It’s that time of year for making predictions for the coming year and the team at Cyber Protection Magazine put out the call in early November with two requirements. Predictions could not be self-serving and could not be obvious, like “cyber attacks will increase.” Of course they will but what will they look like? The result didn’t disappoint. There was a general consensus from respondents that while ransomware will still be an issue, Fraud will dominate security issues in 2023. There were several reasons for that.
Crypto crash hits ransomware
First and foremost is the implosion of the cryptocurrency market, the favored currency of ransomware gangs. By the time the ransom is paid, the cryptocurrency demanded could become virtually worthless. As early as July, Dark Reading showed the volume of attacks had dropped by 20 percent year on year. That doesn’t mean ransomware is going away, but the criminals need a new source of revenue, and fraud seems to be the way to go.
Cyjax CISO Ian Thornton-Trump pointed out that while cyber-fraud doesn’t yield the big payday ransomware provided, it makes up for it in volume. Hitting a thousand personal bank accounts for $100 produces a $100,000 return on the effort.
Bruno Farinelli from ClearSale explained that a new favorite tool of criminals is bypassing basic cyber-hygiene practices. All they need is a victim’s name, birthday, and address and an algorithm on a powerful laptop can generate hundreds of thousands of numbers, expiration dates and security codes on credit/debit cards in seconds. About the only thing victims can do is keep an eye on their accounts and report unauthorized charges immediately.
Security reaches the boardroom
Another reason for the decline in ransomware is the growth of basic cyber awareness that is now reaching the boards of directors,
Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, (NYSE: KD) said, “With 88 percent of boards now seeing cybersecurity more as a business risk than a technology risk, cyber resilience is no longer just a CISO problem in 2023. it’s an issue and focal point for the entire C-Suite and company boards. Companies understand they’re more likely to endure a cyber event than a physical disaster and they must protect all areas of their business.
Jeff Costlow, CISO of ExtraHop pointed out that former soviet-bloc countries have realized the emperor is naked and are looking to other countries for cybersecurity alignment, including China. “Companies may see different nation-state campaigns in 2023 as Russia loses some of its cyber-controlled territories. Nation-state actors will escalate credential stuffing firms taking opposing stances on conflict.”
Costlow also agreed that account takeover fraud will increase as usernames and passwords for personal social media accounts make up most breached data dumps. “We will most likely see a rise in more targeted account takeover attempts with leaked credentials — especially lucrative corporate accounts.”
And cybersecurity companies are not off the table, he admitted. “My teams noticed an uptick in unauthorized access attempts and trolling on our own corporate accounts when the company shared resources related to CISA’s Shields Up guidance.”
Marijus Briedis, CTO of NordVPN, chimed in on user-date vulnerabilities, “Authoritarian countries and hackers are working hard to compromise those factors. However, I see the light at the end of the tunnel because people are starting to value their data, pushing businesses and governments to take action.”
Silver linings and big promises
2023 will be a big year for privacy laws. India will start discussing its own version of the GDPR in January 2023, the Personal Data Protection Bill. The US Congress is pushing through the American Data Privacy and Protection Act, an outgrowth of President Biden’s executive order issued in May on improving the nation’s cybersecurity and coordinating with similar EU efforts.
But in spite of the big promises from the quantum computing world, 2023 will not see any major breakthroughs even with increased government funding.
“The $15 million price tag for a quantum computer is still way too expensive for the majority of organizations,” said Classiq CEO Nir Minerbi. “Most companies with quantum computing projects will use services like Amazon Braket rather than buy quantum computers in the year ahead. That will allow them to build quantum knowledge and position to gain quantum advantage without locking themselves into a major hardware investment.”
To sum up, for 2023, personal responsibility will still be the greatest defense against cyber attacks. Stay alert.
Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.