printer friendly version

The biggest cybersecurity threats for 2023

Cybersecurity is becoming part of corporate strategy and, according to Gartner, the pressure on executives and companies to deal effectively with cybersecurity will only increase in the coming years.

During the opening keynote at the Gartner Security & Risk Management Summit in Sydney in June 2022, Richard Addiscott, senior director analyst, and Rob McMillan, managing vice president for Gartner, highlighted some of the top cybersecurity predictions they expect to see companies incorporating into their strategic plans in the digital era. These are briefly summarised below:

• Through 2023, government regulations requiring organisations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP.

• By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE (security service edge) platform.

• 60% of organisations will embrace Zero Trust as a starting point for security by 2025. More than half will fail to realise the benefits.

• By 2025, 60% of organisations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.

• Through 2025, 30% of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021.

• By 2025, threat actors will have weaponised operational technology environments successfully to cause human casualties.

• By 2025, 70% of CEOs will mandate a culture of organisational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.

• By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts.

More information is available at www.securitysa.com/*gartner6, and an e-book on the top priorities for security and privacy leaders in 2022 is available at www.securitysa.com/*gartner7.

The cloud brings its own risks

The Cloud Security Alliance (CSA) released its 2022 SaaS Security Survey Report to address the many instances of cybercrime related to SaaS (Software-as-a-Service): https://cloudsecurityalliance.org/. Some key findings included (the full report is available via the short link www.securitysa.com/*saas1):

• At least 43% of organisations dealt with one or more security incidents because of SaaS misconfigurations.

• The leading causes of the security incidents are two related issues: too many departments have access to the SaaS security settings (35%) and a lack of visibility into changes in the SaaS security settings (34%).

• Over the past year, 81% of organisations have increased their investment in business-critical SaaS applications, but fewer organisations report increasing their investment in security tools (73%) and staff (55%) for SaaS security.

• Manually detecting and remediating SaaS misconfigurations is leaving organisations exposed.

• Third-party app access is a top concern when adopting SaaS applications.

The experts’ view

While the threats and risks seem to be endless, the resources available to deal with them are not. Perhaps the most important risk is ignorance or the ‘hoping for the best’ approach some businesses seem to take (especially smaller businesses). To find out what people in the cyber trenches in South Africa think will be the biggest risks looking ahead, Hi-Tech Security Solutions asked a few experts what they thought the biggest or most critical threat is that we will be facing in the information security world as we move into 2023.

Peter Clarke, MD, LanDynamix

The biggest threat we are facing currently, and into 2023, is the persistent attack on and targeting of the end user. Over the years, cloud-based systems have become stronger and more secure, so the attackers have moved to the soft target: the human being.

The attacks are increasing in scale and reach; no longer are they just targeting entities of interest such as banks and large corporations. The attacks are now opportunistic, in fact they are taking a ‘spray and pray’ approach. In other words, they send out wide-reach attacks and hope someone will get hooked.

Organisations can no longer take the approach of thinking they are too small and insignificant to be targeted. The attackers are all about getting money immediately. If they can intercept your mailbox and change the banking details on an invoice sent to you to their own details, and they get R50 000, that’s R50 000 they didn’t have this morning. The same with the ransomware attacks: if they can encrypt your data and you don’t have backup and are prepared to pay a ransom to get your data back, it’s money they now have that they didn’t have before.

As cloud-based systems become increasingly stronger and enforce technologies such as multi-factor authentication (MFA), the attackers adapt to this and use social engineering to get around it. Uber was recently compromised, and the attackers managed to get through the multi-factor issue by contacting the user they wanted to hack and telling them this was Joe Soap from the IT department and to please accept the MFA response on the phone. They are also employing MFA fatigue strategies by sending the MFA request to the user over and over and over again, hoping they will eventually just accept it.

The cloud vendors are playing a bit of catch-up now as they work out new ways to protect the user. I think something that all organisations must focus on is user education and training. The more we are educated and aware of physical threats to our livelihoods, the more we must have the same awareness of cyber threats. Users need to know what to look out for, and look for events and things that look shady. Technology can only do so much; education is going to play an important role going forward.

Anna Collard, SVP: content strategy, and evangelist, KnowBe4 Africa

Cyber extortion attacks. Ransomware-as-a-Service (RaaS) operators are expanding their service portfolios to different focus areas, such as cloud environments, Linux operating systems, and double and triple extortion attacks. Many groups are now operating without the encryption element and just exfiltrate the data, threatening exposure unless the victim pays a ransom fee, sometimes not only from the original victim but also from anyone who might be impacted by the disclosure of that organisation’s data.

This type of attack is becoming more common as it’s easier to carry out. Countries in Africa should be concerned about experiencing a similar attack to that of Costa Rica, where the government had to declare a state of national disaster due to a Conti ransomware attack in April. Local public-sector organisations are particularly vulnerable as many are not adequately prepared or resourced to deal with an extortion attack, potentially resulting in critical infrastructure downtimes with negative macroeconomic and societal impacts.

Steve Flynn, sales and marketing director, ESET Southern Africa

There has been a tremendous increase in businesses and consumers embracing cloud, and in 2023 this space will yet again be the target of cybercriminals. The seismic shift from traditional on-premises to cloud hosting applications and infrastructure elevates cybersecurity risks. Whilst cloud services offer incredible benefits, it’s imperative from a risk mitigation perspective to assign thought and attention to:

• Using a reputable cloud service provider (this is a fundamental first step).

• Optimisation and configuration using best practices.

• Making use of best-of-breed cybersecurity software.

• Multi-factor authentication (which should be standard).

• Encryption (which should be employed wherever possible).

• Strong password policies.

• Assigning credentials and rights only to those that require access.

