The future of Cyber security: What can we expect?
In the age of the internet, cyber security has become an increasingly important issue. With so much of our lives now taking place online, it’s more important than ever to make sure our business and personal information is safe from hackers. In this article, we will be discussing the future of cyber security to help you ensure that your company is well-prepared to combat cyber threats in 2023.
Cyber security professionals are constantly battling and trying to stay on top of the latest trends and threats in the industry.
What are the major future concerns in cybersecurity?
- More sophisticated attacks: As technology becomes more advanced, so do the techniques of those who wish to do us harm. Attackers are always looking for new vulnerabilities to exploit.
- Increase in the number of connected IoT Devices, increasing chances of cyber security threats
- Ransomware continues to tarnish businesses
- Phishing is still the most effective way for an attack to happen
1. More Sophisticated Attacks
We can expect that cyber attacks will continue to become more sophisticated in the future of cyber security. Cyber criminals are always finding new ways to exploit vulnerabilities in systems, so cyber security experts must always stay one step ahead for the future of cyber security. As long as there are people who want to take advantage of businesses and others online, there will be a need for strong cybersecurity measures.
Since the technology landscape is getting more complex each and every day, it is impossible to have products and environments that are 100% secure. There is no such thing as a 100% secure environment or a business/individual that will not get attacked.
Think about the numerous online accounts you have – banking accounts, social media accounts, email accounts, services, gaming services, work accounts, etc. Chances are some of these services you use have appeared in the news for data breaches or cybersecurity incidents.
The reality is no organization is safe from an attack. Organizations must have a cyber security plan in place that provides data security – data redundancy and multiple layers of defense to mitigate the impact left of a attack.
The future of cyber security will continue to be complex. More use of the cloud, increasingly complex APIs, and deep dependence on these systems easily allows for areas of mistakes and misconfigured settings to be overlooked by security teams and security architects. Due to these unseen items, multiple opportunities for attackers to exploit these vulnerabilities are available.
Sometimes, the attackers know about vulnerabilities before the organizations that manufacture the products find out about the vulnerabilities themselves, these are called Zero Days – Vulnerabilities that have no patch currently available from the organization.
TThe most recent vulnerability like this was for an open-source software package called Log4J that is/was widely used throughout the industry. The Log4J utility was found to contain one such zero day vulnerability that caused havoc among the cyber security community and had security teams and security experts working constantly trying to resolve the issue.
Other notable Common Vulnerability Exposures (CVEs) are – Microsoft Exchange Server Elevation of Privilege Vulnerability[1] – October 2022 and Apple Memory Handling Issue – CVE-2022-32932[2]
As we create more complex technologies, cyber criminals will be on the lookout to understand these complexities and find ways to continue to exploit them for their advantage.
2. Increase in the number of connected IoT Devices
A second item we can look for in the future of cyber security, is the number of Internet of Things (IoT) devices that will be connected. IoT devices are hardware that connect wirelessly to a network.
These can range from smart thermostats, clocks, refrigerators, washing machines, etc. As IoT devices become more affordable and popular with smart home enthusiasts, and the general population implementing these in their home, the numbers are expected to increase.
This increasing number of devices also brings an increase in vulnerabilities. In 2022 there were over 10 billion devices[3] that were connected to the internet.
The issue with these devices is that they usually come with default usernames and passwords from the manufacturer. The average user is not familiar with how to change the default credentials to something stronger. This leads to attackers searching for devices using websites like shodan.io trying to force their way in with a standard username and password combination that is available on the web, directly from the manufacturer.
Additionally, some devices have vulnerabilities that attackers can exploit to control or steal personal information.
There have been instances of IoT devices that are used to be part of a bigger operation, such as botnets to create Denial of Service (DoS) attacks.
With these vulnerabilities present in IoT devices, the number will only be increasing. What we anticipate in the future of cyber security for IoT devices is that by 2030, the number of IoT devices is projected to rise to 29.4 billion connected devices[4].
3. Ransomware continues to tarnish businesses
Ransomware continues to be a top cyber threat to businesses and individuals alike. According to one of our recent surveys regarding ransomware[5] one out of every five companies falls victim to ransomware with the average downtime associated with the attack being 21 days. Despite the fact that ransomware attacks have been on the rise in recent years, many businesses are still not taking the necessary steps to protect themselves.
This is often because businesses underestimate the threat or believe that they will never be targeted. However, as we have seen time and time again, no business is safe from cyber-attacks, especially small to medium-sized businesses – around 50% of SMBs implement cybersecurity measures[6].
