In 2022, we witnessed headline after headline about cyberattacks on public and private organisations, ransomware gangs and extortion groups putting cyber defences to the test and years-old vulnerabilities left unpatched resulting in more cyberattacks. The numerous successful cyberattacks are an indication that current cybersecurity programs are not effective in securing the evolving attack surface. To prepare for future cyber shocks, here are a few cybersecurity predictions for 2023 so that organisations can be proactive in their cybersecurity efforts.
OT security will become a necessity
Organisations are expected to increase spending on operational technology systems. Given the push for 5G in India and several other countries across the world, it's only a matter of time before the adoption of IoT and IIoT is expected to soar. As organisations prioritize OT systems, they must remember high-profile events like the attack on Colonial Pipeline and focus efforts on securing OT systems.
With IoT being a game changer, CISOs can no longer follow legacy security practices, especially at a time when attackers are going beyond common attack approaches. Most organisations have immense pressure to go smart in the OT field and it’s only a matter of time before there are more interconnected devices and more intelligence gathered from cloud technologies.
If this data resides in silos, threats cannot be contained as organisations simply won’t have an accurate picture of where the threats are coming from and how best to secure the environment. In 2023, organizations will need to make OT security a business priority.
5Gs revolutionary impact is only as strong as its security
5G adoption is one that organizations are eager about. More than half (52 per cent) of Indian enterprises want to start using 5G within the next 12 months. With low latency periods, 5G technology is expected to transform businesses across the world and speed up the adoption of IoT. This opens up organisations to more risk as securing 5G networks would be vastly different from existing 4G and poorly configured IoT devices expand the threat landscape further.
Smart doesn't always translate to secure. We expect an increase in zero-day attacks owing to supply chain vulnerabilities and the existence of legacy solutions to secure the modern attack surface. Organisations focused on 5G adoption need to focus on building cyber resilience into their people, processes and systems by adopting a zero-trust model of security.
Metaverse is exciting but not without security
The metaverse is an exciting new frontier and big businesses already have their eyes on creating their own worlds in this space for better collaboration, training and interaction purposes. However, where there is opportunity, there is cyber risk. Organisations often chase new revenue streams without focusing on security until something drastic occurs. If mass migration to cloud computing has taught us one thing, it’s that the cloud is the hottest technology in town but it’s not immune to cyberattacks. The same is true of the Metaverse. If organisations jump into the Metaverse in 2023 without testing security waters, they will open themselves up to the possibility of cyberattacks.
Ransomware wasn’t the end of it
Ransomware-as-a-service was daunting enough but what if we tell you that threat actors could escalate extortion tactics? In 2023, extortion tactics are expected to disrupt enterprises across sectors. With the crackdown on ransomware-as-a-service gangs like REvil in 2022, threat actors are expected to forgo deploying data-encrypted malware and increasingly focus on extortion-only tactics. We’ve already seen the emergence of one such gang — Lapsus$. The success of such groups in perpetrating attacks on major enterprises is expected to lead other threat actors to mimic their tactics.
In 2023, organisations can no longer retain legacy approaches and mindset to security. Technology is evolving quickly and security practices need to catch up to them. If organisations do not take a more proactive approach to cybersecurity, they might find themselves in the deep end.