The year ahead could be a period of uncertainty for both cyber criminals and security defenders, who will move forward with caution in the face of a business landscape in flux, Trend Micro said in weighing in on expectations for 2023 in a new report.
For decision-makers, 2023 provides an opportunity to reevaluate their security playbooks and shine a light on the overlooked areas of their cybersecurity infrastructure, the security provider said.
What's in Store for 2023?
Here's summary of Trend Micro's crystal ball for 2023:
The big picture:
- Enterprises will also make inroads in their digital transformations thanks to innovation drivers like artificial intelligence (AI), 5G connectivity, and cloud-based tools, but struggle with implementation woes and a lack of top talent to secure these new technologies.
- Threats will also continue to mount against enterprises, with malicious actors working to stay ahead of the game by capitalizing on outdated protocols, vulnerabilities in internet-facing devices, and overworked security teams.
- Some attackers will set their sights on big-game targets like automobiles via the cloud applications connected cars use; others will want to turn a profit from data monetization schemes.
- While there are cyber criminals that plan to ride out the uncertainties of 2023 with a return to time-tested methods like social engineering-based attacks, those in ransomware circles may branch out to entirely new business models instead.
More Trend Micro Predictions
Cyber criminals are poised to take advantage of cloud adopters’ missteps. More malicious actors will take full advantage of user-side, cloud tools misconfigurations and implementation inconsistencies to get a foothold into enterprise systems.
Look for: Many of these application challenges will come from companies that are struggling to oversee the many cloud vendors and assets that collectively make up their enterprise cloud environments.
Cybersecurity manpower and vertical regulations will be needed to secure smart factories. In the year ahead, expect companies to pour more resources into 5G and artificial intelligence that can help facilitate their transition to the industrial internet of things (IIoT). A cybersecurity skills shortage will make it difficult for their understaffed security teams to manage multiple connected factories, on top of the integration of these new technologies.
Look for: Enterprises will have to look out for IT-based attacks that will inadvertently impact OT systems connected to IT networks. Expect to see a crop of both industry-wide and government-imposed mandates that will lead to more highly regulated OT infrastructures in 2023.
Bad actors will be lurking in the blockchain. Public interest in non-fungible tokens (NFTs) and the metaverse will be stuck in the doldrums, but other blockchain-powered virtual assets, such as cryptocurrency, will continue to pique the interest of both users and malicious actors looking to move with freedom and anonymity.
Look for: While the likes of Monero will continue to be widely used for fund transfers, a fear of fluctuations in cryptocurrency markets will prompt end users to cash out quickly to fiat currencies — a trend that will drive a surge in money laundering schemes in 2023.
Social engineering lures are getting an upgrade. During this period of transition, internet fraudsters will turn to attacks that have a proven track record and bank on methods that prey on human fallibility.
Look for: More polished variants of social engineering-based attacks like business email compromise (BEC) schemes and romance scams, which bad actors will have integrated with modern tools. Cyber criminals will take a special interest in emerging technologies like deepfakes.
The ransomware arena will be thrown in flux. Lawmakers and well-armed security teams will loom large over ransomware operators, who must continue to evolve if they are to stay relevant and avert further hits to their bottom line.
Look for: Data will remain a valuable commodity, so some ransomware actors will opt to monetize data directly by scouring their victim’s systems for information they can sell off. Others may choose to move past the ransomware business model altogether and instead dedicate themselves fully to extortion schemes.
