New Year, New Threats: Cybersecurity Predictions for 2023

There was no shortage of concerning cybersecurity stories in 2022. Take, for instance, the dramatic rise in ransomware attacks like the brazen work of the Conti Ransomware gang in Costa Rica, or the social engineering attacks like we saw happen to an Uber employee.

The NFT marketplace OpenSea experienced phishing attacks that led to $200 million worth of NFTs being hacked, and the cryptocurrency market remains highly volatile.

We also continue to see cyber attacks on critical national infrastructure in the ongoing war in Ukraine. These are just a few examples.

As we settle into 2023, these cyber concerns will remain. However, there are also new trends and issues to be aware of to stay safe and secure this year.

Deepfakes Go Mainstream

You might have seen an alarmingly realistic deep fake video of Tom Cruise in the past year, or of President Obama the previous year.

These deceptive videos – in which a person in an existing image or video is replaced with someone else's likeness – used to require powerful computer systems and AI-powered software in order to pull off a convincing final product.

However, the software is becoming more readily accessible at the same time that people have access to more and more computing power.

The result? Deepfakes are about to become a lot more common.

Malware, for instance, was once a relatively occasional occurrence rather than a never-ending torrent; then the malware development kits helped make it accessible to any bad actor around the globe who wanted to wreak some havoc. Deepfakes are poised to follow a similar trajectory.

To be clear, as the technology becomes more mainstream, there will undoubtedly be some positive use cases, and maybe even some comical or humorous uses.

But the negative applications, of which we’re only now starting to get a taste, will only multiply – and society will need to be on guard.

Security leaders should choose strong authentication methods with care—and with the understanding that, as deep fakes become more sophisticated, some biometric authentication methods may be rendered much less useful.

On the other hand, everyday individuals should monitor their accounts regularly, especially for banking, loan, and other financial services.

Implementing email security, such as using email digital certificates, is a quick fix to decrease the chances of these attacks, combined with ongoing employee training.

Unique Identifiers Will Become a Need-to-Have, Not a Nice to Have

A fundamental problem of the digital world we all inhabit is that multiple people can have the same name. There can be multiple people named Jane Smith, and even multiple people named Brad Pitt.

Part of the way that this problem is solved in the analog world is by uniquely identifying people. In the United States, for example, the Social Security number serves this function.

There can be multiple people named Brad Pitt, but there’s only one person associated with a particular social security number that uniquely identifies them.

The digital world is currently much more loose, to put it nicely. How do you know which Brad Pitt you’re actually following on Twitter?

Is there an individual named Emanuel Macron who isn’t the leader of France who is nonetheless tweeting out opinionated statements about geopolitical matters?

The former scenario might be trivial, but the latter decidedly is not. In light of recent snafus at a certain major social media platform, where identity briefly became a free for all, the question is not academic.

The ability to establish a digital identity will be critical here. Identity verification methods, combined with the use and issuance of digital identities will be critical.

And the security foundation backing these digital identities should rely on technologies such as digital certificates powered by public key infrastructure (PKI), which have long been used to secure websites and email communications.

Certificates are a proven way to help resolve the problem of who’s really who in the digital world and to establish a digital identity.

The “Quantum Apocalypse” Creeps Ever Closer

Quantum computing, which has the ability to solve certain complex problems much more quickly than traditional computers can, has many potentially transformative applications.

Unfortunately, one of them is the potential ability to crack existing cryptographic algorithms that keep sensitive data private and secure.

Current predictions are that this looming Quantum Apocalypse will occur in 2026, but there’s no guarantee that it won’t take place sooner than that.

Really, it all depends on how quickly quantum computing technology filters down from nation-states (who, at the moment, are the ones primarily able to tap into quantum capabilities) to smaller hacking groups, criminal enterprises, and bad actors.

To protect against encrypted data suddenly becoming an open book, organizations will need to turn to quantum-resistant digital certificates and cryptography.

These certificates serve the same protective function as the traditional digital certificates referenced earlier, with one crucial difference:

They employ a different cryptographic protocol and use different underlying mathematical problems and processes that make them difficult to crack via quantum computing.

Navigate the New Wave

There’s no shortage of innovation on the horizon – but with this innovation comes a new wave of risks and considerations for enterprises to prioritize in the coming year.

As the digital landscape continues to evolve and become more complex, organizations will be well served by keeping these issues top of mind, so that they can best respond to them and safely navigate around the risks they pose.

Photo by Ray Hennessy on Unsplash