By Miri Marciano, Associate Director, Cybersecurity Expert at Boston Consulting Group

Here’s what organisations should be on the look out for in an increasingly volatile environment, where attackers are constantly finding new ways to access sensitive information and take control of vital systems. The wider issue will be to make sure the recovery system an organisation is fool-proof – ensuring they can bounce back from an attack in an instant.

As we develop new technologies such as the metaverse, organisations must be on the look out for new tools that attackers will be using. It is critical they consider the following trends that we will see in 2023…

1. Cyber will continue to be a big business

Cyber will always be a huge business and as we’ve seen this year, as long as new technologies are being developed, there will always be more hackers. Effective cyber protection is now regarded as a significant competitive advantage and security has become a major focus at board level of public and private organizations as an area of ongoing strategic investment – this is a key learning for next year.

2. There will be an increase in attack surface expansion

The extensive use of cloud applications by remote staff, customers, suppliers, and third parties has multiplied the attack vectors and vulnerabilities across complex, interconnected tech supply chains. There has also been exponential growth in connected low security IoT devices, adding to the rapidly growing attack surface. We also continue to feel the impact of geopolitics on the cybersecurity threat landscape.

3. Geopolitics will impact the cybersecurity threat landscape

Governments are starting to attack countries or critical infrastructure and this will grow more in 2023. The attacks won’t be to gain anything of monetary value but will be more so an act of terrorism. Or an aditional weapon when having a kinetic confrontation of parties.

4. Ransomware will continue to rank highest in terms of types of threats

In terms of types of attacks, ransomware has grown as a threat this year in the shape of double extortion, including data exfiltration, ransomware as a service and massive DDOS attacks. With these increasing threats, there must be an increase in talent and businesses are having to outsource to MSSPs as the job market is highly competitive in the cybersecurity sector.

5. An increase in supply chain attacks

Threat groups will increase their interest and capability in supply chain attacks and attacks against Managed Security Services Providers (MSSPs).

6. AI and machine learning will be made use of

Attackers will increase their use of AI and machine learning, as well as other technologies, to launch increasingly sophisticated attacks. Social engineering-based attacks will be strengthened by AI and ML. It is simpler and faster to gather data on businesses and employees using these capabilities.

It is an effective tool for cybercriminals because of its ability to anticipate what’s happening now and what might happen in the future.

On the other hand, AI can strengthen cybersecurity – powered systems such as SIEM capabilities allow security teams to detect threats faster and respond to incidents quicker. Higher capabilities create correlations, automation and more.

7. There will be a talent shortage

There will continue to be a highly competitive labour market for cyber talent. Organisations are increasingly investing in automation and orchestration to address cybersecurity tasks.

They will outsource to specialised services providers (MSSPs) rather than on-premise deployment.

8. The govenment will need to act

Nations will need to ensure protection and safeguarding of critical national infrastructure and services. Governments need to look at adapting regulations, data protection policies and compliance requirements and invest in building a culture of security awareness across organisations.

9. The main focus will be on recovery

Organisations will shift towards additional investing in recovery and restoration to prepare for managing a crisis – they will need to understand that a crisis is just a matter of time.