An information security expert forecasts changes in the cybersecurity landscape for the upcoming year. From new strains of potent malware to major policies that threaten privacy and encryption, Tomas Smalakys, CTO at NordLocker, outlines some of his cybersecurity predictions for the upcoming year. Based on trends we have seen in 2022 and major events set to happen in the next 12 months, the predictions outlined below address the technological, economic, and social factors that could shape cybersecurity in the upcoming year.
2022 was an intense year for cybersecurity. State-sponsored cyberattacks showcased how real-world events can have serious implications for the online world, whereas businesses in an already difficult economic environment suffered some of the biggest cyberattacks ever seen.
RELATED: 5G cybersecurity has never been more important, says Strand Consult´s review of EU OpenRAN Report
Smalakys, CTO at NordLocker, says, “Cybersecurity never stops evolving because digital technologies are increasingly overtaking each part of our lives, in turn increasing the scope cybersecurity tools should cover. This ever-changing nature of the cybersecurity field makes each week, month, and year different from those that have passed, making it extremely important to stay two steps ahead of emerging threats.”
Smalakys outlines his predictions for what is waiting for cybersecurity in 2023 below.
- Fileless malware will pose serious concerns. Because fileless malware does not require its victim to download any files, it is practically undetectable by most information security tools. This type of malicious software works by exploiting vulnerabilities in already downloaded, well-known, and trusted applications, leaving no trace on the computer’s memory. Fileless malware requires significant skills to develop and carry out, but if it’s successful, it can do immense damage.
- Targeting supply chains. The Covid-induced global chip shortage revealed that the most fragile part of the global economy is its interconnectedness. By targeting companies that play critical roles in the activities of other businesses, such as raw materials suppliers or logistics firms, cybercriminals have the ability to grind an entire supply chain to a halt and apply mounting pressure to make victims meet their demands. We already see this trend in 2022, and these types of attacks are only ramping up.
- Employees will be the weakest link in corporate cybersecurity. With the human factor being the culprit behind more than 80% of cyberattacks, companies will continue struggling to instill proper cyber hygiene principles in their employee culture, even though the tools they use are becoming increasingly advanced.
- Ransomware will become more targeted. Usually, ransomware is spread randomly to numerous targets by phishing or other social engineering methods with the hopes that someone will click the link or provide their credentials. More recently, however, ransomware gangs have been applying a different approach that is more carefully crafted to each individual victim and can do much more damage.
- Cloud security will become increasingly important. With companies increasingly moving their data into the cloud instead of storing files locally on their computer, we will see a growing number of cyberattacks that exploit vulnerabilities in current solutions.
- The EU threatens encryption laws. In order to curb various online crimes, the European Commission has put forward a proposal to weaken encryption laws across the bloc. If it passes, the new law will require digital platforms to scan every single message or file sent through their services for suspicious content. While the motivation behind the initiative is well-intentioned, it would make the internet much less private and secure.
- Reduced cybersecurity spending will expose vulnerabilities. With a looming recession, many companies and individuals are rethinking their budgets, and cybersecurity spending is often among the first to receive a cut. Criminals will exploit this lowered guard, which is very likely to make 2023 one of the costliest and most destructive years for entities affected by cybersecurity incidents