The 21st century is an era of digital disruption, also labelled Fourth Industrial era. We have experienced advancement in technologies at a pace never seen before, and this trend still continues.
Below are a few technologies along with their associated risks that are expected to be the focus for security professionals, keeping them engaged in 2023.
India has more than 800 million smartphone users and this number is expected to cross the 1 billion mark by 2026 as per Deloitte's 2022 Global TMT (Technology, Media and Entertainment, Telecom) predictions. Similarly, at a global level, the number of smartphones currently, is more than 6 billion.
Mobile banking and digital payments have penetrated the remotest areas of the globe. There are no defined network boundaries, and anyone can share files, photos, videos, money anytime to designated recipients. With this there is a risk, now more than ever, of interception of these transactions, Man-in-the-middle attack and phishing scams. Governments and organizations around the globe are spreading awareness around the modus operandi of Phishing scams to prevent masses from falling prey to fraudsters.
A smartphone's virus or malware may capture the attention of cybersecurity in 2023.
Automobile companies are re-inventing vehicles features and coming up with new additions and modifications such as cruise control, engine timing, door lock, airbags and advanced systems for driver assistance. All of these have a software element to it, connecting mostly through Wi-Fi and Bluetooth. Also, these features have to be available at the click of a button to ensure each of these vehicles comes out tops in convenience and usability. This significantly increases attack surface area for potential hackers.
Gaining control of the vehicle or using microphones for eavesdropping is expected to rise in 2023 with more use of automated vehicles. Self-driving or autonomous vehicles use an even more complex mechanism that requires strict cybersecurity measures.
Another important advancement in technology which no one can ignore is IoT and 5G network. These are no longer only buzz words but are getting ingrained in networks across industries.
In 2020, 61% of companies were using IoT, and this percentage only continues to increase. With the expansion of IoT, security risks also grow, particularly with the advent of 5G telecommunications. IoT vendors are notorious for implementing little to no security on their devices, a risk that can be mitigated through holistic vetting of IoT vendors upfront.
IoT and 5G are enabling organizations to scale up at a pace never experienced before and security teams will have to perform mammoth task to catch up with this pace.
With IoT, multiple devices interact with each other opening them to vulnerabilities to hijackers who are looking for opportunities to invade the network. 5G architecture is comparatively new in the industry and requires a lot of research to find loopholes to make the system secure from external attack. Hence, manufacturers need to be very strict in building sophisticated 5G hardware and software to control data breaches.
An IBM 2022 study found that 35% of companies were using AI in their business. Artificial intelligence is going to open up new possibilities for companies in every industry. Unfortunately, same is true for bad actors looking for new ways to exploit AI.
ML on top of AI has opened up a plethora of opportunities for attack vectors to by-pass conventional security controls. AI and ML have been paramount in building automated security systems, natural language processing, face detection, and automatic threat detection. At the same time, it is also being used to develop more sophisticated threats such as Polymorphic Malware. For this reason, security vendors have also joined the race to upgrade all possible solutions so that they are always one step ahead of their counterparts. Security controls embedded with AI are very useful to identify Zero-day attacks and help security teams to nip it in the bud.
AI and ML can help security professionals to identify latest attacks, draw key inferences and pass on that information to concerned teams. This becomes more important due to shortage of skilled cybersecurity workers and growing attack surface.
“There were 5 exabytes of information created between the dawn of civilization through 2003, but that much information is now created every 2 days.” – Eric Schmidt
This was the statement from Google CEO in a conference he attended more than a decade ago.
Properly cleansed, sorted and valuable data is nothing less than a goldmine for businesses today. Safeguarding such data is of utmost importance for Individuals or organizations to create value as well as to adhere to compliance regulations.
Cost of a Data Breach Report, 83% of organizations studied have had more than one data breach with USD 4.35 million average total cost of a data breach.
Any minor flaw or bug in system browser or software is a potential vulnerability for hackers to access personal information. General Data Protection Regulation (GDPR) was enforced from 2018 onwards, offering data protection and privacy for individuals in the European Union(EU). Similarly, the California Consumer Privacy Act (CCPA) was applied after January 1st, 2020, for safeguarding consumer rights in the California area. We will continue to see such regulations getting enforced in future to protect against data breaches.
Cloud is not new in today’s IT industry. There are multiple players in the Cloud market which offer PaaS, IaaS and SaaS to its customers. These offerings are already mature and equipped with security features.
It is not the cloud itself that is potentially vulnerable but how it is being adopted by new customers, its setting in hybrid environments and how users are accessing their applications in cloud. It's the user end that acts as a significant source for errors, malicious software, and phishing attacks.
There are already dedicated solutions to monitor cloud security posture such as CSPM, CASB and CWPP. These are expected to be the centre of attraction in 2023.
Ransomware cases are not about to disappear anytime soon. Hackers don’t shy away from targeting even the most sophisticated and robust networks in hope of getting large amounts of money. As per a report from IBM, average cost of ransom attacks was USD 4.54 million in 2022, not including the cost of the ransom itself.
Developed nations' industries rely heavily on specific software to run their daily activities. These ransomware targets are more focussed such as the Wanna Cry attack on the National Health Service hospitals in England. Scotland corrupted more than 70,000 medical devices. Another recent example is the attack on AIIMS network in New Delhi where 11,500 systems were scanned interrupting operations for 2 weeks.
Although generally, ransomware threatens to publish the victim's data unless a ransom is paid, it is still a huge threat affecting large organizations or nations too.
The traditional way of impersonating someone and sending harmful clickable links is outdated. With advancement in Anti-Phishing techniques, hackers have also enhanced their game.
In 2023 we will see an increase in numbers of well-crafted clever phishing mails which will include:
Use of additional steps: Attackers make phishing mails look more realistic by adding additional steps. They will disguise it as a survey for an item you ordered. And due to the fact that they use an actual survey tool, the domain ID is unlikely to raise suspicion. Built-in e-mail composer in the survey tool also helps reduce grammatical errors which makes the mail look even more reliable and authentic.
Personalized phishing: A fake sender lifts someone’s title from social media, usually LinkedIn, and creates a personalized phishing site with the end user’s domain. The attacker has a generic template and then customizes it for each recipient’s individual and company identity.
Voicemail and Images: Legacy Anti-Phishing controls can easily detect suspicious links. That is the reason, scamsters are shifting towards fake voicemail and images to pass through secure E-mail gateways.
These cybersecurity trends in 2023 are bound to instil more fear in organizations forcing them to boost their security measures. This fear is justified as with advancement in technology, number of unknown risks, vulnerabilities and attacks are bound to increase. It is expected that organizations will spend more than ever ( $100+ billion) on protecting their assets alone this year.
With infrastructure security becoming a significant part of almost every organization today, it would be a good idea for them to strengthen cybersecurity expertise today to become experts for tomorrow.