CYBERSECURITY experts are now releasing their industry forecasts, trends and predictions as the year ends. Apart from the attacker's behaviors, predictions consider technology to workplace trends and developing laws and regulations.
“The fluidity of today's cyberattacks will require business leaders to reimagine their cybersecurity approach constantly,” said Steven Scheurmann, regional vice president for Asean at Palo Alto Networks, a cybersecurity solutions provider. “Leaders must consider innovative solutions, technologies, and approaches that outperform traditional mechanisms. Organizations have much to consider in 2023 but remaining vigilant and aware will empower them to defend against the evolving threats.”
Here are the five key cybersecurity trends to watch out for in 2023 as identified by cybersecurity experts:
5G adoption deepens vulnerabilities
Modern 5G delivery infrastructures are built on cloud architectures. According to a recent report by the industry association GSMA, they expect 5G connections to reach 430 million in 2025, up from 200 million at the end of end-2021 in the Asia-Pacific (APAC). While the cloud provides greater agility, scalability and performance, it also exposes the 5G core to cloud security vulnerabilities.
Large-scale attacks could come from anywhere, even from within the operator's own network. With the emergence of 5G speeds, and more edge devices in the mix, bad actors will have several entry points and high network speeds to launch cyberattacks.
Securing connected medical devices
Digitization enables new health care capabilities, such as virtual health care and remote diagnosis. Technology was used widely during the pandemic to help in the fight against Covid. It will not just be enough to secure the medical devices. The need to secure the enormous mass of patient data and their digital health records is critical.
Aside from stealing the data, attackers could encrypt the data for ransomware, causing life-threatening issues at health care facilities. Just last month, a major hospital in Osaka, Japan, suspended routine medical services after a ransomware cyberattack disrupted its electronic medical record systems.
A recent assessment from Palo Alto Networks revealed an alarming 75 percent of medical infusion pumps scanned had known security gaps that attackers could compromise.
Cloud supply chain attacks
Cloud applications are built on many code packages that have downstream dependencies on a great number of open-source code. Open-source software could contain unpatched vulnerabilities or even hidden malicious code. A broader concern on open-source code is prevalent across all cloud and software service providers.
An issue within a popular code snippet could affect the entire cloud ecosystem. Most organizations are now adopting Infrastructure-as-Code to automate environment buildouts. Palo Alto Networks scanned a popular public laC repository to find 64 percent of these templates had at least one high or critical insecure configuration.
Debate on data sovereignty
Data privacy and protection becomes a point of contention when users' private information is assumed to be accessible, ready to be examined and shared for user behavior analysis, advertising, surveillance, and other covert objectives.
With the reliance on data and digital information, the volume of regulations and legislation originating from a desire to control and protect citizens and ensure the continued availability of critical services will increase. The conversations around data localization and data sovereignty will probably intensify in 2023.
Metaverse: New playground for cybercriminals
Metaverse implementations could be attacked at four essential layers: platform, conduit, edge and users. Most metaverse platforms will be built on private or public cloud architectures and are susceptible to cloud-based attacks.
Metaverses will interact with other platforms through APIs and other bridging protocols. Conduits that are bridging cryptocurrencies between metaverses will be a target of attack. Consumers will require wearable hardware, such as smart glasses or headsets, to be fully immersed in the metaverse.
These loT devices will be vulnerable to endpoint attacks and may lead to data and privacy breaches. The expanded use cases for our digital identities will make them even more attractive for cybercriminals to exploit.
“From prevention-first Al to adopting Zero Trust strategy and architecture, it will be imperative to adopt the broadest and deepest cyber expertise and threat intelligence into their defenses to stay ahead of the curve,” Scheurmann added. “But, more importantly, they must build resiliency to respond and recover from those that inevitably get through.”