Each year, various events within the cybersecurity industry have a significant impact on the industry, leading experts to predict an increase in the frequency and severity of such occurrences in the years ahead. As preparation is preferred over mitigation, awareness of what to anticipate this year and beyond is essential.
The 2022 cybersecurity trends featured the prominence of ransomware attacks, which resulted in a daily loss of about $2.2 million. Additionally, there was a heightened vulnerability to cyber-attacks on mobile devices, cryptocurrency, and NFTs.
Gartner forecasts the implementation of additional data privacy laws in 2023, protecting the personal information of 75% of the global population, which include GDPR, CCPA, and LGPD. By 2025, there is likely to be an increase in the use of cloud-security software, cyber security committees and a culture of cyber security resilience as a result of events in 2023.
As technology and cybersecurity threats continue to advance at an unprecedented rate, let's look at a few of the significant trends in cybersecurity that deserve attention this year.
IoT manufacturers recognize the need for secure devices, but may not be aware of all potential vulnerabilities, which could have severe consequences if any compromises are discovered.
According to Oracle, there are over 7 billion connected IoT devices with a projected increase to 22 billion by 2025. This growth provides cyber criminals with huge opportunities to execute cyber-attacks.
The risks of cyber security associated with remote working.
Remote work has gained popularity lately, but it poses cyber security risks due to a lack of access to security software like VPN and two-factor authentication, as well as in-office cybersecurity professionals. This can result in employees being vulnerable to cyber attacks while working from home.
The use of mobile devices by remote workers for communication with colleagues and clients has become increasingly commonplace. These devices, which may store sensitive personal data, are an attractive target for cybercriminals. Statistics show that malware attacks on mobile banking apps have increased by 50% since 2019, and this trend is expected to continue.
GDPR (the General Data Protection Regulation), implemented in 2018, outlines specific guidelines regarding data protection in relation to personal data, processing activities, and storage. It applies to any organization that operates within the EU or has clients that are based within the EU.
Companies must ensure user data is protected from accidental or illegal access, damage, manipulation, and unauthorized use in order to comply with GDPR regulations. Data quality, accuracy, and completeness should also be confirmed. Additionally, individuals need to be given information on their data protection rights and access.
The GDPR law is relatively new, nevertheless, more organizations across the world are expected to adhere to GDPR compliance requirements.
Rise of automotive threats
The rise of automotive hacking is a growing concern as modern vehicles are continuously integrated with automated and connected software, providing users with cruise control, engine timing, door lock, airbag systems, etc. These more complex systems have opened the doors to potential cyber vulnerabilities as they rely on Bluetooth and WiFi technologies to communicate. As such, the potential for hackers to gain access to vehicle controls or use microphones for eavesdropping has been identified as an imminent threat in 2023, especially with the increasing use of automated vehicles.
This further extends to self-driving or autonomous vehicles which employ an even more intricate mechanism that utilizes cameras and sensors for navigation. Therefore, it is imperative that strict cyber security measures are taken into account in order to deter any malicious attempts at breaching these systems.
Attacks on the healthcare sector
Cyber attacks on the healthcare industry are anticipated to increase in prevalence during 2023. The healthcare industry already experiences high rates of cyber-attacks, with a 44% increase in recent years resulting in the compromise of 40 million American patient records in 2021. As a result, over 22.6 million patients were impacted, equivalent to the population of New York.
A research survey disclosed that roughly 60% of all ransomware attacks target patient data, while the remaining concentrate on disrupting operations or overtaking systems.
Phishing scams were the most prevalent cyber attack among healthcare organizations, affecting 81% of companies in 2020. With the onset of the COVID-19 pandemic, phishing incidents increased by 220%.
Geo-targeted phishing threats
Geo-targeted phishing attacks focus on a specific geographic location such as country, region, or city. Attackers take advantage of local customs, language differences, and current events to make their fraudulent emails appear authentic.
The detection of these attacks can be difficult due to their use of publicly available information, as well as the utilization of fake email addresses and websites that resemble actual businesses.
It's predicted that geo-targeted cyber threats will become increasingly prevalent in 2023 due to the advancement of phishing tactics.
According to a previous study, the majority of cyber attacks are attributed to phishing tactics, with 97% of internet users unable to identify them as such.
The awareness of cybersecurity among users is increasing, and it is expected to continue in 2023. This trend will change how businesses and individuals safeguard their online information.
A notable change involves the implementation of two-factor authentication (2FA), which serves as an additional security layer where users are required to provide two distinct pieces of information before accessing their account, such as a password and a fingerprint or a password and a one-time code generated by a physical token.
With new tools and technologies emerging daily, companies are more aware of the dangers of potential cybersecurity breaches. Despite growing concerns around cybersecurity, however, the human factor remains the weakest link in companies' security systems. The latest Verizon Data Breach Investigation Report (DBIR) found that 82% of all breaches included some kind of human involvement, with accidental actions like clicking unsafe links or entering passwords incorrectly being the primary cause.
Threats to higher education
Instances of cybersecurity threats in higher education are on the rise. Last year, a ransomware attack targeting the Los Angeles Unified School District caused disruption to computer systems, resulting in 70,000 employees and 540,000 students needing to change their passwords. This demonstrated an increase in cyber-security threats faced by higher education institutions, creating difficulties in recovering from the attack.
As online learning continues to grow, universities and colleges are experiencing an uptick in cyber attacks. These attacks can vary from denial-of-service to more complex attempts that may compromise sensitive information or disrupt vital operations.
Potential of AI
The potential of artificial intelligence (AI) is rapidly being realized in multiple sectors, including the world of cybersecurity. AI, along with its sibling technology machine learning, has brought about immense change in how online security is managed. With the development and availability of various automated security systems, natural language processing technologies, face recognition systems, and real-time threat detection programs; AI and machine learning are becoming more important in modern cybersecurity.
However, it's not all good news when it comes to AI and cybersecurity. As more malicious actors understand how to leverage these new advancements in computer programming, there is a rising concern over how to prevent AI-generated malware from bypassing current protection systems. Additionally, even smart threat detection programs using AI have to be refreshed regularly in order to track any newer variants that crop up on the internet; only then are computer systems able to remain safe from weak points in their defenses. Although the potential benefits of integrating AI into our cyber defense processes cannot be overlooked, extra precautions must still be taken when attempting to protect oneself against increasingly sophisticated attacks by bad actors.
Mobile devices and apps are the new targets
Recent advancements in technology have enabled us to store more of our personal and financial data on our mobile devices. As a result, these handheld devices are becoming increasingly attractive targets for malicious hackers. All this means that our photos, financial transactions, emails, and messages are at greater risk than ever before.
One thing is certain - the threats associated with mobile security are only going to become more serious over time. We may even see a new wave of virus or malware emerging in 2023 that targets smartphones specifically, reigniting conversations about the need for better mobile protection measures.
Summarizing the anticipated cyber security trends for the next few years.
2023 and the following years will bring continued complexity and evolution for the cybersecurity landscape, with ongoing targeting of mobile devices and cloud services by attackers, along with the significant rise in the number of IoT devices.
Cybersecurity has an air of mystery that may never be fully understood, making it difficult to predict industry changes for the coming year and beyond. However, by being informed about expected trends, one can plan and take measures to protect themselves and their businesses.
Cryptomathic is a leader in advanced solutions for mobile app security, encryption management, and digital identities & eSigning.
Contact us to learn how we can help you secure your business while applying the right balance between usability and the best available protection.