SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Ransomware to remain public enemy #1 in 2023 - report
Thu, 5th Jan 2023
FYI, this story is more than a year old

Ransomware will remain public enemy #1 in terms of cybersecurity, according to new security predictions for 2023 from Red Access.

As of 2022, roughly 68% of all global organisations have fallen victim to at least one ransomware infection. Sadly, that figure will continue to rise in 2023, as ransomware grows even more widespread. 

"The commodification of offensive hacking tools (sold primarily on the dark web) has dramatically reduced the barriers to entry into the ransomware business, and the promise of million-dollar paydays has encouraged new entrants in droves," says Tal Dery, co-founder and CTO of Red Access

"In 2023, watch out for the continued growth of double-extortion tactics, in which threat actors both encrypt and exfiltrate sensitive data, which they then sell for a second payday."

Deepfakes will grow more sophisticated and widespread in 2023, according to Red Access.

Dery says deepfake technology has made significant ripples in the cultural consciousness over the past year or two. 

"And they will continue to blur our perception of reality in 2023, as AI and machine learning tools make them both easier to develop and more difficult to detect," he says. 

"In the coming year, we will likely see deepfakes play a more prominent role in a wider range of attacks, including impersonation in instances of fraud and as a political tool for the spreading of disinformation. 

"Cyberattacks that target identity will become much more powerful as deepfake video impersonations of targets are used to gain trust and access to sensitive accounts. We can also expect to see them used in cases of economic and political sabotage, in which videos depicting prominent business and political figures saying or doing harmful things are disseminated – presumably simply to watch the world burn."

Red Access says browsing security will become a top priority for enterprises.

"In just a few short years, the rise of digital transformation and hybrid work have transformed the web browser from a largely leisure-time application into the fundamental workplace productivity tool," says Dery.

"For the average enterprise employee today, the web browser functions more like a central operating system than just another application serving as their primary gateway to the digital world of work. 

"As such, organisations are beginning to recognise the urgent need to secure and manage this layer in a more comprehensive fashion. 

"In 2023, well see browsing security and management go from a secondary consideration to a central concern and point of security for organisations both large and small."

According to Red Access, passwordless solutions will finally gain traction at the enterprise level this coming year.

Though passwordless authentication solutions have been around for a while, they've struggled to gain widespread implementation at the enterprise level. This, however, appears to be changing, with companies like Google rolling out passwordless authentication options for Android and Chrome, and other major tech players initiating similar plans. 

"With more phishing attacks taking place in 2022 than ever before, the shift to passwordless solutions will be a major step in the ongoing effort to stem the tide as passwordless authentication solutions are inherently more phishing resistant than traditional passwords," says Dery.

"Which type of passwordless authentication architecture will see the most widespread adoption, well have to wait and see, but possible contenders include: biometrics, authenticator applications, physical security keys, and magic links."