Ransomware continues to be the preferred cyberattack medium, affecting 80% of critical national infrastructure and increasing by 62% yearly. It has already affected 14 out of 16 critical infrastructures in the US alone, including the emergency services, food and agriculture, as well as government facilities. Ransomware attacks have very real effects on the general public, as seen during the Colonial Pipeline attack, which compromised gasoline supply to much of north-eastern USA.
Software supply chain attacks were another rising trend this year, with 3 out of 5 companies surveyed by WithSecure reporting being targeted. Cybercrime damage is estimated to reach $10.5 trillion yearly by 2025 – a far cry from $3 trillion in 2015. Detection and prosecution rates for these cybercriminals are low, with less than 10% of cybercrimes being reported and fewer than 0.05% being prosecuted.
It’s up to organizations to protect themselves and adapt cyber security measures equipped to counter these attacks. Fortunately, cyber security has been a board room topic, with more executives understanding the risks and deploying strategies to address them.
Working closely with our cyber security specialists, we’ve compiled a list of the most significant incoming trends for 2023, and what can be done about them.
Cyber Security Predictions for 2023
Hackers targeting Western companies as global conflicts escalate
Reports have been received that Russian hackers have come close to shutting the power supply to two million Ukrainians, by using a variant of Industroyer malware. This has echoes of the attack in 2017 using NotPeya malware, which was intended for Ukrainian companies but leaked worldwide and caused $10 billion in damages.
An analysis by Microsoft identified more than 200 cyberattacks from Russian hackers on Ukrainian institutions since the war started. Similarly, GCHQ has shared that they’ve seen indications of Russian cyber operatives targeting organizations in countries that oppose Russia’s maneuvers. They have warned organizations to be vigilant and ramp up their cyber security measures.
Elsewhere, China is stockpiling vulnerabilities under a new law requiring organizations to report security vulnerabilities to local authorities before disclosing them to any other entity. China-based and backed threat actors will likely come to dominate the discovery and development of zero-day exploits in the future.
Increase in available attack surface
Hackers used to target traditional IT network systems, but with the prevalence of remote work after the pandemic, they have moved on to attack cloud-based systems with increasing frequency. Our global survey revealed that data breach is the primary security challenge facing IT professionals, and ensuring the security of their cloud-based applications like Salesforce and Microsoft 365 is a top priority.
Cloud-based systems aren’t the only ones under fire. Mobile devices are the next logical target, as remote workers rely on them for two-factor authentication, instant messaging applications, and touchless payment methods. Even IoT devices can be compromised as remote work sees the usage of these devices increase.
For those using Salesforce, security experts advocate implementing tighter user access levels and checking app configurations. Implementing a least-privilege approach will help prevent these attacks and accidental human errors.
Rising costs of cybersecurity measures
A 2020 survey revealed that organizations found it costly and unsustainable to keep up with cybercriminals. As security threats become more sophisticated, maintaining a robust security system can increase costs by up to 25%.
However, organizations can’t afford not to keep up and risk suffering millions in damages from a successful data breach. And for those relying on Salesforce’s cloud solution, investing in a sturdy Salesforce data security solution is a must.
Better cyber security training resulting in a security-focused company culture
Cyber security isn’t just the responsibility of IT departments. The whole organization, from low-ranking employees to top-level executives, are in charge of protecting organizational data assets from malicious actors. Phishing is the primary cause of data breaches, and innocent employees are the primary targets.
Aside from providing phishing and security awareness training, companies must enforce Zero Trust architecture and policies. Adopting a company culture that prioritizes security goes a long way to preventing and detecting cyberattacks.
Use of AI and machine learning to attack and defend
Artificial Intelligence is a double-edged sword used by both cybercriminals and security systems. Machine learning helps cyber security systems assess threats and determine the behavior of hackers preventing similar attacks in the future, resulting in automated security systems and threat detections. However, AI can also create advanced or sophisticated malware developed via malicious web links.
Our report showed that malicious files are a popular attack method, often using Trojan-type malware. An advanced threat protection for Salesforce cloud platform is a proven way to prevent these attacks, as WithSecure complements Salesforce native security by blocking off malicious files and phishing URLs.
Conclusion
There’s no indication that cybercriminals are slowing down their activities as we enter 2023. Bad actors constantly develop more sophisticated threats that target the weakest links in every company. Robust cyber security training and a sturdy Salesforce security solution are the best remedies to prevent these attacks.
BOOK A DEMO
Secure your Salesforce today
Tailored for high compliance sectors, our certified solution safeguards Salesforce clouds for global enterprises, including finance, healthcare, and the public sector.
Fill the form and get:
Free 15-day trial
Personalized Salesforce security risk assessment report
Demo and a solution consultation
Support from our experts with setup and configurations