Cybercrime will continue and intensify in 2023.Ā Threat actor techniques will evolve considerably over the next 12 months. Ransomware and insider risk will grow as attackers target trusted employees with extortion attempts. Cybercrime āvendorsā are shifting toward new business models.Ā A positive forecast is an expected broader adoption of passkeys technology (passwordless login).Ā
Tim Keary,Ā editor for tech news VentureBeat in a blogpost summarisesĀ a meeting with Google security leaders and analysts.
Last year, the FBI estimated that internet crime cost USD 6.9 billion. There is a USD 2 trillion market opportunity for cybersecurity technology and service providers, consultancy McKinsey predicts referring to a survey of the cybersecurity business. āDamage from cyberattacks will amount to about USD 10.5 trillion annually by 2025āa 300% increase from 2015 levels.ā
The McKinsey report says security providers need to find productive combinations of product, price, and services that vendors can tailor to target segments and are flexible enough to scale.
Read Also:Ā 91% of companies report cyber incidents
Forecasts for 2023 by Google leaders:Ā
Identity and authentication attacks will remain a constant threatĀ
āOrganizations will continue to struggle with identity- and authentication-related attacks, where relatively unsophisticated threat actors are able to purchase credentials in the underground, or con their way into the organizationā, says Heather Adkins, VP of security engineering.
Ā āAs a result, platform makers will be pressured to help consumers and enterprises defend against malware that steals those credentials.āĀ
Insider risk will increase as threat actors target trusted employeesĀ
āWe will see increases in insider risks, with attackers attempting to coerce and extort otherwise trusted insiders to commit malicious acts. Meanwhile, federated identity and authentication vendors will come under increasing attack to attempt to target other software as a service (SaaS) providersā, says Phil Venables, (CISO).
āWeāll also see people start to realize the Y2K-scale level of work involved in transitioning to post quantum cryptography.āĀ
Ransomware attacks on public and private sectors will continue to increaseĀ
āGlobally, weāll see the continued growth and prominence of ransomware attacks acrossĀ public and private sectors. Across the wider attack surface, industry-specific threats and capabilities will grow, affecting verticals including healthcare, energy, finance and moreā, says Royal Hansen, VP of privacy, safety and security.
āAs an industry, our ongoing research and work on supply chain security, especially on the heels of major attacks, will continue to reveal how much more collaborative work needs to be done.āĀ
Broader adoption of passkeys technologyĀ
āBeyond password management and account security improvements, weāll see broader passkey adoption from developers and users, and in common security vernacularā, predicts Parisa Tabriz, VP of Chrome browser.
āWe can also expect to see SMS/one-time password (OTP) phishing continue to rise, so websites and apps will be more likely to adopt passkeys for both consumer-facing and internal admin tools.Ā
āIn a hybrid corporate environment, and with more work happening on the web, the browser will become an even more strategic asset for enterprise security.Ā
āIn terms of workforce, the demand for cybersecurity experience and capability at all levels of organizations in the private and public sector will continue to surpass available talent. This will underscore the need for investment in multidisciplinary cybersecurity skills development for the future.āĀ
Cybercrime vendors will shift their business modelsĀ
āWe will see greater pressure on commercial spyware vendors, and hack-for-hire operators, from both tech companies and governments. However, these threat actors wonāt go away; we will instead see reorganization, renaming and some shifts in business modelsā, says Shane Huntley, senior director of Threat Analysis Group.
āGlobally, China and Russia will continue to focus heavily on regional issues, including activity related to Ukraine. ā
āAs campaigns for the 2024 election commence, campaign and election security will be front and center issues, including discussion around information operations (IO.)ā Ā
Cybercriminals will look to target reused passwords and secret question fieldsĀ
āWith so many data breach dumps circulating on the dark web, weāll see a surge of attacks leveraging not only reused passwords, but also all the secret question fields (birthdate, SSN, street addresses or others)ā, saysĀ Mark Risher, senior director for platforms and ecosystems.Ā
āTo defend themselves, apps and websites will increasingly adopt secure authentication, like federated identity and passkeys ā in lieu of username, password, SMS code and others ā with the added benefit that these mechanisms are also easier and more convenient for users.ā
Read Also:Ā Cybersecurity is a USD 2 trillion market opportunity
Ā
Ā
The post Specialists forecast intensified cybercrime attacks in 2023 appeared first on Moonshot News.
Source: Read More