This post is part of our 2023 cybersecurity prediction series.
Ransomware will remain public enemy #1.
As of 2022, roughly 68% of all global organizations have fallen victim to at least one ransomware infection. Sadly, that figure will continue to rise in 2023, as ransomware grows even more widespread. The commodification of offensive hacking tools (sold primarily on the dark web) has dramatically reduced the barriers to entry into the ransomware business, and the promise of million-dollar paydays has encouraged new entrants in droves. In 2023, watch out for the continued growth of “double-extortion” tactics, in which threat actors both encrypt and exfiltrate sensitive data, which they then sell for a second payday.
Deepfakes will grow more sophisticated and widespread.
Deepfake technology has made significant ripples in the cultural consciousness over the past year or two. And they will continue to blur our perception of reality in 2023, as AI and machine learning tools make them both easier to develop and more difficult to detect. In the coming year, we will likely see deepfakes play a more prominent role in a wider range of attacks, including impersonation in instances of fraud and as a political tool for the spreading of disinformation. Cyberattacks that target identity will become much more powerful as deepfake video impersonations of targets are used to gain trust and access to sensitive accounts. We can also expect to see them used in cases of economic and political sabotage, in which videos depicting prominent business and political figures saying or doing harmful things are disseminated…presumably simply to watch the world burn.
Browsing security will become top priority for enterprises.
In just a few short years, the rise of digital transformation and hybrid work have transformed the web browser from a largely leisure-time application into the fundamental workplace productivity tool. For the average enterprise employee today, the web browser functions more like a central operating system than just another application — serving as their primary gateway to the digital world of work. As such, organizations are beginning to recognize the urgent need to secure and manage this layer in a more comprehensive fashion. In 2023, we’ll see browsing security and management go from a secondary consideration to a central concern and point of security for organizations both large and small.
Passwordless solutions will finally gain traction at the enterprise level.
Though passwordless authentication solutions have been around for a while, they’ve struggled to gain widespread implementation at the enterprise level. This, however, appears to be changing, with companies like Google rolling out passwordless authentication options for Android and Chrome, and other major tech players initiating similar plans. With more phishing attacks taking place in 2022 than ever before, the shift to passwordless solutions will be a major step in the ongoing effort to stem the tide — as passwordless authentication solutions are inherently more phishing resistant than traditional passwords. Which type of passwordless authentication architecture will see the most widespread adoption, we’ll have to wait and see, but possible contenders include: biometrics, authenticator applications, physical security keys, and magic links.