Cyber security trends to watch out for in 2023

Cybercriminals never rest.

And their opportunities to infiltrate and compromise your organisation’s applications, data, and resources have never been greater.

2022 has seen a rise in malware and ransomware attacks. Social engineering has grown in complexity. Hospitals and other critical infrastructure are now falling prey to cyber attacks.

2023 is going to see a continuation and expansion of these trends. Let’s explore these in a little more depth and keep you ahead of the game.

The cyber trends that will shape 2023

Malware

Malware (and in particular ransomware) has been a scourge of 2022. Russian based cyber attacks were launched on Costa Rica’s Ministry of Finance.

With a managed service provider (MSP) for the NHS also falling victim to a ransomware attack, it’s clear that no target is safe.

Maintaining good digital hygiene should be a critical first line of defence.

Robust mail filtering, enabling multi-factor authentication (MFA) at all vulnerable access points, and installing security updates promptly can go a long way in protecting against the most common attacks.

Yet, it’s also clear that a mass change in attitude and adoption of zero-trust principles is sorely needed. We’ll see that this is going to become a recurring theme.

Increasing attacks on critical infrastructure

The war in Ukraine has been a visible example of a growth in critical infrastructure attack.

Russia has attacked Ukraine’s banks, power grids, and internet infrastructure for years. Now, the conflict has become physical, and Ukrainian government and military systems are targets for Russian cyber weapons.

Any government looking to protect critical infrastructure should implement a zero trust policy. They should also double down on their security fundamentals. Segmenting or air-gapping their network adds even more security.

And don’t forget the importance of good physical security.

It’s all well and good having a network locked down tighter than Fort Knox, but that water company field office is a physical location.

If anyone can get into it, then anyone can get into the systems it’s connected to.

The increasing importance of identity and access

Identity remains the starting point and the last word of an organisation’s security.

It’s still the most common attack vector. Compromised identity is the easiest way in. Why throw brute force at a robust security system when you can use an employee’s identity and bypass it?

Wherever there’s a way into the company, there should be a check verifying the identity of the person or workload trying to gain access.

It will also come as no surprise that implementing zero trust policies should form the backbone of your security, identity, and access.

Social engineering

The human element is the weakest link in the identity security chain.

For example, MFA is incredibly secure, but it can be bypassed by spamming multiple MFA requests, until you absent-mindedly approve one.

Congratulations, you’ve just let a villain into your system!

Organisations should also be cognisant of other forms of social engineering. These can take the form of spam and phishing emails. Also, be wary of volunteering too much personal information on social media sites.

Employees need training in social engineering. This includes how they could be vulnerable to it and how threat actors might manipulate them into willingly giving away identity credentials.

Again, implementing a zero trust (there’s that phrase again!) mindset is crucial to successfully resisting most social engineering attempts.

Sarah Armstrong Smith, Microsoft’s Chief Security Advisor tells us more about the threats we should be aware of in the following video:

Complex attacks

The more robust we make security measures, the more cybercriminals develop creative ways to get around them.

Hacking is now a multibillion-dollar enterprise. Hacking groups have large institutional hierarchies and R&D budgets.

Attacks have been growing in complexity and sophistication, and attackers now use advanced tools, such as artificial intelligence, machine learning, and automation.

The same tools used to keep us safe.

Worse still, all of the familiar threats in the digital landscape are still there, including malware and phishing.

But now, with the benefits of new technologies, they’re becoming more complex and more targeted.

This problem is exacerbated by the cyber skills gap in the workforce. If you can’t hire the right people, with the right skills, how are you going to manage?

Working with local universities is really important. Not just for scoping upcoming talent, but also supporting them in ensuring their cyber-based courses are industry relevant. Organisations can have input into those through lunch-and-learn events and guest lectures.

While it’s worrying that the very tools we turned to for protection have been turned against us; utilised correctly, these tools are still the best defence against attackers.

For everything else, it comes down to practicing good digital hygiene, and yes, you guessed it: implementing a zero trust framework and policies.

Conclusion

2023 is going to see a continuation of the trends we’ve already seen in 2022. But those trends will become more pronounced. Malware continues to be a scourge, but it’s now more sophisticated. And threat actors are not above using it to attack once sacred critical infrastructure.

With attacks becoming more complex, we can see that it’s going to be an escalating arms race of machine learning and AI tools attacking and repelling each other.

More than anything, identity, and attempts to compromise it – or bypass it all together with social engineering – will be the biggest battlegrounds for any organisation looking to keep themselves safe.

Keeping identity protected and verified at every stage of an interaction not only keeps you safe, it keeps your organisation safe. It’s the most common route of attack, and that’s why so much effort has been put into attacking it in 2022.

Expect more of the same in 2023.

Key takeaways

Next steps

Like this? Don’t forget to share.