Cyberattacks will become even more prevalent this year, predict experts, with attackers not only going after cloud hosting services but also hacking the Metaverse. We talk to seven experts about their cybersecurity predictions in 2023
This year, $188.3bn is expected to be spent on cybersecurity worldwide, according to Gartner, with the average cost of a data breach expected to reach $5m this year, according to cybersecurity vendor Acronis.
And the surge in cyberattacks in the final three months of last year made 2022 the worst year on record for malicious online activity against UK businesses, according to business ISP Beaming. On average, UK companies experienced 687,489 online attempts to breach their systems in 2022 – the equivalent of one every 46 seconds.
Cybersecurity predictions for 2023
Our experts look into their crystal ball and make cybersecurity predictions for 2023, a year in which increasingly dusty multi-factor authentication tools such as passwords and texted codes fall out of favour and the Metaverse itself comes under attack.
Cyber-attackers target cloud service providers
Cloud service providers are growing in size, data and influence, making them prime targets for cyberattacks. Andrew Shikiar, executive director of FIDO Alliance, thinks that we’ll see a lot more high-profile, sophisticated attacks which bypass legacy multi-factor authentication (MFA) in 2023. Cloudflare and Twilio shared their experiences last year of being attacked as part of the 0ktapus hack, with employees targeted via SMS and attackers circumventing one-time password (OTP) codes.
2023 could be the year ‘the world is held to ransom’…
Adrian Nish, head of cyber at BAE Systems Digital Intelligence, is even more downbeat, predicting that 2023 could be the year that the whole world is held to ransom. “Today’s ransomware criminals are getting bolder, homing in on large organisations which deliver critical value to society,” he says. “As this landscape evolves, it is not outside the realm of possibility that 2023 could be the year that cyber criminals hold ‘the whole world to ransom’ – from exploiting flaws in widely used operating systems, to supply chain attacks in software used globally, to targeting international critical national infrastructure.”
…and the metaverse will be held to ransom too
Not only the world but the metaverse could be held to ransom. ‘Metaverse’ may seem like a buzzword or a kiddie virtual world confined to kids playing Roblox, but the B2B metaverse market – which encompasses things like industrial and manufacturing use cases as well as business meetings – is valued at around $39bn. Andrew Shikiar, executive director of FIDO Alliance, predicts the metaverse will become a growing target for hackers, with MFA becoming a stronger imperative as attacks increase in volume and sophistication.
Audio impersonation attacks increase
As artificial intelligence voice cloning technology becomes more powerful and readily available, Kiri Addison, senior product manager, threat detection & efficacy, Mimecast, believes will see an increase in impersonation attacks utilising audio deepfakes. These will be combined with compromised email and collaboration accounts.
Attackers focus on vulnerable supply chain
As incidents like the blocking of the Suez Canal have demonstrated, a disruption at one key point in the world’s supply chain can ripple throughout the global economy. With 80 per cent of all world trade touching a ship at some point, it is fertile ground for seeding havoc. By targeting vulnerable points on the supply chain with weak cybersecurity, attackers know they can create enough pressure to get high payouts in record time. Industries such as transportation and shipping are particularly vulnerable, predicts Ian Bramson, global head of industrial cybersecurity, ABS Group.
Organisations shift focus to data security
The last few years have been focused on infrastructure velocity with the cloud, infrastructure as code, and the shift-left mantra. Tooling has been introduced to provide cloud posture management and attack surface monitoring in these high-velocity contexts. In 2023, leaders will turn a strengthened focus up the stack into data movement, provenance, health, and governance driven by an increasing focus on data sovereignty and upcoming data regulations and frameworks such as the European Health Data Space, predicts Nick Vigier, CISO at Talend.
Insurers refuse to cover state-sponsored cyberattacks
Lloyd’s of London will no longer cover losses from state-sponsored cyberattacks from March this year. This will leave many businesses exposed, says James Muir, threat intelligence research lead at BAE Systems Digital Intelligence. This could mean the Government having to be more cautious in attributing cyberattacks to state entities. “All of these factors combined means that if a NotPetya style incident were to occur, the repercussions could be severe,” says Muir.
Niche cybersecurity vendors will consolidate
Niche cybersecurity vendors will consolidate as the free-money ethos of the past few years evaporates as the recession bites. Those still standing will the ones who can offer holistic start-to-end security solutions, says Nick Vigier, CISO at Talend. “Gone are the days of individual point solutions with practitioners left to put the pieces of the puzzle together,” warns Vigier.
SMS-based security falls out of favour
Smishing – or SMS-based phishing attacks – has grown massively in the second half of 2022 and these attacks may become even harder to spot as attackers refine their techniques. More personal data available online, plus smarter AI and data scraping tools, are going to make these attacks more convincing and trick even those who think they’re clued up.
Being sent OTP text messages as part of multi-factor authentication will be seen as not fit for purpose once organisations understand how hackable they are, says Andrew Shikiar, executive director of FIDO Alliance. In the last 12 months, there’s been a huge increase in hacker toolkits becoming available on the dark web, which make bypassing SMS-based MFA cheap and trivial. “SMS-based MFA has been an easy check-box for security compliance for the likes of banks and retailers under tight regulation like PSD2, but that can and should change,” predicts Shikiar.
Moving away from passwords
Along with text messages for MFA, companies will move away from being reliant on difficult-to-remember and easy-to-smash passwords for MFA during this year, says Rebecca Harper, head of cybersecurity analysis at ISMS.online. “A password-less approach will benefit organisations and customers alike,” says Harper. “Eliminating the risk of password breaches and credential stuffing attacks will boost organisational security, while not having to spend hours resetting forgotten passwords and usernames will improve the user experience.”
CISO starts thinking like the C-suite
This year will see chief information security officers or CISOs start to think more like other C-suite executives, so not just how much protecting the organisation from ransomware attacks or malicious damage, but how they have influenced deal size, accelerated product releases or come up with new lines of business, says Nick Vigier, CISO at Talend.
Business and tech leadership predictions 2023 – Leadership of business and tech is set to continue evolving in line with customer and workforce needs. Here are six expert predictions for what 2023 will hold
Artificial intelligence predictions 2023 – 2023 could be the year that artificial intelligence moves from the fringes into the mainstream, as AI becomes widely adopted by healthcare, travel and banking. Five experts give their predictions