22 Nov 2022

The cyber game is now an entire underground economy wrapped around cyberattacks. Thanks to increased international friction and the activity of groups such as Lapsus$, cybercriminals have upped the ante on cybercrime in order to turn a profit. Atakama the pioneer in multifactor encryption outlines its top cybersecurity predictions for 2023, compiled from its CEO, Daniel H. Gallancy, and team of experts.

IoT blends with shadow IT to make a security headache - With 43 billion devices connected to the internet in 2023, attackers have no shortage of targets. Although IoT devices can provide productive capabilities in commercial environments, risks abound. Manufacturers prioritise convenience and consumer-like appeal over security fundamentals. Unsurprisingly, devices are often deployed with weak or default credentials.

Organised security platforms

To make matters worse, IoT has proliferated within shadow IT systems, leaving already-weakly-protected cameras, microphones, and sensors well outside the control of organised security platforms. Even within a strong perimeter, a poorly configured IoT device is bad news. Susceptibility increases many fold when the same poorly configured IoT device is within a shadow IT system.

Double extortion attacks, pack an even greater punch by encrypting sensitive and proprietary data

Rise in sophisticated ransomware attacks put data exfiltration in the spotlight - The rising prevalence and sophistication of attacks targeting sensitive data will continue to plague organisations into 2023 and beyond.

Double extortion attacks, pack an even greater punch by encrypting sensitive and proprietary data, hold it for ransom, and worse, publish the data on the dark web unless organisations cough up the cash. As the Verizon 2022 Data Breach Investigations Report says: “There are now more ways for attackers to monetise data.”

Targeting complex infrastructures

These attacks will increase as cyber criminals find it relatively easy to breach organisations’ defences, and cash out. In response, organisations will need to look beyond conventional data protection practices toward technologies that protect data at the source, such as multifactor encryption to render files useless to threat-actors who will not be able to access the data, whether it is still inside the security perimeter or successfully exfiltrated.

DevSecOps goes up a notch - Securing developer environments will become one of the most critical components to achieving optimal security for organisations in 2023. Count on highly elaborate cyberthreats targeting these complex infrastructures, as seen with the success of the SolarWinds attack, which continues to inspire malicious actors because application development is such a rich target. Inserting a few lines of malicious code can potentially open up thousands of entities in the supply chain of partners and customers.

Critical business necessity

Heightened DevSecOps practices in line with zero trust architectures

Heightened DevSecOps practices in line with zero trust architectures and advanced encryption solutions will become more common as organisations realise these approaches are a critical business necessity.

People will continue to be the weakest link in cyber teams’ security chain - Sad to say, people will remain the main source of cybersecurity risk in any organisation. Despite all the training, employees are still likely to provide threat actors with an entry point through social engineering, phishing or lapses that include sharing of passwords and log-in credentials. The Verizon 2022 report found the 'human element' was a 'key driver' in 82 percent of data breaches.

Zero trust strategies

Insider threats from corrupt employees or individuals bearing a grudge will continue to be a serious concern. Threats from employees at partner organisations and third-party suppliers will require continued vigilance and increased implementation of zero trust strategies.

More awareness of CISO liabilities - This year’s Uber data breach conviction will focus many minds on the C-suite that the CISO role is one that carries significant ethical responsibilities. Cybersecurity, like many other professions, has a code of ethics that’s expected of its practitioners. Individuals entrusted with the security and privacy of data, must behave ethically.

More advanced solutions

Everyone knows that the cybersecurity landscape is not always a level playing field

Everyone knows that the cybersecurity landscape is not always a level playing field and even the most ethical and highly technical cybersecurity teams cannot prevent the most determined attackers. 2023 may prove to be a more volatile year for CISO’s as they deal with the pressures of maintaining a ridged security posture, while also dodging the bullet of blame when attacks are successful.

They are likely to rely on degrees in information security disciplines and a wide range of professional certifications such as CISSP. What’s important is for CISOs constantly to update their knowledge because it is not just the threats that will develop, solutions will too, and they need to keep up-to-date.

Daniel H. Gallancy, CEO and Co-Founder of Atakama adds: “Cyberthreats will continue to proliferate in number and grow in sophistication throughout 2023. While basic security practices will prevent many breaches, organisations are going to need more advanced solutions to protect themselves from the devastating consequences of a successful attack.”