Security teams face growing pressure as the cyber workforce gap widens, while governments are expected to introduce new cyber regulations.
Credit: Getty Images
by Jim Masters • Nov 10, 2022
What’s in store on the cybersecurity front? Check Point Software Technologies Ltd. offers its predictions for 2023, detailing the key security challenges that organizations will face.
Cyberattacks across all industry sectors increased by 28% in the third quarter of 2022 compared to 2021, Check Point said in a prepared statement. In addition, Check Point predicts a continued sharp rise worldwide, driven by increases in ransomware exploits and in state-mobilized hacktivism driven by international conflicts.
Pressure Growing on Security Teams
Security teams will face growing pressure as the global cyber workforce gap of 3.4 million employees widens further, Check Point reports. And governments are expected to introduce new cyber regulations to protect citizens against breaches.
In 2022 cyber criminals and state-linked threat actors continued to exploit organizations’ hybrid working practices, Check Point said. As such, the increase in these attacks is showing no signs of slowing, as the Russia–Ukraine conflict continues to have a profound impact globally.
Check Point advises organizations to consolidate and automate their security infrastructure to enable them to better monitor and manage their attack surfaces.
2023 Cybersecurity Predications Detailed
Check Point’s cybersecurity predictions for 2023 fall into four categories: malware and phishing; hacktivism; emerging government regulations; and security consolidation.
Hikes in malware and hacking exploits
- No respite from ransomware. This was the leading threat to organizations in the first half of 2022. The ransomware ecosystem will continue to evolve and grow with smaller, more agile criminal groups forming to evade law enforcement.
- Compromising collaboration tools. Phishing attempts against business and personal email accounts are an everyday threat. In 2023, criminals will widen their aim to target business collaboration tools, such as Slack, Teams, OneDrive and Google Drive, with phishing exploits. These are a rich source of sensitive data given most organizations’ employees continue to often work remotely.
Hacktivism and deepfakes evolve
- State-mobilized hacktivism. In the past year, hacktivism has evolved from social groups with fluid agendas (such as Anonymous) to state-backed groups that are more organized, structured and sophisticated. Such groups have attacked targets in the US, Germany, Italy, Norway, Finland, Poland and Japan recently. These ideological attacks will continue to grow in 2023.
- Weaponizing deepfakes. In October 2022, a deepfake of U.S. President Joe Biden singing “Baby Shark” instead of the national anthem was circulated widely. Was this a joke, or an attempt to influence the important U.S. mid-term elections? Deepfakes technology will be increasingly used to target and manipulate opinions, or to trick employees into giving up access credentials.
Governments step up measures to protect citizens
- New laws around data breaches. The breach at Australian telco Optus has driven the country’s government to introduce new data breach regulations that other telcos must follow to protect customers against subsequent fraud. We will see other national governments following this example in 2023.
- New national cybercrime task forces. More Governments will follow Singapore’s example of setting up inter-agency task forces to counter ransomware and cybercrime, bringing businesses, state departments and law enforcement together to combat the growing threat to commerce and consumers. These efforts are partially a result of questions over whether the cyber insurance sector can be relied upon as a safety net for cyber incidents.
- Mandating security and privacy by design. The automotive industry has already moved to introduce measures to protect the data of vehicle owners. This example will be followed in other areas of consumer goods that store and process data, holding manufacturers accountable for vulnerabilities in their products.
- Cutting complexity to reduce risks. The global cyber skills gap grew by more than 25% in 2022. Yet, organizations have more complex, distributed networks and cloud deployments than ever before because of the pandemic. Security teams need to consolidate their IT and security infrastructures to improve their defenses and reduce their workload, to help them stay ahead of threats. More than two-thirds of CISOs stated that working with fewer vendors’ solutions would increase their company’s security.