The playing field of digital security is constantly changing. And because change is so rapid, it's vital that organizations are well prepared for disruption. After all, the better you prepare for a potential incident, the faster and better you can recover after an actual incident. The question is: what should organizations prepare for in 2023?
Democratization of cybercrime
Ransomware has become a huge market. As such, it remains a threat to be reckoned with in the new year. Especially as the Ransomware-as-a-Service (RaaS) model is becoming more and more popular. Thanks to RaaS, you don't need to be an expert to encrypt business data. All you need to do is buy a portal through the right channels to carry out your attacks.
Unfortunately, because cybercrime is so easy, young people are more often involved here. According to the police, they are often unaware of the damage they cause, but create real victims and complicate the fight against cybercrime.
spearphishing
Phishing will also continue to trend into the coming year. It is and will continue to be the primary method for cybercriminals to gain access to organizations. For employees, recognizing phishing will be much more difficult in the future. Don't expect poorly written emails from a random Gmail address, but carefully crafted messages through different channels that are very difficult to identify.
Users should be particularly wary of spear phishing. Whereas the “normal” phishing campaign approaches a large target group in the hope that someone will fall for it, spear phishing is much more targeted. For example, spear phishing campaigns can use personal data that was captured in a previous data breach. Victims then see this data reflected in phishing messages, making it easy to trick them into clicking.
We likely won't see it happen on a massive scale in 2023, but the next evolution in phishing will also utilize AI technology to trick targets. Think deep fakes and texts from algorithms that mimic your boss's writing style.
Vulnerabilities in the supply chain
In recent years, companies' digital supply chains have become increasingly extensive. Through verSaaSing, through more complex business requirements, through the need to support hybrid working. A larger supply chain also means a larger attack surface – and criminals are well aware of this. As a result, we are increasingly witnessing attacks that do not directly target an organization, but its suppliers. Attacks can include those through open source components (such as log4j) or through MSPs (using tools like Kaseya), after which criminals gain access to numerous organizations that have included this vulnerable link in their supply chain.
It is expected that more and more SMBs will be targeted by criminals to break into larger organizations (via a vulnerable API or using social engineering, for example). Large organizations should therefore thoroughly vet partners to identify potential security risks. This does not mean that you can no longer do business with certain partners. On the contrary! Larger organizations are in the perfect position to help their smaller partners become more secure and thus 'top down' their supply chain.
What will be the security priority for organizations?
Standing still is moving backwards and this is doubly true for digital security. To prepare organizations for future attacks, some measures are essential.
In the fight against ransoms, transparency in the IT environment is essential. It boils down to knowing which systems are active and what behavior shows network traffic on all connected devices, from desktop to mobile. If you control this overview well, basic tasks like patch management become easier and you can better control suspicious traffic. The latter is difficult without network transparency – criminals often use legitimate tools like TeamViewer, which allow them to fly under the radar if you're not paying attention.
To protect your organization from social engineering, you can build extra sanity checks into processes. Don't just transfer payments, always make sure you have a second set of eyes. By keeping a critical eye on requests with multiple people, you are much more likely to choose social engineering attempts.
But remember: in the end, the responsibility lies with the organization, not the individual. Health controls and common sense help with prevention, but ultimately a technically strong foundation is the real foundation. The next step in this development is collective action: acting together stronger.
For example, the Belgian government is allocating two million to build an anti-phishing shield, and the Netherlands is investigating similar solutions. With such an anti-phishing shield, for example, a DNS-level filter can be added that makes the Internet much safer, making businesses and consumers safer online. You can compare this to a water purification plant: by attacking the Internet at the source, we avoid impure and harmful “drinking water”.
Incident prevention and response go hand in hand. You can never guarantee that nothing will go wrong, but you can ensure that good preparation allows you to move quickly in the event of an incident to limit the damage. You are never one hundred percent protected against a fire, but every organization has an incident plan, a fire safety system.
The probability of a fire is less than the probability of a cyberattack. However, far fewer organizations have their “digital fire safety” in order. So don't just continue to work on prevention, but make sure you have a solid plan in place to respond to incidents, for example by appointing digital emergency response workers so that even digital fires can be extinguished quickly with minimal of damage.
