Content, Content

2023 Predictions: Expect More Supply Chain Attacks, Ransomware-as-a-Service Kits in 2023

Credit: Getty Images

The new year will see a rise in supply chain cyberattacks, an increase in mobile threats, an even stronger emphasis on cloud security, ransomware-as-service, and stricter
data privacy laws, according to a Hacker News blog predicting 2023 cybersecurity trends.

Supply Chain, Mobile Devices Vulnerable

Expect digital supply chain attacks to rise exponentially, according to researcher Gartner, spiking to 45% of organizations worldwide experiencing that type of intrusion by 2025, Hacker News pointed out. New supply chain software means a larger attack surface, which means companies will need to widen how they protect their organizations.

What to do: “If you've introduced new software supply chains to your technology stack, or plan to do so sometime in the next year, then you must integrate updated cybersecurity configurations,” the blog reads. “Employ people and processes that have experience with digital supply chains to ensure that security measures are implemented correctly.”

Mobile devices will become a bigger target for cyber-attack as hackers hone in on mobile devices, SMS-based authentication will become less secure.

What to do: “Mobile must move away from relying on SMS-based authentication, and instead to multifactor authentication (MFA) that is more secure. This could include an authenticator app that uses time-sensitive tokens, or more direct authenticators that are hardware or device-based,” Hacker News wrote.

Cloud Security Essential as RaaS Increases

Companies will double down on cloud security. Cloud security should be a top priority in 2023 and beyond. Cyber criminals become more sophisticated and evolve their tactics as technologies evolve, which means cloud security is essential as you rely on it more frequently in your organization.

What to do: Implement zero trust. “The main principle behind zero trust is to automatically verify everything—and essentially not trust anyone without some type of authorization or inspection.”

Ransomware-as-a-Service will increase. Ransomware-as-a-Service (RaaS) kits make it even easier for threat actors to deploy their attacks quickly and affordably, which is a dangerous combination to combat for anyone leading the cybersecurity protocols and procedures.

What to do: Make sure your cybersecurity procedures are clearly documented and regularly practiced so users can stay aware and vigilant against security breaches. Employing backup measures like password policy software, MFA and email-security tools in your organization can also mitigate the onus on end-user cybersecurity.

Expect data privacy laws to get stricter. With new data privacy laws set to go into effect in several states over the next year, now is the time to assess your current procedures and systems to make sure they comply.

What to do: Companies should review their regulation compliance as more states are likely to develop new privacy laws going forward. Data privacy laws often require changes to how companies store and process data and implementing these new changes might open you up to additional risk if they are not done carefully.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.