Intel threat expert Cybersixgill has released its trend predictions for 2023, with geopolitical forces, economic pressures and rising attacks on AI technologies creating a climate where cyberattacks can expect to increase – and where businesses should be looking to improve security efforts as a result. 

IoT World Today spoke to cybersecurity experts from Cybersixgill and Versa Networks to find out more about the shifting threat landscape, and how businesses can work to protect themselves from novel dangers in 2023 and beyond.

Emerging Cybersecurity Threats

According to Cybersixgill, the key threats set to emerge in the coming year include the increased importance of AI for both offensive and defensive purposes, the growing e-payment industry creating new gaps for a potential attack, and the uniting of disparate threat groups to create a larger and more worrying attack.

“Cybercrime is increasingly lucrative,” the report said. “We expect a record-breaking year of cyber security breach notifications, not only because of the sophistication of threat actors – but also due to larger changes in the world: global unrest, supply chain instability, and soaring inflation – will impact an organization’s ability to mitigate, remediate, or prevent a problem.” 

Additionally, the report says ransomware will “flourish,” with this form of malware representing the most prolific and costly kinds seen in recent years.

Attacks will reportedly come primarily from “The Big Four” — Russia, China, Iran, and North Korea. 

The Rising Presence of AI

As AI becomes increasingly accessible and easy to use, the tech can be harnessed not only by those attempting to create defenses but also for attack purposes. 

As Dov Lerner, security research lead of Cybersixgill said, AI will “play an increasingly important role on both sides of the cyberwar battlefield.”

“While this technology has been developing for a while, the difference now is that it’s more and more accessible,” Lerner said. “Advanced AI capabilities that were only in the hands of a few governments and researchers became mainstream in 2022 – think DALL-E, Stable Diffusion, and ChatGPT. We think cybersecurity will go in this direction in 2023, as AI capabilities become available for both attackers and defenders.”

Specifically, governments and enterprise organizations will need to use tools such as neuro-linguistic programming (NLP) and AI to move away from a reactive to a proactive cybersecurity response. Such tools need to be properly integrated into systems early on to ensure genuine stability, with cybersecurity now a crucial design element from all stages of a product’s lifecycle.

“In a world where devices and everywhere and the Internet is the on-ramp to applications that are everywhere, the attack surface and sophistication of the attacks has expanded exponentially,” said Kelly Ahuja, CEO of Versa Networks. “The need for cybersecurity is more crucial than ever but with a new architectural approach that simplifies and automates how businesses can predict and react. AI-based capabilities are essential to scale, secure and simplify this for the future.”

Building Security into Businesses

Retraining staff to understand and respond to cyberthreats is also a new crucial part of business plans, as well as incorporating security into all aspects of day-to-day operations.

“Most obstacles within organizations are not technology related but more related to culture, organization structures, processes,” said Ahuja. “The old model of networks with a ‘bolt-on’ security approach and different solutions for different silos within the enterprises has resulted in a fragmented approach… instead of the traditional product-based approaches, a platform-based approach [must] be implemented to simplify, scale and secure the business.”

“As more and more devices become connected, attackers have a larger attack surface,” said Lerner. “A network is only as strong as its weakest link, so it is critical that IoT devices come with security by design and that they are properly configured…Organizations must map their attack surface so that they can properly protect each device and monitor threats that develop and materialize against each one.”

New Attack Points in the E-Payment Space

The rise of e-commerce and emerging online payment platforms, accelerated by the rise in online shopping during the pandemic, is creating a new terrain for attacks. With these transactions moving increasingly online, potential data breaches are not only more likely but also have the potential to cause more damage than previously.

This is a trend only set to continue and according to Cybersixgill, at the current growth rate, damage from cyberattacks will amount to about $10.5 trillion annually by 2025.

“There is significant economic motivation on the dark web to go after e-pay for those motivated by financial pressure and criminal behaviors, as opposed to politics,” the report said.

Tools such as biometric advances, fraud protection and novel regulations around cybersecurity are coming in to help companies bolster themselves against these threats, though as the landscape continues to develop the protective tools will similarly continue to emerge. Another key defense on the rise is re-training staff to recognize and respond to these novel threats.

“Most data breaches still result from human error, demonstrating the inadequacy of traditional security awareness training,” the report said. “Modern companies must abandon compliance-based awareness campaigns from the past in favor of extensive behavior and culture change programs that promote safer workplace practices.”

“As opposed to reacting, businesses want to be proactive by predicting what may be happening and act swiftly to drive growth and productivity,” said Ahuja. “AI-based capabilities are getting integrated into infrastructure and applications to enable this to happen for users and endpoints. For IT, each user can typically have multiple devices that they bring to the enterprise from both outside and inside the workplace.”