Cyber experts have predicted the top cybersecurity challenges that Australia will face in 2023, and what’s going to be “public enemy #1.”
New security predictions from Red Access – a company that provides the first agentless unified platform to secure all enterprise browsing activity – deemed ransomware the top cybersecurity challenge for 2023, with deepfakes also expected to grow more sophisticated and widespread.
“The commodification of offensive hacking tools (sold primarily on the dark web) has dramatically reduced the barriers to entry into the ransomware business, and the promise of million-dollar paydays has encouraged new entrants in droves,” said Tal Dery, co-founder and CTO of Red Access, as reported by IT Brief. “In 2023, watch out for the continued growth of double-extortion tactics, in which threat actors both encrypt and exfiltrate sensitive data, which they then sell for a second payday.”
Regarding deepfakes, Dery expects these types of technology to continue blurring people's perception of reality as AI and machine learning tools make them easier to develop and more difficult to detect.
“In the coming year, we will likely see deepfakes play a more prominent role in a wider range of attacks, including impersonation in instances of fraud and as a political tool spreading disinformation,” he said.
“Cyberattacks that target identity will become much more powerful as deepfake video impersonations of targets are used to gain trust and access to sensitive accounts. We can also expect to see them used in cases of economic and political sabotage, in which videos depicting prominent business and political figures saying or doing harmful things are disseminated – presumably simply to watch the world burn.”
Apricorn, which provides hardware-based 256-bit encrypted external storage products to organisations requiring high-level protection for their data at rest, said it expects many companies to face an increased risk of losing IP or leaked research and development (R&D) data.
“There needs to be a push for data encryption across all levels of business,” said Jon Fielding, managing director of EMEA at Apricorn, as reported by IT Brief. “Encryption can protect data when it's both at rest and in transit, and the stakes for not encrypting data are only getting higher; 16% of the IT leaders surveyed admitted that a lack of encryption had been the main cause of a data breach within their company, up from 12% in 2021.”
With modern cars keeping track of more data than people have thought about, Fielding emphasised the significance of protecting the collected data.
“This year, automobile manufacturers should consider how they can protect driver data such as dashcam footage to credit card information stored on phones connected to the vehicle via Bluetooth technology,” he said. “Let's not forget driver GPS location, which presents a serious security issue if accessed by the wrong person. The adoption of a 3-2-1 storage strategy and encryption of all data should be a manufacturing industry best practice with automotive manufacturers leading stepping up as innovators that recognise the need to protect this data.”
Apricorn expects organisations to face challenges by resource constraints brought by economic challenges, staff shortages, and tech layoffs.
“This scarcity of resources may put additional strain on IT teams leading to increased cybersecurity risks,” Fielding said. “I predict that an increase in cybersecurity breaches, and data loss events may occur as a result of IT teams being stretched too thin.”
Fielding advised organisations to focus on employee education to avoid data loss and cyberattacks.
“By investing in employee education, organisations can fortify their data security with foundational prevention measures such as regular data backup with encryption, using strong passwords, and enabling multi-factor authentication,” he said. “Combined, these efforts can help ensure data resiliency, even for organisations with limited resources.”
Apricorn expects an increase in ransomware attacks driven by instability in the global cryptocurrency market. This aligns with security giant Sophos' 2023 Threat Report, which predicted a more hostile cyber environment in 2023.
“Ransomware attackers have often demanded payments in bitcoin and other cryptocurrencies for their data ransom schemes, and the weakening of the crypto market will likely push fraudsters to try and make up their losses with additional attacks,” Fielding said. “When it comes to ransomware and cyberattacks, organisations need to have a formal and well-practiced plan to back up and recover their data.”
With various internal and external threats and risks likely to result in data loss, Apricorn expects IT professionals to back up their data and ensure that it is usable.
“Data backups are only effective for restoration when the data is recent, accurate, and accessible. And with a reliance on cloud storage, increased risk of cyberattacks, and potential employee errors, IT professionals need to put their data backups to the test,” Fielding said. “Backup and recovery strategies need to be intentional, practiced, and effective as corrupted, compromised or out-of-date data will only hinder recovery efforts.”