Keeping up with all developments in the digital space is one of the cornerstones of a solid cyber hygiene practice, and as such, provides great value to readers: whether they are just privacy-minded individuals or small-to-medium sized businesses, everyone should at least know about the most prevalent ways in which they can be harmed (and be more prepared when it happens!).
Without further ado, here are the most relevant trends you need to know about in the new year.
The invasion of Ukraine in February 2022 marked the beginning of a series of significant upheavals in the digital world. Although the international and expert community has long been familiar with Russia's digital capabilities, many have had the wrong idea about the motives and goals of many groups operating on its territory. For the first time, the cyber domain was (and still is) used for purposes that traditionally fall under the domain of the army.
There are already documented incidents, where various infrastructural facilities, institutions, and even the critical infrastructure of an entire region were targeted by Russia? with the help of ICT (information communications technology). What has been novel in terms of cyber warfare since the invasion of Ukraine, however, is the open, nationally-sponsored hacking by Russian groups. At the same time the tenacity and scale of the defensive response from the Ukrainians, as well as others who acted in their favor, was unprecedented. This situation also shows that developers and hackers can have a national defense motive, which can become a priority over financial gain (at least temporarily).
In the current vacuum of comprehensive regulation for cyber-warfare, this conflict will leave a deep mark, for "how-not-to" but also perhaps serve as an example-incident where it all "started", in the context of regulation and international agreements between the world superpowers. In 2023, with (hopefully) cessation of hostilities, we can expect a phase of rebuilding and consolidation of operational teams.
Risks associated with IoT (Internet-of-Things) devices
With the increasing number of devices connected to the Internet, they are becoming a more and more appealing target for hackers. A large number of "smart" devices work precisely by sending sensitive data from users (such as smart bracelets or watches). They continuously communicate what the owner is doing (and when he or she is doing it). Others have sensors and cameras, which, if hacked, can monitor the owner and his/her surroundings, without them even being aware of it!
As such, Internet-connected devices are generally not designed with "security first" in mind. The security of data access and transfer to and from sensors and other components is rarely considered. Experienced hackers can misuse such devices for a variety of purposes, even if they have no motive to monitor a specific owner (what do YOU have to hide), but simply to misuse the device in a larger, orchestrated attack on a third target.
We can expect these devices to become cheaper and more widespread in 2023. At the same time, their security will continue take a back seat. It is up to the users to decide to what extent we are willing to risk our privacy against the benefits and comforts that these devices provide us.
"Rental" of malware, or malware-as-a-service
In 2023, we expect an increase in so-called "hacking packages," which involve sale and/or rental of code or tools specifically designed to break through the defenses of a competitor on the market. Such tools can be used to steal part of a company’s data (e.g. intellectual property, patents) or to slow down production in order to give another company’s product an advantage.
Ransomware attacks, which gained momentum with the beginning of the COVID-19 pandemic, are constantly evolving. A growing number of Internet users, often without advanced cyber security knowledge or resources, such as schools, factories, hospitals, small and medium enterprises, are becoming targets.
Take steps to protect yourself from such attacks in time, before it's too late!
Inflation Will Make Cybercrime Protection 'Too Expensive'
All countries, perhaps with the exception of Switzerland, were affected by the inflation that gained momentum at the end of 2022. With the increase in prices of basic products, as well as energy products, the cost of operating a company has risen. The consequences of this phenomenon are expected to last throughout2023, and companies are already revising their budgets and expenses, analyzing where necessary savings can be made.
Digital security as part of "ICT costs" is generally put on the back burner, especially in smaller companies. Larger companies and corporations have to allocate a larger budget to protect their data because they process more of it. With larger pools of customers and more employees, large companies are more sought-after targets for hackers. However, it is the weaker protection of small and medium-sized enterprises that has made them an interesting target for cyber-attacks: although the "reward" for hacking them is lower, accessing their data, or infecting them with ransomware (a blackmail attack) is easier to carry out.
In 2023 we can expect companies to pay more and more attention to where they spend their "ICT budget". In addition, institutions, and in some cases even entire countries, are becoming much more aware of the operating costs of their equipment (computers, servers, etc.) and data management, so related to the increasing cost of energy needed for their operation, they will think about new policies and restrictions.
Lack of trained cyber security professionals in every sector
Finally, in 2023, we expect another trend that has been plaguing the industry for some time now, to continue - demand and supply of cyber security professionals. The lack of talent has increased the risks to institutions across sectors, from business to public administration. As cyber-attacks become more sophisticated and the gains from them more useful, there is a growing need for skilled cyber security professionals. Unfortunately, the staff that would have gained the experience is simply not there, and even worse, it does not seem they will come any time soon.
As the attacks are becoming more sophisticated, so does the “rewards” gained from successfully defending against them are more valuable. However, this “reward” more often than not goes largely unnoticed and unclaimed – there is simply no one there to learn from the attack. Attacks are often blocked by software (or worse, get through the software defense), but even then, the lack of cyber security professionals on the job means that there is basically no one to document, analyze and learn from the attack (successful or otherwise) in order to be better prepared for the next one.
A combination of a stressful job position, with high technical knowledge, and not-so-clear horizontal career mobility, discourages young people from investing their time and energy in the field. Much "easier" and higher paying choices for students in similar fields like mobile app development, web design, etc.
To overcome this challenge, organizations and institutions will need to focus more on outsourcing, i.e. hiring of cyber security services from third parties, usually other companies whose main activity is providing cyber security services.
If some of the trends mentioned above piqued your interest, and you want to receive regular news related to digital security, as well as tips and tricks on how to be safer online, follow us on social media and our website.
If you want to learn how to take better care of your data privacy and cyber security, register for our free, self-paced course on Digital Safety and Security:
Background illustration: Photo by Mati Mango from Pexels / Pexels license