The art of cyber crime is in a constant state of flux and evolution. Simply staying on pace with these trends is a significant part of the CISO’s job.
Today’s modern CISO must ensure they are always prepared for the next big trend and remain ahead of adversaries.
As we begin to navigate 2023, the security landscape has transformed from a year ago, let alone a decade ago. The Russian invasion of Ukraine, emerging technologies like Web3 and AI, and new, post-pandemic ways of organizing the workforce have all led to significant shifts in the world of hacking.
In this article, we’ll look at how hacking is different in 2023, some of the key threats CISOs must contend with and some of the best defenses available.
What does modern hacking look like?
Before we start, it’s worth noting that even the term “hacker” has undergone some evolution over the years. Once largely associated with hostile actors, many security professionals now refer to themselves as hackers. The term “white hat hacker” also exists; this refers to hackers using the same methods as cyber criminals to carry out ethical tasks like pressure-testing security systems.
So what are the concrete ways hacking has changed today compared to five, ten and even twenty years ago? There are several significant trends to highlight that look set to dominate the cybersecurity conversation in 2023.
A lower barrier to entry
In the past, threat actors needed highly developed skill sets honed over many years. Hacking, especially targeting high-level organizations with valuable assets, wasn’t something just anyone could do — the bar was set high.
Today, with the emergence and growth of DIY hacking kits and services — available in places like the dark web — even fairly low-skilled cyber criminals can inflict damage and successfully commit crimes. This is concerning news because it means the pool of potential attackers is soaring.
Taking advantage of the shift to remote work
Although the COVID-19 pandemic is now receding, many effects still linger. One of the most notable is the sustained shift to remote working patterns. While more remote work options come with great employee benefits such as work-life balance and productivity, this style of working also carries inherent security risks.
With millions of companies now operating either partially or fully remote, along with escalating levels of cloud adoption, security teams have the challenging task of defending sensitive information and assets. Employees access all this data from a wide range of locations — including unsafe wireless networks and even public places.
Emerging technologies will play a greater role
Emerging technologies like blockchain, the internet of things and artificial intelligence are expected to play a more prominent role in our lives in 2023, making them a more attractive target for attackers.
We’ve already seen a number of high-profile attacks on Web3 infrastructures, like the 2022 hacking of the Binance exchange for $570 million. Threat actors can also turn new technologies to their own advantage; for example, by harnessing AI tools to automate their attacks and quickly identify easy targets.
Bigger targets and heavyweight players
The invasion of Ukraine in early 2022 sparked a new era of geopolitics, shifting the cybersecurity landscape. Russia has been targeting critical infrastructure in Ukraine with cyberattacks. As tensions between the West and its adversaries reach the highest point in decades, it’s realistic to expect more such attacks against Western targets.
CISOs at all levels must prepare for attacks by nation-state actors, which could even target assets like regional power grids.
What will be the most popular hacking methods of 2023?
Which techniques will malicious actors use to achieve their goals in 2023? While it’s difficult to predict, we’ll likely see a continuation of recent trends.
- Phishing. Despite — or perhaps because of — its simplicity, phishing remains an extremely effective method for threat actors of all types. Tricking victims into sharing sensitive data, including company information, is a tried-and-tested attack vector that organizations must prepare for with widespread employee education and more robust password policies.
- DDoS attacks. Distributed Denial of Service attacks work by overwhelming the target’s servers with traffic, causing them to crash. In many cases, attackers are using cloud infrastructure to bolster their DDoS attacks.
- Ransomware. This method has been skyrocketing year over year and will probably trend upward in 2023. During an attack, malicious actors seize an organization or individual’s data, encrypt it and demand a ransom for its return. Ransomware can be devastating, leading to enormous financial losses and irreparable reputation damage.
- Targeting missing patches. Many threat actors are actively searching for security patches that organizations have failed to keep up to date. Then, they take advantage of those vulnerabilities.
What does defense against hacking look like in 2023?
As hacking continues to evolve, so do the methods cybersecurity teams are deploying to combat those threats.
Here are some of the key trends in defense against hacking to be aware of in 2023:
Automation and AI
AI is being harnessed by cyber criminals more and more, but when used correctly, it can also be a powerful tool for defense. AI algorithms are excellent at analyzing huge datasets and making accurate predictions about when and where attacks will take place, giving security teams a valuable advantage.
According to research by IBM, companies that use AI and automation to defend against data breaches save an average of $3.05 million compared to those that don’t — a difference of 65.2%.
Secure cloud assets
As cloud assets and infrastructure become increasingly popular targets, companies will focus on defending in this area. Stricter security controls, greater enforcement of access requirements and better education and coordination between teams are all excellent places to start.
Make cybersecurity a priority
The past few years have seen a growing trend of organizations taking a much more focused approach to cybersecurity with company-wide education policies and growing cyber spending.
As we enter 2023 and beyond, companies look certain to continue along this path, emphasizing security responsibility for everyone in the organization, not just security teams.