Stu Sjouwerman is the founder and CEO of KnowBe4 Inc., a security awareness training and simulated phishing platform.
getty
Predicting the future isn’t easy, but a careful analysis of attack vectors and the future of technology can give us a good idea of where we’re heading. For an effective cybersecurity program, organizations should first get a grip on how the overall threat environment is evolving. Below are key cybersecurity trends and predictions that organizations can expect in 2023.
1. Social Media Scams Give Rise To A New Social Engineering Battleground
Adversaries and state-sponsored attackers are leveraging social engineering techniques as a first step (initial access vector) in large-scale campaigns aimed at breaking into systems, spreading ransomware or stealing sensitive information. With ever-growing social media commerce and marketplaces, people are increasingly relying on indicators of trust, such as how many connections or followers a person or company account has, whether the account is verified and how long the account has been active, making them susceptible to scams and cyber attacks.
The numbers show an alarming trend. In 2017, around 5,000 people were scammed out of $42 million. By 2021, nearly 100,000 people reported being scammed for a total of $770 million. Security professionals rated social engineering the “most dangerous” threat in 2022.
2. Catastrophic Attacks On Critical Infrastructure
Critical infrastructure has always been a major target for cybercriminals and state-sponsored attackers. Given the Russia-Ukraine war, cyber attacks and threats have grown exponentially. Almost 90% of all U.S. critical infrastructure is believed to have been impacted by a successful ransomware attack in 2021. And most CISOs (nearly 80%) believe the world is now in a “perpetual state” of cyber warfare.
With inflation and the rising cost of living, the world may witness digital civil disobedience occurring in the form of hacktivism, where citizens attack their own government or infrastructure as a way to stage protests.
3. Deepfake Attacks Become More Convincing
The rise of deepfakes (synthetically manipulated audio, video and images) as a tool to build a layer of trust into scams and social engineering attacks will increase exponentially. The maturity level of deepfakes technology is convincing enough to trick most unsuspecting people.
A relatively newer form of attack technique, most organizations are unaware of the dangers deepfakes present and therefore do nothing to train employees on the matter. This situation creates an enormous risk that may cost them dearly in 2023. Per recent research, deepfake content is growing more than 400% year on year, and attacks involving fabricated audio and video are also growing. Europol revealed that deepfake technology could soon become a staple tool for cybercriminals.
4. New Threats Emerge With The Metaverse
The metaverse has attracted a lot of hype lately, with well-known brands announcing entry into several leading virtual worlds. While this technology opens up opportunities for social interaction, gaming and commerce, attackers will find a way to hijack identities and extract or steal sensitive data. If a metaverse interaction is recorded on the blockchain, extortionists and cybercriminals can follow it, leading to a highly sophisticated and targeted scamming attempt. Interpol believes the metaverse will pave new roads to cybercrime.
5. Organizations Shift Their Focus On Creating A Culture Of Security
Not everything will be doom and gloom in 2023. A recent ClubCISO survey shows that the transformation to remote and hybrid work has had a positive effect on employee attitudes toward security. The research indicates a good security culture has become the norm for organizations that have received ongoing security awareness training.
Organizations are realizing that human-related causes are responsible for 95% of cybersecurity breaches, emphasizing the importance of having a robust security culture in place. A strong security culture reduces the risk of attacks and operationalizes employees as the last line of defense. A majority (87%) of tech CEOs believe a strong security culture is just as important as technological controls.
As we enter 2023, it’s important that organizations not relegate cybersecurity to the back burner. Threat actors are opportunistic and thrive in times of uncertainty. Perhaps the most important step any organization can take in 2023 is fostering a culture of awareness and establishing a security foundation. If they focus on doing these two things, they will be much better prepared for the new year and beyond.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Follow me on Twitter or LinkedIn. Check out my website.