As we approach the tail end of 2022, forward-looking predictions for cybersecurity threats companies will face in 2023 are coming in. Trends in threats include cybercriminals finding workarounds to some of the newest defense solutions, and, in some cases, fewer incidents but an increase in attack severity.
Here is an overview of the top cybersecurity threats— some already here and some coming soon — that businesses need to start defending against.
Ongoing threats like ransomware, social engineering, and malicious insiders remain ever-present. Plus, new dangers are continuing to emerge. Just as companies like LockBit are releasing solutions to the ongoing ransomware risk, research shows that “the vulnerabilities have reduced in quantity while increasing in severity,” according to Intel 471 in a new cybersecurity report.
Also, threat actors are turning to OTP bypass services to circumvent popular layers of security protection, like multi-factor authentication. “This area of the underground ecosystem will likely grow as demand increases for these services in the future,” added Intel 471.
The Russian invasion of Ukraine has exacerbated cybercrimes by further polarizing the underground, according to Analytic Insights. “The most prolific threat to date has been KillNet, a pro-Russian group that gained notoriety through orchestrating distributed denial of service (DDoS) attacks against pro-NATO countries and organizations.”
The rapid growth of cyber-physical systems, which include systems that combine the cyber and physical worlds in technologies like autonomous cars and digital twins, “pose another security risk for organizations. Cyber-attackers’ ability to target these systems is one of our most important predictors for the coming years,” said Krontech.
Perhaps even scarier is one of Garner’s eight predictions: By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties. “Security and risk management leaders should be more concerned about real-world hazards to humans and the environment, rather than just information theft.”
Cybersecurity best practices
With cyber threats at an all-time high and getting worse, what can organizations do to keep their systems more secure? Some of the best practices now include the following measures:
Track intelligence and adjust security practices
The Intel 471 Cyber Threat Report includes mitigation recommendations to help organizations detect potential threats, harden their security practices, and isolate their sensitive information to avoid becoming victim of new ransomware strains and malware.
“Just as threat actors and groups are adjusting their methods to remain resilient against new and emerging security measures, organizations should be staying abreast of key TTPs employed by adversaries and adjusting their security systems based on that intelligence to tackle new and refined ways of being compromised.”
Deploy user awareness training practices
Even with today’s most advanced protection, organizations remain vulnerable because of one key factor: human error. In other words, too often many cybersecurity actors break through companies’ defenses the easy way — they target unsuspecting employees such as through email phishing tactics. While educating employees has always been a valid strategy, many companies are expanding their efforts on this front with “user awareness” training practices.
According to Globe Newswire, “There is a growing move towards security awareness training as many cyber-attacks are preventable or caused by human error rather than a breakdown in digital security measures. Greater awareness of phishing and spoofing scams, improved password strength, and some basic cyber health advice could help to prevent a huge chunk of attacks in 2023.”
Address the threats created by remote working
Today’s organizations need to recognize that remote working has created a new threat to their cyber-safety — one that needs to be fully addressed through actions such as increased monitoring and vulnerability testing. Also, distributed workforces are the ideal scenario for deploying stronger user awareness practices.
Vulnerability scanning can be complex and time consuming but simplified by hiring a third-party specialist who can deploy powerful integrated vulnerability scanning and testing tools to do the heavy lifting.
Also, more organizations are aiming for a flexible security solution that includes deploying a variety of technologies in different locations. This “cyber safety net” can expand to include identities outside the traditional security perimeter and create a holistic view of the organization — including for remote working.
Future trends report
According to Gartner’s research, many organizations understand the severity of the threats they are facing today and are taking multiple actions. The company made the following predictions in its recent cybersecurity report:
- By 2024, 30% of enterprises will deploy cloud-based Secure Web Gateway, Cloud Access Security Brokers, Zero Trust Network Access, and Firewall as a Service.
- By 2025, 60% of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships.
- By 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified board member.
To stay on top of cybersecurity and other trends affecting the semiconductor industry, make sure you’re subscribed to our semiconductor blog.
