This post is part of our 2023 cybersecurity prediction series.
Scott Register, VP Security Solutions at Keysight Technologies
AI on the Offense
Deepfake technology to date has resulted in political confusion, internet chatter, and some amusing mashup videos, but expect this to change in the near term. Security experts have warned for years about the possibility of social engineering attacks with deepfakes, and the technology has matured enough for 2023 to see hackers successfully leverage it. We will see an increase in image generation, generated audio, and conversations that appear realistic, designed to trick recipients into sharing personal data or other sensitive information. The deepfake threat isn't relegated solely to consumers; we'll likely see threat actors spoof a Fortune 100 CEO in an attempt to defraud or otherwise damage the organization.
Hackers in Your Home
With the increased adoption of IoT devices, hackers will no longer be nameless, faceless entities but rather a tangible threat within our smart homes. Expect threat actors to infiltrate webcams, microphones, Smart TVs and other connected devices, demanding money transfers or bank account details. As this happens, IoT manufacturers will have to formulate their response to IoT-based extortion.
Hackers’ End Game: Physical Damage
Hackers may have traditionally abided by a quasi-code of ethics to limit physical destruction, but those days are long gone. Expect 2023 to see more targeted OT attacks designed to disable or destroy system availability with the end goal of harming people. For example, ransomware attacks against life-saving equipment in the healthcare sector will become fair game.
Evolving Cyber Insurance Industry
Historically cyber insurers have embraced a yes/no approach to coverage based on the company's maturity level and the types of threats facing the organization. Expect this to evolve in 2023, with insurance companies declining to cover more enterprises and also introducing risk-based pricing in response to the dynamic threat environment. I believe we'll see more exemption clauses denying coverage for ransomware and other specific attack types.