Opinions expressed by Entrepreneur contributors are their own.
This time last year, I reviewed the cybersecurity landscape around the world and predicted a year ahead involving advanced threats against home users, the continual growth of ransomware and gaming as a growing attack vector. Looking back over 2022, we indeed saw those predictions play out.
For 2023, we can expect the continued trends of attacks against consumers and remote employees, like phishing and social engineering attacks, including email and SMS scams, which are commonly used to exploit individuals. Trojan viruses, sophisticated malware and new attack vectors will be highly prevalent in 2023, including novel threats such as the Metaverse Attack vector dubbed “Big Brother” discovered by RAV Researchers.
With all this in mind, what else can we expect for 2023?
1. Phishing and social engineering
Unfortunately, humans are still the weakest link in the cybersecurity chain. Home users remain the easiest targets as AV providers are focused on securing enterprise dollars for their services. Phishing and social engineering scams will become more sophisticated as they continue into 2023, and cyber criminals employ more complex technologies such as deep fakes.
Continued use of email phishing is to be expected, with Office Documents that hide macro code still being used as vectors to lure users to run the malicious code in emails. Other means of deploying scams, such as SMS and social media platforms — be it affiliate links, clickbait or credentials pages that attempt to steal your password information — are all likely to continue.
Raising awareness for online users is our best leverage to stop these phishing attempts from being successful. Taking note of simple telltale signs such as misspelling of words, the incorrect use of URLs and completely irrelevant messaging can make all the difference.
Related: The Emerging Cybersecurity Trends In 2023
2. RaaS and CaaS
Ransomware-as-a-Service (RaaS) and overall Cybercrime-as-a-Service (CaaS) are on the rise. Data breaches are to be expected, as data is still seen as profitable barter on the Dark Web. These services are becoming more commonplace as cyber warfare persists. As the motivations behind cybercrime move from profit-related to geopolitical, the nature of the Dark Web is changing. Worryingly, cyber-criminal groups can now use the malware they trade on these platforms to go after more sensitive computing systems connected to critical infrastructure and government services of other nation-states.
3. Online user demographics
Cyber victims are becoming increasingly younger. We will see the continued targeting of unsecured consumers such as tweens and teens, who are highly connected, starting to use crypto and buying into the metaverse and other digital assets. Likewise, criminals themselves are getting younger. Cybercrime activity by teens and young adults now covers everything from large-scale attacks on enterprises and governments to low-level crimes that target families, friends and strangers. Hacktivism will also be fueled by cyber use — the younger generation can use their cyber skills to show their discontent in ways the past generation didn’t have access to or the ability to do.
Related: A Business Leader’s Beginner Guide to Cybersecurity
4. Bypassing 2FA
Cracking and bypassing two-factor authentication (2FA) is on the rise and will be exploited more and more in the coming year. It’s likely that in the future, we may move on to three or even four-factor authentication. As the technology to crack multi-factor authentication continues to mount up, more and more companies may opt to use biometric authentication.
5. Next-generation threats
As next-generation technologies, such as virtual reality, make it into the mainstream, we will see the continued deployment of next-generation threats. Whether or not the allure of the metaverse and augmented realities makes it into 2023 remains to be seen — but as ever, new vectors offer new opportunities and broader attack surfaces.
Related: 4 Major Cybersecurity Risks of Working From Home
What can we do?
Despite ongoing cybersecurity concerns, there’s sometimes a distinct lack of action. For example, 12 months after the Log4J hack, the CISA and FBI agencies are concerned that many companies have still not applied updates, despite their security alerts warning that if organizations haven’t yet patched or mitigated Log4j vulnerabilities, they should assume their network is compromised and act accordingly.
Organizations and individuals alike need to shift their cybersecurity strategies to a more holistic approach. Log4J is a great example of why cybersecurity companies shouldn’t rest on their laurels. Experts have warned that threat actors are perfectly capable of playing the long game; even if a disaster hasn’t struck yet. Unless you are fully prepared, it still can.
As with all aspects of technology, cybersecurity is fast-paced and ever-evolving. Security companies need to constantly mitigate threats, deploying the best cybersecurity available for their users. One thing is certain in 2023: More hacks are coming our way. Cybercriminals will be spending the year ahead fine-tuning their methods. The question is whether the defense can keep up.
