Cybersecurity Predictions for 2023

Looking at the year ahead, it helps to have some kind of a road map to what we can expect on the threat horizon and what the industry is doing about it. To that end, here are some cyber trends and predictions to look out for in the next twelve months.

1. As-a-Service exploits. The as-a-Service economy is booming, not only in security but in the criminal underground. Ransomware-as-a-Service, Phishing-as-a-Service, Hacking-as-a-Service, Malware-as-a-Service (and even Reconnaissance-as-a-Service) have all come into their own and are putting advanced and easy-to-come-by toolkits into the hands of inexperienced hackers, making attacks more affordable and easier to come by. Expect a rise in all attempts in the coming year.

2. AI-driven attacks. While we know that the risk of AI-produced deepfakes is here and heating up, Artificial Intelligence is also being used to scrape social media sites for personal information to create custom phishing campaigns faster. That’s more phishing exploits in the wild and better. AI-powered ransomware threats are also on the horizon and could be ‘terrifying’ if fully realized. More than ever, SMEs need to take stock of their current defenses and level up.

3. Emerging malware models. Signature-based threat detection models won’t cut it anymore as emerging malware threats are increasingly more sophisticated. Last year, there were over 10,000 new ransomware strains discovered in the first six months alone. Last year we saw hackers obfuscate and recompile their code beyond recognition, infiltrate using benign means and then strike with file-less malware, and target users with MFA spam to get them to approve access. Companies without AI-based prevention that can spot patterns of attack will struggle to keep up.

4. Supply-chain attacks. Gartner predicts that by 2025, 45% of all worldwide organizations will have experienced a software supply-chain attack. Those aren’t great odds – especially for the countless small businesses that make up those supply chains. Remember MeDoc? Nobody does, but they were the Ukrainian software firm that transmitted ‘NotPetya’ to the shipping titan Maersk, creating a global crisis. Even if SMEs themselves aren’t “at risk”, they are likely downstream of a larger conglomerate, that is.

5. A shift towards the holistic view. Many times, CISOs get a sense of what a particular area of cybersecurity will do for their organization – say, IAM and data loss prevention – but may fail to grasp the big picture of overall risk architecture. One component is just that – one component. With so many disparate tools and data sources, companies need to have a bird’s eye view of their network architecture, and that includes the Cloud, email servers, the DNS layer, VPNs and secure remote access, APIs, Identity and Access Management, and endpoints. Yes, that’s what your SOC is for, but what about small businesses? With a cyber talent crisis and not enough hands to go around, would-be proactive teams are reduced to swivel-chair analysis and chasing threats when they could be looking at network architecture.

SMEs can afford to future-proof

Historically speaking, the trend is for larger companies to spend the lion share of their security time on foreplanning, strategizing and investigations, while smaller companies spend their time putting out fires. It can be hard to get ahead – and attackers aren’t pulling back.

Hackers go for the low-hanging fruit, so companies of every size need to be prepared. Again, it is usually the SMEs that struggle to stay adequately defended, and nearly one in eight small businesses will go bankrupt due to a security breach this year.

Port53 offers long-term cybersecurity planning and risk assessment to small businesses. We offer a range of enterprise-level security tools at pay-as-you-go rates to help SMEs level up and stay ahead of current attack methods (and on par with larger corporations). The days of “not being able to afford it” are quickly coming to a close as as-a-Service exploits, AI and emerging ransomware models are poised to exponentiate attacks.

Someone will get hacked in 2023, and it will most likely be the organizations that are easiest to compromise. No one likes working harder than they have to, and an ounce of prevention will be worth its pound of cure in the coming year’s threat economy. Increasingly, the cyber landscape will promote the survival of the fittest, and simply put, SMEs just can’t afford not to.