• Redundancy is essential; backup and a disaster recovery plan should be enforced.

• Test for vulnerabilities timeously.

The continued innovation and adoption of smart technologies, IiT devices, car connectivity and infotainment will also present new attack vectors for cybercriminals in 2023.

Stephen Osler, co-founder and business development director, NClose

Social engineering (phishing) attacks are becoming more sophisticated every year, and what makes them so difficult to deal with is they are reliant on human error, and we can’t always control what people click on and where they choose to send their information. This type of attack is often the gateway for others, such as ransomware, malware, third-party exposure and so on.

Various social media sites (Twitter, Instagram, Facebook, LinkedIn) have made it easy for cybercriminals to create something catered to getting specific information from specific people, and I think it will continue this way into 2023.

Gerhard Swart, CTO, Performanta

Africa is experiencing the highest number of cyberattacks on critical infrastructures globally. This is due to the fact that many African nations are only starting to develop their cybersecurity strategy and defence capabilities. With this in mind, we predict that utilities, manufacturing and mining will be targeted even more as the focus on OT security has not been top-of-mind for many of these organisations. With more and more countries adopting privacy regulations, it’s going to be important for organisations to secure themselves in order to comply with national regulations.

Kevin Halkerd, information security officer, e4

I think our biggest challenge is facing up to the economic uncertainties and developing a comprehensive security platform considering those uncertainties. Security operations are always key but should remain your ‘survival tool’. Deliberate attention to operating the controls supporting the NIST Cyber Security Framework, as opposed to expenditure on software systems and tooling first, will ensure you deliver improving maturity to your business while allowing your decision-making team to adopt an evidence-based software acquisition posture. The operation of controls, and the impact to your business by not operating those controls correctly, should drive the decision to acquire tools to reduce immediate risk and be driven by needs rather than following trends.

Byron Horn-Botha, business unit head, Arcserve Southern Africa

The biggest, or most critical, cybersecurity threat going into 2023 will be not implementing immutable storage – this is the last line of defence in your cybersecurity strategy. Immutability allows for the adoption of 3-2-1-1 best practice. Most people have traditionally never seen the alignment of cybersecurity and backups, high availability, disaster recovery and data recovery, but the reality is that it always has been and will always continue to be where you stand up against ransomware when all your first lines of defence have been breached.

Immutability offers peace of mind. The reality is our IT landscapes have become disparate – we have workloads in the cloud, SaaS solutions, on-premises or hosted, coupled with remote workers and human error. What this means is that you can no longer protect every environment in the same way. We are all familiar with how to protect on-premises workloads and some small degree of ‘peace of mind’. But due to the proliferation of sites where your data resides, it’s simply impossible to gain total peace as it’s an ever-changing landscape. The reasons include cost, maturity and how much control we have over SaaS or hosted solutions. This, in turn, validates why immutability offers the layer of protection needed for recovery across disparate landscapes.

Doros Hadjizenonos, regional director, southern Africa, Fortinet

There’s no doubt that ransomware is a growing concern for businesses and individuals alike. The problem is only going to get worse in the coming years, as more and more people become aware of the threat and criminals become increasingly sophisticated in their attacks. In 2023, we can expect to see a continued rise in ransomware attacks, as well as new and innovative ways for criminals to target their victims. Businesses need to be prepared to protect themselves from these threats, and individuals also need to remain vigilant.

One of the most significant trends in the world of cybercrime is the convergence of advanced persistent threats (APTs) and traditional criminal activity. This convergence is being driven by a number of factors, including the growing sophistication of criminal organisations, the increasing availability of powerful tools and resources, and the expanding pool of potential targets. The result is a new breed of cybercriminal that is highly organised, well funded and extremely skilled. These criminals are capable of launching sophisticated attacks that can evade detection and have a devastating impact on victims. Additionally, they are often willing to work with other criminal groups to share expertise and resources, which further increases their capabilities.

Comment from XM Cyber

Sascha Merberg, technical director DACH, XM Cyber

Cybersecurity predictions tend to be a bit like stating the obvious. Being on top of what an attacker is or could be doing in an organisation's environment was and still is paramount. Despite the plethora of reactive tools that are meant to stop a breach while in progress, organisations will continue to be breached. No matter how good the cyber hygiene, endpoint protection or event analytics. In addition, digital transformation and WFH have not just expanded the attack surface, but created completely new attack surfaces that are difficult, sometimes impossible to control; while they become more and more intertwined with core business processes – like the home computer an employee might use to connect to a company's ERP system.

The need to understand how an attacker could move through their network is more important than ever for businesses. Instead of adding layers of noise generated by reactive tools and overloading already overloaded teams, organisations have to use solutions that help predict future attacks and focus on what is most relevant. Both operationally and strategically.

Shay Siksik, VP customer experience, XM Cyber

Organisations are starting to deviate from the usual vulnerability management and are trying to find technologies to prioritise issues that they have. Attackers use much more identity theft, passwords and misconfigurations to enter and move within networks, not always using CVEs. Some of the recent attacks we have seen, for example on Uber, did not use CVE at all. Organisations in 2023 will increasingly start looking for the justification of the risk that appears in security problems in front of their IT bodies that usually carry out repairs.

Rinat Villeval, manager of technical enablement, XM Cyber

The market is struggling to hire good cybersecurity teams, and there will be a lot of budget cuts in 2023. To combat this, they would need to invest a lot in team efficiency, so any security solution that will make the team's work more efficient will be invested in. Cyber threats are also growing even more rapidly because of the economic downturn globally, so companies that invested heavily before the "boom" (security controls) and after the "boom" (costly IR activities) will invest more in the preventive realm to justify cyber insurance.

Share this article:

Further reading: