Hacktivism, deepfakes, attacks on business collaboration tools, new regulatory mandates and pressure to reduce complexity will be at the top of organizations' security agendas next year
H Check Point Software Technologies Ltd. global provider of cyber security solutions, has published its cyber security predictions for 2023, detailing the key challenges organizations will face in the coming year.
Cyberattacks in all sectors of industry increased by 28% in the third quarter of 2022 compared to 2021, and Check Point predicts that the sharp increase will continue globally, due to the rise of ransomware exploits and state-motivated hacktivism due to international conflicts. At the same time, organizations' security teams will face increasing pressure as the global cyber workforce gap widens of 3,4 million workers is expanding further and governments are expected to introduce new cyber regulations to protect citizens from breaches.
In 2022, cybercriminals and state-linked actors continued to exploit the hybrid working practices of organizations, and the growth of these attacks does not appear to be slowing down as the Russia-Ukraine conflict continues to have a profound impact globally. Organizations need to consolidate and automate their security infrastructure to allow them to better monitor and manage attack surfaces and prevent all types of threats with less complexity and less need for staff.
Check Point's cybersecurity predictions for 2023 are divided into four categories: malware and phishing, hacktivism, emerging government regulations, and security consolidation.
Increases in malware and hacking exploits
● No respite from ransomware: she was the main threat for organizations in the first half of 2022 and the ransomware ecosystem will continue to evolve and grow with smaller, more agile criminal groups forming to evade law enforcement.
● Collaboration tools: ενώ οι απόπειρες ηλεκτρονικού ψαρέματος κατά επαγγελματικών και προσωπικών λογαριασμών ηλεκτρονικού ταχυδρομείου αποτελούν καθημερινή απειλή, το 2023 οι εγκληματίες θα διευρύνουν τον στόχο τους σε εργαλεία επιχειρηματικής χρήσης όπως το Slack, το Teams, το OneDrive και το Google Drive με εκμεταλλεύσεις ηλεκτρονικού ψαρέματος. Αυτά είναι μια πλούσια πηγή ευαίσθητων δεδομένων, δεδομένου ότι οι υπάλληλοι των περισσότερων οργανισμών συνεχίζουν να εργάζονται σε μεγάλο βαθμό εξ αποστάσεως.
Hacktivism and deepfakes are evolving
● State-motivated hacktivism: in the last year, hacktivism has evolved from grassroots social groups (such as Anonymous) to state-sponsored groups that are more organized, structured and sophisticated. Such groups have recently attack targets in the US, Germany, Italy, Norway, Finland, Poland and Japan and these ideological attacks will continue to increase in 2023.
● Weaponizing deepfakes: in October 2022, widely circulated one deepfake of US President Joe Biden who sang "Baby Shark" instead of the national anthem. It was a joke or an attempt to influence the important ones Mid-term εκλογών στις ΗΠΑ; Η technology Deepfakes θα χρησιμοποιείται όλο και περισσότερο για να στοχεύσει και να χειραγωγήσει opinions ή για να εξαπατήσει υπαλλήλους να παραδώσουν τα διαπιστευτήρια πρόσβασης τους.
Governments are stepping up measures to protect citizens
- New data breach laws: η infringement on Australian telco Optus led the country's government to introduce new data breach regulations that other telcos must follow, to protect customers from subsequent fraud. We will see other national governments follow suit in 2023, in addition to existing measures such as GDPR.
- New national cybercrime task forces: more governments will follow The example of Singapore to establish inter-agency task forces to tackle ransomware and cybercrime, bringing together businesses, government departments and law enforcement agencies to combat the growing threat to commerce and consumers. These efforts are partly the result of questions about whether the cyber insurance sector can be considered a safety net for cyber incidents.
- Enforcing security and privacy by design: the automotive industry has already moved to establish measures to protect vehicle owner data. This example will be followed by other sectors of consumer goods that store and process data, making manufacturers responsible for the vulnerabilities of their products.
Integration matters
- Reduce complexity to reduce risks: the global cyber skills gap will increase by more than 25% by 2022. However, organizations have more complex, distributed networks and cloud deployments than ever due to the pandemic. Security teams need to consolidate their IT and security infrastructure to improve their defenses and reduce their workload to help them stay ahead of threats. Over two-thirds of CISOs said that working with fewer vendor solutions will increase their company's security.
Predictions from Check Point executives:
Mark Ostrowski, Office of the CTO, Check Point Software
"Deepfakes will go mainstream with hacktivists and cybercriminals leveraging video and voice messages for successful phishing and ransomware attacks."
Maya Horowitz, VP of Research, Check Point Software
“We are entering a new era of hacktivism, with increasing attacks motivated by political and social causes. Threat actors are becoming more brazen and will turn their attention to critical infrastructure.”
Micki Boland, Office of the CTO, Check Point Software
"We will see a nation-state lead a sustained and prolonged assault on the US power grid, leading to blackouts that affect critical business and social functions."
Deryck Mitchelson, EMEA CISO, Check Point
"Cloud transformation will be slowed by cost and complexity, with many companies considering moving operations back in-house or to private data centers to reduce their overall threat surface."
Deryck Mitchelson, EMEA CISO, Check Point Software
"There will be a lot of discussion and we will push for security policy as the current carrot and stick approach has not worked."
Dan Wiley, Head of Threat Management, Check Point Software
“The cyber insurance industry is undergoing significant tectonic changes. Companies likely won't be able to rely on insurance as a safety net for cyber incidents. As we've seen with the auto industry, policymakers will act to protect votersconditions τους με νομοθεσία που καθιστά τους κατασκευαστές υπεύθυνους για ελαττώματα λογισμικού που δημιουργούν ευπάθειες στον κυβερνοχώρο. Με τη σειρά του, αυτό θα ρίξει το βάρος στους προμηθευτές λογισμικού να δημιουργήσουν επικυρώσεις ασφαλείας.
Jeremy Fuchs, Research Analyst, Avanan, a Check Point company
“While email and phishing go hand in hand and will continue to be dangerous and proliferate, in 2023 cybercriminals will also turn to business collaboration compromise, with phishing attacks used to access Slack, Teams, OneDrive , Google Drive, etc. Employees are often relaxed about sharing data and personal information when using these business applications, making them a lucrative source of data for hackers.
Jony Fischbein, CISO, Check Point Software
“In our multi-hybrid environment, many CISOs struggle to build a comprehensive multi-vendor security program. In 2023, CISOs will reduce the number of security solutions deployed in favor of an integrated, single solution to reduce complexity.”
Oded Vanunu, Head of Product Vulnerability Research, Check Point Software
“Dramatic increase in digital fraud due to global economic slowdown and inflation. Cybercriminals will increasingly turn to social media campaigns via telegram, WhatsApp and other popular messaging apps. There will also be more cyberattacks on Web3 blockchain platforms, mainly to take over the platforms and their users' crypto assets."
