Cybercriminals are getting ready for a new year of security twists and turns.It’s always distressing to review the year’s cybercrime figures. Due to the drastic changes in working conditions, strategies, and investments in 2021 and 2020, the landscape was rife with new vulnerabilities and new attack vectors.
Businesses first went remote, then hybrid. Employees left the office and headed home. Systems migrated to the cloud and got digital.
And when no one was looking, hackers flexed their fingers and exploited the gaps they had left behind. The issues changed a little bit in 2022, but security threats and vulnerabilities remained the same.
There were a few things that stood out in 2022 that really shed light on the intricacy of security and the dangers that both the organization and the person faced.
Threat actors can weaponize a vulnerability in less than 72 hours, according to research from SAP and Onapsis (https://bit.ly/3UAA0ug).
This does not paint a positive picture for security teams or businesses when combined with the findings of the “The Fast and the Frivolous – Pacing Remediation of Internet-Facing Vulnerabilities” report, which show that 53% of organizations have at least one vulnerability and that 22% have close to 1,000 vulnerabilities each.
Additionally, the “2022 Vulnerability and Threat Trends Report” noted that more than 20,000 new vulnerabilities had been published in 2021 alone, adding a few more logs to the fire.
According to Anna Collard, SVP Content Strategy & Evangelist @ KnowBe4 AFRICA, “Looking ahead to 2023, it is extremely likely that there will be a sustained increase in the sophistication and ubiquity of mobile malware assaults, particularly against Android smartphones.”
“The FluBot malware really did infiltrate Android phone owners in 2022, collecting private data, online banking credentials, and passwords. It was incredibly successful, and it’s very probable that 2023 will see more attacks of this nature.
The rising use of Internet of Things (IOT) solutions is another area of concern. For years, this technology has been waiting in the wings, promising a linked future. However, it is only now starting to gain traction in smart cities, businesses, and solutions. However, there is a substantial danger involved.
According to Collard, “operational environments, like SCADA, are becoming more digitized and inclusive of IOT technology.”
The interconnectedness and digital transformation of these systems now exposes them all to risk, when in the past a malware infection could have solely affected a company’s administrative network.
This may have an effect on the downtime of a business, as well as the physical security and wellbeing of personnel. Even worse, we’ve seen threat actors move from the financial services sector to the manufacturing sector.
This circumstance may arise in high-risk manufacturing facilities or plants where digitally connected systems are used to improve worker and equipment safety.
If these systems are breached, it can cause unanticipated issues or safety concerns. If the appropriate level of security is not in place, the additional attack surface given by digitalized systems gives thieves greater possibilities.
Naturally, it gets more challenging to effectively safeguard systems as they become more complicated, explains Collard.
The attack surface is expanded by the Internet of Things (IOT), operational technology, and networked cyber-physical worlds and systems like autonomous vehicles and digital twins.
Twenty-three is the year of alertness. Companies must raise their level of alertness and prepare themselves better for the future.
On the other hand of the cybersecurity coin, decision-makers at all organizational levels have grown more conscientious of security and committed to properly executing it.
This tendency drastically increased in 2022 and will keep growing far into 2023, which will go a long way toward assisting businesses in becoming more ready for the impending onslaught.
Security and resilience are now high on the agenda for board members and decision-makers, according to Collard.
They are aware that cybersecurity is a rising issue, driven by the media, evolving data privacy and protection legislation, a more human-centered approach to business, and other factors. Companies are recognizing the value of security policies for safeguarding their workers and their data and implementing the necessary procedures.
It is difficult to anticipate with any degree of accuracy what danger, attack surface, or vulnerability will be used by hackers in 2023.
Since it is a profitable company, it is simple to predict that they will attempt and keep trying. Companies need to concentrate on training, the development of security skills, reliable security solutions, and ongoing awareness in order to mitigate risks and establish a culture of security within the organization.