Specialists forecast intensified cybercrime attacks in 2023
Cybercrime will continue and intensify in 2023. Threat actor techniques will evolve considerably over the next 12 months. Ransomware and insider risk will grow as attackers target trusted employees with extortion attempts. Cybercrime “vendors” are shifting toward new business models. A positive forecast is an expected broader adoption of passkeys technology (passwordless login).
Tim Keary, editor for tech news VentureBeat in a blogpost summarises a meeting with Google security leaders and analysts.
Last year, the FBI estimated that internet crime cost USD 6.9 billion. There is a USD 2 trillion market opportunity for cybersecurity technology and service providers, consultancy McKinsey predicts referring to a survey of the cybersecurity business. “Damage from cyberattacks will amount to about USD 10.5 trillion annually by 2025—a 300% increase from 2015 levels.”
The McKinsey report says security providers need to find productive combinations of product, price, and services that vendors can tailor to target segments and are flexible enough to scale.
Forecasts for 2023 by Google leaders:
- Identity and authentication attacks will remain a constant threat
“Organizations will continue to struggle with identity- and authentication-related attacks, where relatively unsophisticated threat actors are able to purchase credentials in the underground, or con their way into the organization”, says Heather Adkins, VP of security engineering.
“As a result, platform makers will be pressured to help consumers and enterprises defend against malware that steals those credentials.”
- Insider risk will increase as threat actors target trusted employees
“We will see increases in insider risks, with attackers attempting to coerce and extort otherwise trusted insiders to commit malicious acts. Meanwhile, federated identity and authentication vendors will come under increasing attack to attempt to target other software as a service (SaaS) providers”, says Phil Venables, (CISO).
“We’ll also see people start to realize the Y2K-scale level of work involved in transitioning to post quantum cryptography.”
- Ransomware attacks on public and private sectors will continue to increase
“Globally, we’ll see the continued growth and prominence of ransomware attacks across public and private sectors. Across the wider attack surface, industry-specific threats and capabilities will grow, affecting verticals including healthcare, energy, finance and more”, says Royal Hansen, VP of privacy, safety and security.
“As an industry, our ongoing research and work on supply chain security, especially on the heels of major attacks, will continue to reveal how much more collaborative work needs to be done.”
- Broader adoption of passkeys technology
“Beyond password management and account security improvements, we’ll see broader passkey adoption from developers and users, and in common security vernacular”, predicts Parisa Tabriz, VP of Chrome browser.
“We can also expect to see SMS/one-time password (OTP) phishing continue to rise, so websites and apps will be more likely to adopt passkeys for both consumer-facing and internal admin tools.
“In a hybrid corporate environment, and with more work happening on the web, the browser will become an even more strategic asset for enterprise security.
“In terms of workforce, the demand for cybersecurity experience and capability at all levels of organizations in the private and public sector will continue to surpass available talent. This will underscore the need for investment in multidisciplinary cybersecurity skills development for the future.”
- Cybercrime vendors will shift their business models
“We will see greater pressure on commercial spyware vendors, and hack-for-hire operators, from both tech companies and governments. However, these threat actors won’t go away; we will instead see reorganization, renaming and some shifts in business models”, says Shane Huntley, senior director of Threat Analysis Group.
“Globally, China and Russia will continue to focus heavily on regional issues, including activity related to Ukraine. “
“As campaigns for the 2024 election commence, campaign and election security will be front and center issues, including discussion around information operations (IO.)”
- Cybercriminals will look to target reused passwords and secret question fields
“With so many data breach dumps circulating on the dark web, we’ll see a surge of attacks leveraging not only reused passwords, but also all the secret question fields (birthdate, SSN, street addresses or others)”, says Mark Risher, senior director for platforms and ecosystems.
“To defend themselves, apps and websites will increasingly adopt secure authentication, like federated identity and passkeys — in lieu of username, password, SMS code and others — with the added benefit that these mechanisms are also easier and more convenient for users.”
Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.
Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!
We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.