Cybersecurity Trends In 2023: Innovation To Watch Out For
Thursday, November 10, 2022
2022 saw great advances in technology, with Silicon Valley companies such as Apple introducing systems like crash detection and GPS-enabled Ultra Watch models. However, the year also saw great threats when it comes to cybersecurity.
The UK's National Crime Agency (NCA) says that only in the UK cybercrime costs billions of pounds annually, whilst the Cybercrime Magazine projects total losses caused by the surging cybercrime will attain 8 trillion globally.
To discuss what the future looks like for cybersecurity, International Business Times sat down with Dr. Ilia Kolochenko to discuss future cybersecurity threats and trends to watch out for in 2023. Dr. Kolochenko is a Swiss application security expert, entrepreneur and an Adjunct Professor of Cybersecurity Practice & Cyber Law at Capitol Technology University. He is currently the Chief Architect & CEO at ImmuniWeb, a global application security company serving over 1,000 enterprise customers worldwide.
What are the top three cybersecurity threats to expect in 2023?
The incomplete visibility of internally managed IT infrastructure, as well as of externally processed or stored data, is probably the most serious cyber threat to watch in 2023. Shadow IT systems, forgotten and abandoned servers, and unprotected multicloud infrastructure figure among the root causes of the most disastrous data breaches.
You cannot protect what they cannot see – this is a well-known axiom that, however, few companies or organizations manage to address. As a result, cybercriminals don't even need sophisticated attack scenarios or expensive 0day vulnerabilities: millions of forgotten and Internet-exposed systems are still vulnerable to the notorious Apache Log4j or Microsoft ProxyShell vulnerabilities disclosed over the last year, enabling cybercriminals to rapidly take control of the remote systems and then try to penetrate internal networks belonging to unwitting victims. Defense-in-depth strategy may help timely stop the intrusions before they spread across an entire network, but few companies have successfully implemented this due to the highly complex architecture of globally interconnected networks, legacy IT systems and hybrid-cloud environments. Moreover, the growing shortage of cybersecurity talent prevents internal security teams from timely responding to innumerable alerts and incidents.
Numerous third parties, ranging from IT suppliers to lawyers and accountants, that have access to your confidential data – is the second prong of the visibility problem. Compared to the internally managed IT infrastructure, third parties are even more problematic as you cannot simply impose your data protection policies and then audit their eventual implementation.
Most companies underestimate the importance of a third-party risk management (TPRM) program and just implement a one-size-fits-all questionnaire for their external suppliers. No risk-based auditing is ever performed on the third parties, let alone continuous monitoring of data breaches affecting their business-critical suppliers. Making the situation even worse, third parties also have their own suppliers, such as cloud backup vendors, eventually dispersing your data across the Internet. Resultingly, a breach of a small IT vendor on another continent, that you have never heard of, may compromise your crown jewels in its possession. Needless to say, such uncontrollable dispersion of data will sooner or later entail serious legal ramifications for violations of data protection and privacy laws that, among other things, may require geographical data localization.
The growing maturity, centralization and sophistication of cybercrime is another alarming trend for 2023. Importantly, the sophistication is not really about the technical means but rather about the business model of cybercrime. For example, ransomware gangs now leverage multidimensional extortion tactics: they reach out to the breached company, its customers whose personal data is stolen, and even third-party vendors that could have been the actual entry point to the hacked company – asking all of them to pay a ransom to avoid exposing the data. In case of refusal, the stolen data will be sold on a public auction on the Dark Web, enabling anyone to purchase it and then exploit or resell the data once again.
Ransomware-as-a-Service (RaaS) is another illustrative example of the creative sophistication of modern cybercrime: even unskilled beginners can make some good money working for cybercrime conglomerates, just by placing malware on vulnerable websites by exploiting trivial web security vulnerabilities. Cybercrime has become a mature, highly efficient and extremely lucrative industry that governments gradually fail to curb.
Why is cybercrime surging despite the ballooning investments in cybersecurity?
Investing more does not necessarily mean investing wiser. First, we have to bear in mind that the overall number of different devices and systems is steadily growing in most organizations. The natural growth eventually requires more licenses of cybersecurity products, spanning from antiviruses to more advanced XDR or CASB products, naturally driving the cybersecurity spending without adding any extra value to the corporate cybersecurity.
Second, oftentimes, the increased spending is simply correlated with the growing prices of cybersecurity products and services, again bringing no added value to the companies. Third, sometimes just one single point of failure, for example, an unprotected cloud bucket with sensitive corporate data, may undermine all your efforts and lead to a serious data breach despite the doubled investment into cybersecurity. Strictly speaking, while investing in cybersecurity is essential, there is no linear dependence on the amount and reduction of data breaches. Most importantly is to have a risk-based, threat-aware and long-term oriented cybersecurity strategy that would cover all vertical and horizontal layers of your business. Every employee should be aware of and should be a part of your cybersecurity strategy.
Can legislators enact new laws to effectively deter cybercrime?
I would rather support legislative efforts aimed to stimulate organizations to better protect their digital infrastructure. Crucially, such legislation should not just impose penalties for noncompliance or data breaches but provide organizations with support, guidance and resources to enhance their cyber resilience. Governments should also significantly increase funding of cyber police units that are currently underfunded and understaffed, which limit their ability to provide the necessary support to victims of cybercrime.
Will AI help stop cybercriminals in 2023?
I don't think that AI or anything else will stop cybercrime in 2023 or later on. Cybercrime is merely a subtype of the traditional crime and deviant social behavior that has been present in society for centuries. Machine learning and AI may, however, help reduce cybercrime by bolstering cyber-defense capacities of organizations.
Of note, one should not regard AI as a silver bullet: the current state of AI in cybersecurity cannot outperform qualified security experts or outsmart experienced cybercriminals. On the other hand, AI may bring intelligent automation and acceleration to many traditionally time-consuming and laborious processes, freeing up busy security analysts for more important tasks that truly deserve their valuable time. This is actually what we do at ImmuniWeb: empower people to be more productive, efficient and cost-effective.
What's your plan for ImmuniWeb for 2023?
Currently serving over 1,000 enterprise customers from more than 50 countries, we will pursue our rapid growth and continuous innovation. At ImmuniWeb, we carefully listen to all our customers to promptly implement new features or functionalities into our award-winning ImmuniWeb AI Platform, helping them to stay ahead of the rapidly evolving cyber-threat landscape. In 2023, we also plan to announce several new products and global partnerships to deliver even more value and excellence to our clientele. Additionally, several pleasant surprises for both our customers and partners are coming soon, but I will keep the details for 2023, please stay tuned. Read Full Article
The Next Web: Spate of cyber attacks in Europe increases concerns about government defenses
Help Net Security: ImmuniWeb Community Edition 2.0 help users accelerate and automate security testing