Ransomware has evolved so much that it is now a business model for threat actors. Appearing on the scene is Ransomware as a Service (Raas). This service allows potential buyers to attack their victims with much ease. Instead of having to code your own program and trying to infect a computer. You can purchase software that does this dirty work for you.
Supply Chain attacks are another method that ransomware uses to disrupt everyday business processes and flows. Businesses that use a certain service might notice the website or services of that third party have stopped working. At times this is due to a ransomware attack on a third party or supply chains. This disrupts the business flow of the affected party and any other clients or organizations the third party does business with.
Not surprisingly as ransomware attacks have increased, so have the payments. Ransomware payments continue to rise and are projected to cause around $30 billion in damage by 2023. [7]
The reason why payments have gone up depends on the criticality of the data, helping attackers set a valuable price on these assets. Additionally, when businesses pay the ransom, the attackers see this method of attack working effectively, leading to more software being developed and pushed to cripple users and businesses by making them pay for their valuable data.
Even if a victim decides to pay the ransom demands, there is no guarantee that they will be receiving the data. Some attackers have even made victims pay the ransom, then refuse to decrypt the files, only to demand payment a second time!
Notable companies that have suffered ransomware attacks are – NVIDIA, JBS, and Garmin.
So for the future of cyber security, we can expect this trend to continue.
4. Phishing is still the most effective way to launch a cybersecurity attack. For the future of cybersecurity, this will continue being a top attack vector.
With work from home on the rise, it’s hard to train users on practices related to good cyber hygiene. Particularly, when it comes to phishing emails and how to spot them. Phishing is still one of the most effective ways for an attacker to infiltrate an organization’s network and access sensitive data.
According to an analysis of 25 billion emails by Hornetsecurity[8] nearly 40% of attack methods via email were phishing related.
It’s become readily apparent, that end-users continue to be the weakest link in the defense chain. By providing regular end-user security awareness training, businesses can help to mitigate this very popular attack method.
The same report found that no organization is immune to these style of attacks. While it is true that there is a perception that SMBs fall victim more often (likely due to less budget for IT security), our study found that all industry verticals are at risk.
There are plenty of scams out there that try to trick users into providing their work information, and personal information, or duping them out of their money. Most notable are the urgent emails from the CEO asking for you to purchase gift cards or for users to download malicious files in the form of PDFs, Word, or Excel files.
As provided by a survey conducted by Hornetsecurity on the topic of email security [9], here are some statistics on Phishing attacks –
- 62% of all breaches are caused by compromised passwords & phishing attacks
- Companies between 201-1000 employees are the most vulnerable to email security breaches like phishing.
- Phishing attacks lead to data loss, and malicious software being installed. Some frequently targeted industries are healthcare, manufacturing, and finance, but again our data shows that all industries are a potential target. Critical public infrastructure (such as power, food, and supply chains) have also been attacked through phishing attacks.
Attackers have gotten noticeably better with their phishing attacks. So much so that for the year 2022 and the future of cyber security, attackers are looking at ways to send emails that look like they have been sent from inside your organization. This is known as spoofing. Additional methods of phishing methods are Business email compromise (BEC), social engineering attacks, and finally human error.
Humans play a vital role in understanding and protecting their organization from cyber security incidents. You are either your first line of defense or your last – it doesn’t matter how you look at it. In 2021, 44% of security events were caused by employees being tricked by a phishing campaign. [10]
As phishing threats have evolved over the years and have done more damage than before, phishing has no sign of slowing down. A simple yet effective way for attackers to gain access to a system, steal personal data or breach an entire company are through sending carefully crafted emails that users will not think twice about clicking.
Wrapping up the future of cyber security
In conclusion, we can expect the future of cyber security to be more complex and challenging than ever before. New technologies, complex designs of security architecture, and mis-configurations of software can lead to an increase in cyber risks and cyber threats that violate the confidentiality, integrity, and availability of corporate resources.
Statistics show that old attack techniques are still relevant and increasing every year. The threats we face will continue to evolve, and we will need to adapt our defenses and cyber security strategies accordingly to combat new threats and old threats.
Our best hope is for cybersecurity professionals to stay ahead of the curve by investing in research and development, staying informed about the latest developments in the field, and being one step ahead of threat actors.
In the future of cyber security, you can expect the four trends above to make a significant impact.
Learn more about the future and current state of cyber security in our Cyber Security Report 2023.