SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Wed, 14th Dec 2022
FYI, this story is more than a year old

Attackers are always evolving and looking for ways to gain access to digital systems. And with the increasing use of artificial intelligence, and quantum computing expected to soon become a reality, the cyber threatscape is changing more rapidly than ever before.

When it comes to cybersecurity, we should always try to look at what’s coming and what impact it will have. We cannot just sit back and wait for these changes to occur because when we adopt a reactive attitude, we become extremely vulnerable to digital threats, which puts our businesses and our societies at risk.

For example, with ransomware continuing to adapt with different enhancements and tactics, we must always be dynamic and flexible to change.

Yet, while some things change, others stay constant. Data privacy and security continue to be top priorities. In the new working environment, our homes are becoming an extension of the office. And with the continuing cloud adoption, there is a massive expansion of the threatscape.

Last year I made several predictions about topics including Cyberwars, Ransomware, Hacker Esports, Privileged Identity and Zero Trust. Several of them turned out to be fairly accurate, with lessons to be learned moving forward.

So, let’s take a look at what 2023 may have in store for us, with five predictions humbly submitted by an ethical hacker and cybersecurity scientist.

1. Deep Fakes and digital DNA theft

In 2023, Deep Fakes will become so authentic that not only will we see our digital identities being stolen but also digital versions of our DNA. Exposing our Digital DNA on the internet will enable Deep Fakes to replicate and create Digital Humans.

If you have ever seen the movie “The 6th Day,” we are on the same path for replicas of our digital selves. Humans try to mirror their physical lives on social media with constant uploads of photos, videos, audio and personal preferences.

With enough data points and some enhanced algorithms, it is only a matter of time before attackers can create lifelike digital avatars of anyone, and it will be incredibly difficult to identify the difference without technology to analyse the source data.

2. Home and office boundaries blur

Employees’ homes will become extensions of company offices. Just as cloud transformation dominated the pandemic period, we have now started the Bring Your Own Office transformation, where employees’ home networks have become cloud droplets or mini clouds.

The big challenge today is knowing where the organisation’s security starts and stops and whether companies should attempt to secure employees’ homes as an extension of the corporate offices.

What would that mean for the employees’ data privacy? Do we all become always-on employees if we are no longer employees only from nine to five?

In the past, personal life and corporate life had a clear separation. That dynamic changed with Bring Your Own Device, and now with Bring Your Own Office, it will evolve further, and the boundaries will become even blurrier.

3. Cyber hygiene and awareness mandates

The need to become more mindful of cyber risks will see increased attention to getting the basics right, with cyber hygiene and awareness becoming a top priority in 2023.

With more organisations looking to obtain cyber insurance as a safety net to protect their businesses from serious financial exposure caused by data breaches and ransomware attacks, the need to get a solid cyber strategy in place will be mandated to get cover. The days of “cheap and easy” are over.

This means getting back to the basics in 2023 to level up cybersecurity baselines. Ongoing remote work and cloud transformation will require a robust access management strategy – supported by multifactor authentication, password management and continuous verification – to reduce the risks.
In addition to implementing better access security controls, employers will need to empower workers with better cybersecurity awareness and provide ongoing training and education to ensure that employees are informed

and ready to be strong cyber defenders as threats evolve.

4. Cyber army operations get real

Over the past few years, we have seen many countries explore capabilities to go on the cyber offensive. As a result, this will see the introduction of cyber armies.

Many countries have already adopted some variation of a cyber force and established special units, either to support existing armed forces or to defend the country when targeted by cyberattacks, just like what Estonia did as a result of the 2007 cyberattacks. In 2010 Estonia established the Estonian Defence League Cyber Unit, which continues to prepare and simulate cyber attacks targeting the country, so they are ready to defend against them.

Unfortunately, the reality is that while many countries may have limited supplies of conventional weapons, all countries can easily build cyber weapons – and be ready to use them.

5. The new war for cyber talent

Each year the cyber talent gap is increasing. As an industry, we must encourage diversity and bring more new talent into the cybersecurity workforce at a faster speed.

As 2023 will continue to see an increase in the workforce gap, the pressure will be on exploring new ways to attract more people to choose cybersecurity as their career, and accelerating talent development.

It is no longer just about having core technical skills but rather a diverse set of skills that also include communication, marketing, design, and psychology. Cybersecurity is now a challenge for all societies, and, as Mikko Hypponen said, “we are no longer just protecting systems, but we are now protecting society.”