The introduction of new technology around software supply chains
means there are likely security holes that have yet to be
identified, but are essential to uncover in order to protect your
organization in 2023.

If you’ve introduced new software supply chains to your
technology stack^[2], or plan to do so
sometime in the next year, then you must integrate updated
cybersecurity configurations. Employ people and processes that have
experience with digital supply chains to ensure that security
measures are implemented correctly.

Mobile-specific cyber threats are on-the-rise

It should come as no surprise that with the increased use of
smartphones in the workplace, mobile devices are becoming a greater
target for cyber-attack. In fact, cyber-crimes involving mobile
devices have increased by 22% in the last year, according to the
Verizon Mobile Security Index (MSI)
2022^[3] with no signs of slowing
down in advance of the new year.

As hackers hone in on mobile devices, SMS-based authentication
has inevitably become less secure. Even the seemingly most secure
companies can be vulnerable to mobile device hacks. Case in point,
several major companies, including Uber^[4]
and Okta^[5]
were impacted by security breaches involving one-time passcodes in
the past year alone.

This calls for the need to move away from relying on SMS-based
authentication, and instead to multifactor authentication (MFA)
that is more secure. This could include an authenticator app that
uses time-sensitive tokens, or more direct authenticators that are
hardware or device-based.

Organizations need to take extra precautions to prevent attacks
that begin with the frontline by implementing software that helps
verify user identity. According to the World Economic Forum’s
2022 Global Risks Report^[6], 95% of cybersecurity
incidents are due to human error. This fact alone emphasizes the
need for a software procedure that decreases the chance of human
error when it comes to verification. Implementing a tool like
Specops’ Secure Service Desk^[7] helps reduce
vulnerabilities from socially engineered attacks that are targeting
the help desk, enabling a secure user verification at the service
desk without the risk of human error.

Double down on cloud security

As more companies opt for cloud-based activities, cloud
security—any technology, policy, or service that protects
information stored in the cloud—should be a top priority in 2023
and beyond. Cyber criminals become more sophisticated and evolve
their tactics as technologies evolve, which means cloud security is
essential as you rely on it more frequently in your
organization.

The most reliable safeguard against cloud-based cybercrime is
a zero trust philosophy.^[8]
The main principle behind zero trust is to automatically verify
everything—and essentially not trust anyone without some type of
authorization or inspection. This security measure is critical when
it comes to protecting data and infrastructure stored in the cloud
from threats.

Ransomware-as-a-Service is here to stay

Ransomware attacks continue to increase at an alarming rate.
Data from Verizon discovered a 13% increase in ransomware
breaches^[9] year-over-year.
Ransomware attacks have also become increasingly targeted — sectors
such as healthcare and food and
agriculture^[10] are just the latest
industries to be victims, according to the FBI.

With the rise in ransomware threats comes the increased use of
Ransomware-as-a-Service (RaaS). This growing phenomenon is when ransomware
criminals lease out their infrastructure^[11] to other cybercriminals
or groups. RaaS kits make it even easier for threat actors to
deploy their attacks quickly and affordably, which is a dangerous
combination to combat for anyone leading the cybersecurity
protocols and procedures. To increase protection against threat
actors who use RaaS, enlist the help of your end-users.

End-users are your organization’s frontline against ransomware
attacks, but they need the proper training to ensure they’re
protected. Make sure your cybersecurity procedures are clearly
documented and regularly practiced so users can stay aware and
vigilant against security breaches. Employing backup measures like
password policy software^[12], MFA whenever possible,
and email-security tools^[13] in your organization
can also mitigate the onus on end-user cybersecurity.

Data privacy laws are getting stricter—get ready

We can’t talk about cybersecurity in 2023 without mentioning
data privacy laws. With new data privacy laws set to go into effect in several states^[14] over the next year, now
is the time to assess your current procedures and systems to make
sure they comply. These new state-specific laws are just the
beginning; companies would be wise to review their compliance as
more states are likely to develop new privacy laws in the years to
come.

Data privacy laws often require changes to how companies store
and processing data, and implementing these new changes might open
you up to additional risk if they are not implemented carefully.
Ensure your organization is in adherence to proper cyber security
protocols, including zero trust, as mentioned above.