Stu Sjouwerman says KnowBeFour Co., Ltd.security awareness training and simulated phishing platforms.
Predicting the future is not easy, but careful analysis of the future of attack vectors and technologies can give us an idea of where we are headed. For an effective cybersecurity program, an organization must first understand how the overall threat landscape is evolving. Below are the key cybersecurity trends and predictions organizations can expect in his 2023.
1. Social media fraud creates a new social engineering battlefield
Adversaries and state-sponsored attackers leverage social engineering techniques as the first step (initial access vector) in large-scale campaigns to compromise systems, spread ransomware, or steal sensitive information. doing. As social media commerce and marketplaces continue to grow, they increasingly rely on metrics of trust such as personal and business account connections, number of followers, whether an account is verified, and how long an account has been active. and are more susceptible to influence. to fraud and cyberattacks.
The numbers show an alarming trend. In 2017, about 5,000 people were scammed out of his $42 million. By 2021, about 100,000 people reported being scammed, and in total he was paid $770 million. A security expert rated social engineering his 2022 “most dangerous” threat.
2. A devastating attack on critical infrastructure
Critical infrastructure has always been a prime target for cybercriminals and state-sponsored attackers. Given the war between Russia and Ukraine, cyberattacks and threats are growing exponentially. Nearly 90% of all critical infrastructure in the US is believed to have been affected by successful ransomware attacks in 2021. And most CISOs (nearly 80%) believe the world is in a “perpetual state” of cyber warfare.
With inflation and rising costs of living, the world could witness digital civil disobedience in the form of hacktivism. This is about attacking your own government and infrastructure as a way for citizens to protest.
3. Deepfake attacks become more convincing
The rise of deepfakes (artificially manipulated audio, video, and images) as tools to build a layer of trust for fraud and social engineering attacks will grow exponentially. The maturity of deepfake technology is convincing enough to fool most unsuspecting people.
Deepfakes are a relatively new form of attack, and most organizations are unaware of the dangers that deepfakes present, so they are doing nothing to train their employees on the issue. creates a great risk that can cause a great deal of damage to A recent study found that deepfake content is up more than 400% year-over-year, and attacks involving forged audio and video are also on the rise. Europol reveals that deepfake technology could become a key tool for cybercriminals.
4. New Threats Appearing in the Metaverse
The Metaverse has been garnering a lot of hype lately, with well-known brands announcing their entry into several major virtual worlds. , attackers will find ways to hijack identities and extract or steal sensitive data. Once metaverse interactions are recorded on the blockchain, extortionists and cybercriminals can track them, leading to highly sophisticated and targeted fraudulent activities. Interpol believes the Metaverse opens new avenues for cybercrime.
5. Organizations shift focus to creating a culture of security
Not all will be pessimistic in 2023. His recent ClubCISO survey found that the shift to remote and hybrid work has had a positive effect on employee attitudes toward security. The research shows that a good security culture is the norm for organizations that have undergone ongoing security awareness training.
Organizations recognize that 95% of cybersecurity breaches are caused by humans, emphasizing the importance of having a robust security culture in place. A strong security culture reduces the risk of attacks and enables employees to operate as the last line of defense. A majority of tech CEOs (87%) believe a strong security culture is as important as technology controls.
As we enter 2023, it’s important that organizations don’t put cybersecurity on the back burner. Attackers are opportunistic and thrive in uncertain times. Perhaps the most important step organizations can take in 2023 is to cultivate a culture of awareness and establish a security foundation. Focus on those two things and you’ll be ready for the new year and beyond.
The Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. am i eligible?