Countering cybercrime is a constant game of cat and mouse. We’ve taken a look into the cyber trends you need to be aware of in 2023. Be the cat and not the mouse.
Cybercriminals never rest.
And their opportunities to infiltrate and compromise your organisation’s applications, data, and resources have never been greater.
2022 has seen a rise in malware and ransomware attacks. Social engineering has grown in complexity. Hospitals and other critical infrastructure are now falling prey to cyber attacks.
2023 is going to see a continuation and expansion of these trends. Let’s explore these in a little more depth and keep you ahead of the game.
The cyber trends that will shape 2023
Malware (and in particular ransomware) has been a scourge of 2022. Russian based cyber attacks were launched on Costa Rica’s Ministry of Finance.
With a managed service provider (MSP) for the NHS also falling victim to a ransomware attack, it’s clear that no target is safe.
Maintaining good digital hygiene should be a critical first line of defence.
Robust mail filtering, enabling multi-factor authentication (MFA) at all vulnerable access points, and installing security updates promptly can go a long way in protecting against the most common attacks.
Yet, it’s also clear that a mass change in attitude and adoption of zero-trust principles is sorely needed. We’ll see that this is going to become a recurring theme.
Increasing attacks on critical infrastructure
The war in Ukraine has been a visible example of a growth in critical infrastructure attack.
Russia has attacked Ukraine’s banks, power grids, and internet infrastructure for years. Now, the conflict has become physical, and Ukrainian government and military systems are targets for Russian cyber weapons.
Any government looking to protect critical infrastructure should implement a zero trust policy. They should also double down on their security fundamentals. Segmenting or air-gapping their network adds even more security.
And don’t forget the importance of good physical security.
It’s all well and good having a network locked down tighter than Fort Knox, but that water company field office is a physical location.
If anyone can get into it, then anyone can get into the systems it’s connected to.
The increasing importance of identity and access
Identity remains the starting point and the last word of an organisation’s security.
It’s still the most common attack vector. Compromised identity is the easiest way in. Why throw brute force at a robust security system when you can use an employee’s identity and bypass it?
Wherever there’s a way into the company, there should be a check verifying the identity of the person or workload trying to gain access.
It will also come as no surprise that implementing zero trust policies should form the backbone of your security, identity, and access.
Sign up today!
Get the latest cyber security advice straight to your inbox
Join the Kocho mailing list and keep pace with the latest cyber trends. You’ll get:
- Demos on the latest cyber technologies
- Invites to exclusive events and webinars
- Resources that make your job easier
The human element is the weakest link in the identity security chain.
For example, MFA is incredibly secure, but it can be bypassed by spamming multiple MFA requests, until you absent-mindedly approve one.
Congratulations, you’ve just let a villain into your system!
Organisations should also be cognisant of other forms of social engineering. These can take the form of spam and phishing emails. Also, be wary of volunteering too much personal information on social media sites.
Employees need training in social engineering. This includes how they could be vulnerable to it and how threat actors might manipulate them into willingly giving away identity credentials.
Again, implementing a zero trust (there’s that phrase again!) mindset is crucial to successfully resisting most social engineering attempts.
Sarah Armstrong Smith, Microsoft’s Chief Security Advisor tells us more about the threats we should be aware of in the following video:
Companies need to be very mindful about social engineering techniques… How they can manipulate people to take action. That can include an MFA bypass; getting a user to willingly give up their credentials.
Chief Security Advisor for Microsoft
The more robust we make security measures, the more cybercriminals develop creative ways to get around them.
Hacking is now a multibillion-dollar enterprise. Hacking groups have large institutional hierarchies and R&D budgets.
Attacks have been growing in complexity and sophistication, and attackers now use advanced tools, such as artificial intelligence, machine learning, and automation.
The same tools used to keep us safe.
Worse still, all of the familiar threats in the digital landscape are still there, including malware and phishing.
But now, with the benefits of new technologies, they’re becoming more complex and more targeted.
This problem is exacerbated by the cyber skills gap in the workforce. If you can’t hire the right people, with the right skills, how are you going to manage?
Working with local universities is really important. Not just for scoping upcoming talent, but also supporting them in ensuring their cyber-based courses are industry relevant. Organisations can have input into those through lunch-and-learn events and guest lectures.
While it’s worrying that the very tools we turned to for protection have been turned against us; utilised correctly, these tools are still the best defence against attackers.
For everything else, it comes down to practicing good digital hygiene, and yes, you guessed it: implementing a zero trust framework and policies.
We saw hackers weaponizing the tools meant to keep us safe in 2022. We're going to see more of this in 2023, especially as passwordless sign-in becomes the norm.
Head of Security Operations, Kocho
2023 is going to see a continuation of the trends we’ve already seen in 2022. But those trends will become more pronounced. Malware continues to be a scourge, but it’s now more sophisticated. And threat actors are not above using it to attack once sacred critical infrastructure.
With attacks becoming more complex, we can see that it’s going to be an escalating arms race of machine learning and AI tools attacking and repelling each other.
More than anything, identity, and attempts to compromise it – or bypass it all together with social engineering – will be the biggest battlegrounds for any organisation looking to keep themselves safe.
Keeping identity protected and verified at every stage of an interaction not only keeps you safe, it keeps your organisation safe. It’s the most common route of attack, and that’s why so much effort has been put into attacking it in 2022.
Expect more of the same in 2023.
Malware and especially ransomware will continue to be a problem. It will be more complex and targets will be more wide-ranging.
Attacks are becoming increasingly more complex. Machine learning and AI tools will get around more robust security measures.
Critical infrastructure, such as utilities, hospitals, and other government institutions, will find themselves under attack.
Social engineering will continue to be a thorny issue. It must be combated by good digital hygiene and adopting a zero trust mindset.
Identity, and keeping it secure, will remain the key battleground in the cyber security landscape throughout 2023.
Supercharge your security operations with SIEM and XDR
Security team overworked and overwhelmed? Worried you won’t spot an attack quickly enough?
Download your free Microsoft guide. Learn how:
- Automation could reduce your SOC work by over 75%
- Your threat response time could be reduced by 88%
Like this? Don’t forget to share.
Sign up for great content and exclusive invites
Subscribe to the Kocho mailing list if you want:
- Demos of the latest Microsoft tech
- Invites to exclusive events and webinars
- Resources that make your job easier
Mat is Kocho’s Head of Mobility and Security. He leads a team of consultants and architects that live and breathe secure transformation – delivering excellence across Microsoft 365 and Azure.
Latest blog articles
We’re here to help you on your journey towards becoming greater.
Get in touch to find out how.