Few things are certain except cyberattacks: Security predictions for 2023

By Darren James

Darren James, Head of Internal IT, Specops Software

It’s that time of year again, when IT and security experts line up to reflect on the past year and share their industry predictions for what’s to come. With the cybersecurity landscape more unpredictable than ever, it can be difficult to predict what’s going to happen tomorrow, let alone in the next 12 months. However, while few things may be certain in life, with rising global conflicts, a looming recession, and the continued use of weak and breached credentials, we can be sure that more cyberattacks will be on the horizon in 2023. Here are a few trends and predictions to watch out for in the new year:

1 – The new Cold War brings increasing nation-state attacks

Nation-state cybercriminal activity is nothing new, but the ongoing conflict between Russia and Ukraine has brought with it increased and even more sophisticated nation-state activity, particularly aimed at Ukraine and its allies. But with increasing pressures from the war and economic downturn, we have likely just glimpsed the beginnings of the new Cold Cyber War as state-sponsored hackers look for new ways to make money and disrupt critical infrastructure.

Based on recent cybercriminal activity, businesses should expect increased social engineering and train employees to recognize the signs of such attacks. And with new social engineering trends like “callback phishing” on the rise, it’s not just businesses that should be concerned. Businesses and consumers alike will need to be on the lookout to protect themselves from increasingly crafty cybercriminals.

2 – Cybersecurity budget cuts introduce new threats

With a looming recession, many organizations will be looking for ways to reduce spending. Despite increased concern and emphasis on cybersecurity in recent years, cybersecurity personnel and tools may be on the chopping block amid budget cuts. Unfortunately, cybercriminals will likely be feeling the impacts of recession as well and looking for new ways to make a quick buck to reduce financial strain. As a result, we can expect a vicious circle whereby organizations that reduce cybersecurity investments to save money may actually incur more costs and consequences as a result of financially-motivated attacks.

3 – Credential-based attacks will continue to rise

Credential-based attacks have been on the rise, with Verizon finding stolen credentials contribute to nearly 50% of attacks and a plethora of cyberattacks this year as evidence. Unfortunately, the password guidelines we’ve all grown familiar with and that many web services used as requirements – such as using a mix of capital and lowercase letters, numbers, and special characters – are no longer enough, with Specops Software’s 2022 Weak Password Report finding that 93% of the passwords used in brute force attacks include 8 or more characters and 68% include at least two character types. But despite warnings from security experts, individuals continue to use weak and breached passwords that leave them vulnerable to cybersecurity threats. In 2023, credential-based attacks are likely to continue, coupled with new threats related to weak forms of multi-factor authentication and rising phishing attempts.

Despite the doom and gloom of these predictions, there is good news – organizations can take steps now to ensure they are better protected from cyber threats in the new year. With weak and breached credentials at the center of so many security incidents, password security is a great place to start. Organizations should consider introducing measures to block weak and breached passwords, requiring longer and harder-to-guess passphrases, and utilizing password managers to help employees securely store and manage login credentials. It is also critical for organizations to require a strong form of backup authentication, such as biometrics, to provide an added layer of security for all sensitive business information.

Few things may be certain except cyberattacks, but you can control your destiny in 2023 by taking small steps now to improve your organization’s security posture.


No posts to display