By Todd Moore, VP of Encryption at Thales
The security landscape continues to change and evolve – with every year bringing fresh challenges for organisations. This year is no different – with trends driven by geopolitical issues, and the rising cost of living, to name a few.
So, how is this impacting the cyber security landscape? Todd Moore, VP of Encryption at Thales outlines six key security trends that we can expect throughout the remainder of 2023.
The recession will accelerate organisations’ vendor consolidation strategies
Organisations will move away from point solutions and back towards data consolidation. In the face of the recession, cost of living crisis and looming skills gap, simplification and efficiency will be key priorities in 2023. Automation will go some way to help simplify, but organisations will need to work with the right partners to ensure that assets and data are adequately secured.
By combining robust encryption, policy-based access controls, centralised administration and enterprise key management, organisations can consolidate while keeping valuable assets protected and in compliance with regulatory mandates.
Consumerising ransomware – connected cars will be the next big target for hackers
The connected car market continues to grow and will become a bigger target for ransomware hackers and developers.
Connected cars operate on millions of computer codes which, if not secured properly, could easily be hacked. Installing malware into the operating system of a vehicle could cause severe consequences – whether it’s disabling brakes on a busy road, locking users out until a ransom is paid, or stealing personal or corporate data.
Additional attention must also be paid to electric vehicles. With Biden championing the electric car revolution, and the UK government targeting zero emission cars and vans by 2035, technology is advancing at pace. This speed of development – needed to reach important environmental targets –could create additional security risks. “Security by design is critical, and it’s imperative that car manufacturers bake in robust cyber security standards from the outset to avoid scenarios like this from occurring.
Mass layoffs in tech will trigger a major security breach
The news has already been flooded with stories about mass-layoffs at some of the world’s biggest tech companies. Beyond these high-profile examples hitting the headlines, the recession and ongoing cost of living crisis means that many more companies may need to reduce their headcount in the year ahead.
This mass layoff of workers – many happening virtually – will no doubt create some major security vulnerabilities, whether that is the result of a disgruntled employee, or a diminished IT team meaning the right steps are not being taken to remove access management rights. One way or another, in 2023, we expect to see a major security breach pinned on poorly managed redundancies.
Sovereign data laws will go travelling
The entire definition of data sovereignty is changing to stay relevant to the modern technological landscape. A year ago, sovereignty meant data not leaving the confines of that organisation. Now, some customers are treating sovereignty as the ability to control the location of their data by moving it to different locations on a periodic basis so it can’t be targeted by hackers.
In the year ahead, we expect this trend to continue with portability becoming the biggest priority for global organisations. To achieve this, companies need to ensure they have cloud-agnostic technologies in place so they can easily lift a workload in the cloud and move it to a different location. DevOps approaches can also help by writing code that is cloud neutral, so workloads can be spun up anywhere
The Metaverse will open up a new frontier for hackers and extortion
As the Metaverse and other virtual platforms become increasingly popular, we’ve seen a greater importance placed on virtual services and resources – with users starting to value these assets just as much as physical ones.
Children in particular are early adopters of these platforms, often using their parents’ bank details to purchase virtual currencies, making them a vulnerable target and a potential gateway for wider attacks.
These platforms have very quickly entered the mainstream, so ownership of these virtual assets needs to be brought under tight control with the same level of security and scrutiny as with other platforms.
The business of cybercrime: Extortion ransomware will rise
Attacks on critical infrastructures will continue in 2023 and the tactics these threat actors use will likely remain unchanged. The reality is that cybercriminals operate like a business, and if they’re remaining successful in their attacks, they won’t see a need to mature their methods.
While ways of gaining access remain the same, what we’re starting to see shift (that will continue into next year) is how cybercriminals are approaching extracting money. Double extortion and even triple extortion attacks against critical infrastructures will expand rapidly as they provide attackers with larger sums of ransom and multiple payment avenues – allowing them to put revenue back toward their own infrastructure.