By Isla Sibanda, an ethical hacker and cyber security specialist based out of Pretoria. For over twelve years, she’s worked as a cyber security analyst and penetration testing specialist for several major companies – including Standard Bank Group, CipherWave, and Axxess.
Social engineering scams target roughly one hundred million people annually, resulting in astronomical amounts of money falling into the hands of cyber criminals, and leaving innocent people and businesses with less money in their accounts.
DeepFakes (synthetically manipulated audio, video, and images) have become so realistic that even the most cynical of web users are unable to tell the difference between real and fake content. Meanwhile, new technology, such as the Metaverse, is also presenting new opportunities for cyber criminals, in addition to their pursuit of some of the more tried and tested cyber attacks, like phishing scams.
The large number of potential scams that a person or organization can fall victim to is certainly worrying, meaning even greater importance needs to be placed on cyber security in 2023 than ever before. People also need to keep track of what signs to look out for. This is why I have outlined seven likely scenarios for how cyber security will change in 2023, helping you stay one step ahead of the criminals.
7 Cyber security scenario predictions for 2023
2023 is likely to be a huge year for cyber security, with the significant investment needed to keep organizations safe. This becomes even more challenging in the face of the global economic crisis, which will likely present more vulnerabilities for hackers to exploit. Here are seven cyber security scenarios that are likely to occur in 2023.
1. Social engineering scams will show no sign of slowing
The rise in state-sponsored cyber attackers, particularly Russian cyber attacks on Ukraine, will see social engineering methods leveraged as an initial access vector, as attackers aim to breach large-scale systems.
The risk of such attacks has increased due to the popularity of social media marketplaces and eCommerce. Individuals are likely to be targeted if they have a large follower base, are verified, or if the user has access to a targeted organization’s online social media accounts.
However, some attacks of this type are purely intended for quick financial gain. An example of this occurred on Facebook Marketplace, which has recently been subjected to the Zelle imposter scam.
Websites that accept payments and adhere to PCI compliance must also be extremely wary of such attacks, as the sites could be a prime target. The PCI requirements are a set of standards designed to ensure the encryption of online merchant processing and transactions. While ensuring PCI compliance does increase the security of your transactions, it’s also not 100% effective against hackers and doesn’t ensure that your transactions will never be subject to a data breach.
2. Critical infrastructure will be targeted
Again, state-sponsored attacks and cyber criminal groups are unlikely to cease in their attempts to target critical infrastructure. Attacks on critical infrastructure increased significantly last year due to the Russia-Ukraine war.
Experts believe that 90% of critical infrastructure in the U.S. was impacted by a ransomware attack in some way during 2021. Most Chief Information Security Officers (CISOs) also believe that cyber warfare is here to stay.
Growing inflation and challenges regarding the cost of living are also a factor, possibly resulting in more digital civil disobedience and ‘hacktivism’ – the act of civilians targeting their government as a form of protest.
3. Better DeepFake attacks
DeepFakes are expected to remain a prominent concern in 2023, an advanced AI tool that allows cyber criminals to build more trust so that they can successfully launch social engineering scams. Although DeepFakes is a relatively new technique, the level of sophistication of these audio, video, and image manipulation tools makes them extremely convincing.
Many organizations and businesses are still not aware of the existence of such technology, which is why researching the latest cyber security threats is essential in helping to educate employees about what to look out for.
Research shows that the use of DeepFakes grows by 400% year on year, with Europol claiming that DeepFakes will become a commonly used tool for many cyber criminals in the coming years.
4. Remote workers will expand the attack surface of networks
Remote working is here to stay, with many organizations, large and small, embracing the shift in working culture since the pandemic. However, remote working also creates more potential vulnerabilities, increasing the attack surface of a network.
Hybrid working models and the use of cloud environments require a rethink in terms of the security architecture of an organization, so that organizations can minimize the chances of an attack on remote users and on external devices. Organizations must work hard to protect their network perimeter, ensuring remote users do not present a weak link.
Another key concern regarding the hybrid cloud is ‘island hopping,’ which occurs when a hacker gains access to an organization’s infrastructure to target its customers. Using the remote desktop protocol, threat actors can disguise themselves as system administrators, allowing them to conduct a wide range of activities. The healthcare industry has been a key target for such attacks in recent years.
5. The Metaverse will result in new threats
Anyone who keeps an eye on the world of tech is sure to have heard of the Metaverse. The Metaverse is a virtual representation of the internet that makes use of virtual and augmented reality. Many top brands are already making major moves to gain a footing in this new virtual world.
The Metaverse is very exciting in terms of its potential for improved social interaction, gaming, and commerce, but it will also create new ways for cyber criminals to steal sensitive data and hijack online identities.
Metaverse interactions will be stored and recorded on the blockchain, which will potentially allow high-level cyber criminals to track user activity so they can build targeted scamming campaigns.
6. The role of artificial intelligence (AI)
AI will likely play a key role for both cyber security teams and cyber criminals. As AI technology continues to improve at an impressive rate, its capabilities are becoming almost endless, bringing both huge benefits and considerable risks.
In addition to DeepFakes, social engineering-based attacks will be strengthened by AI and machine learning, making it much faster to collect data on organizations and individuals. On the other hand, AI will allow network defenders to scan and detect threats quickly, improving response times should an attack take place. I think that AI will prove to be somewhat of a double-edged sword in terms of cyber crime.
7. Security culture will be a key focus for businesses
Finally, recent surveys show that most organizations are working hard to educate their employees and change attitudes towards cyber security, cultivating a strong security culture to help protect systems. After all, human error is often at the root of cyber attacks.
Ongoing security awareness training to spot possible fraud and keeping on top of new developments relating to the latest scams and vulnerabilities significantly reduces the risk of an attack. It ensures that your operational employees are working as informed, network defenders. Online banking scams are also a key concern, so it is always advised to look for business bank accounts with security features, such as multi-factor authentication apps, to keep business financial data safe.
In conclusion, cyber criminals are utilizing new AI technologies, such as DeepFakes, to launch social-engineering scams and are exploring vulnerabilities in the Metaverse. State-sponsored attacks on critical infrastructure also remain a concern, while the universal adoption of hybrid working models also increases the attack surface of organizations.
Fortunately, many organizations are making considerable efforts to improve and invest in cyber security measures, despite economic issues. Building a security culture within the workforce needs to be at the top of the agenda for executives, regardless of industry.
For more cyber security insights, please see CyberTalk.org’s past coverage. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.