The following 2023 cybersecurity trends are based on my interactions with clients, research, discussions with peers within the cyber ecosphere, and my involvement with the FBI’s InfraGard program. Should these trends continue to materialize, they will greatly impact how companies will invest in and improve their cybersecurity defenses, as well as change both cybercriminal and consumer behavior.

Cybercriminals are known to change their insidious tactics when least expected, incessantly devising new and innovative ways to compromise our most sensitive information and inflict severe damage on our technological world. Predicting the future schemes of cybercriminals is a difficult undertaking, but the trends that I am seeing may provide some insight into what lies ahead.  

Trend 1: Mobile devices are becoming an increasingly popular target.

Our lives are seemingly dependent on our phones, whether it’s banking, admission to a concert, communicating with friends, or authenticating logins to our work accounts. Criminals are acutely aware that we would go to great lengths (and pay significant ransoms) for our phones and will accelerate their methods for compromising these devices via SIM card compromise, mobile ransomware, smishing attacks, more sophisticated malware, and other diabolical methods.

To help reduce the risk of a compromised mobile device, be cautious before taking action when receiving an unexpected text message. Enable a password on your device, establish a SIM card lock, and be judicious when installing applications. Be sure to delete the apps that you no longer use.

Trend 2: Companies are moving away from one-time validation towards zero trust.

The implementation of zero-trust solutions may finally take off in 2023. A zero-trust cybersecurity strategy involves eliminating any and all implicit trust by moving away from one-time validation and instead continuously authenticating a user and their device during every step of a digital interaction.

To remove some of the potential pain points of establishing a zero-trust solution, work with a reputable IT vendor who possesses experience and expertise in this space so that you fully understand the potential impact to your workflows and operations.

Trend 3: Cyberattacks are being weaponized for international warfare.

Cyberattacks conducted by nation states and terrorists will increase as they supplement and even begin to replace traditional tactics used in war. These attacks can impact everything from banking to infrastructure, with the recent attacks in Taiwan and Ukraine serving as stark demonstrations on how the weapons of war are shifting from bullets and bombs to keystrokes and clicks.

In order to reduce the catastrophic repercussions of a serious cyberattack, supplement your preventative efforts by bolstering your disaster recovery planning and resources in advance, so your company can quickly bounce back in a worst-case scenario.

Trend 4: Insider hacking is a growing threat due to relative ease of access.

There are few better ways of hacking a company than by having an insider to help with the dirty work. Criminal hacking groups such as Lap$us have proven that it is possible to recruit or bribe susceptible individuals that need money or are unhappy with their company. Once the insider has been turned to the dark side, it is exceptionally difficult to thwart their attacks due to privileged access and the circumnavigation of external defenses.

To offset the risk of bringing a metaphorical wolf into the fold, conduct thorough background checks and reference discussions before hiring someone who will have access to sensitive information or systems. Once an employee is hired, establish segregation of duties and consider audits or assessments by neutral third parties.

Trend 5: Compromised supply chains and third-party vendors continue to greatly impact companies.

According to Verizon, the genesis of almost two-thirds of system intrusion incidents is the result of an organization’s partner. Compromising a key service provider in the supply chain can result in more unauthorized downstream attacks, making it imperative that businesses evaluate their third-party vendors’ cyber defenses.

By implementing third-party risk management policies and procedures, vendors that could cause a potential compromise would be evaluated from procurement to offboarding, helping to ensure they are meeting or exceeding the standards needed to keep your company secure.

Trend 6: Social engineering attacks are becoming increasingly sophisticated.

A few years ago, most social engineering attacks consisted of emails appearing to originate from a kind, down on his luck prince asking for a loan until his next payday. Today’s attacks are exponentially more sophisticated, resulting in email, text message, and phone-based attacks that are virtually indistinguishable from legitimate communications. Deepfakes, which use technology to modify photos, audio, and video for malicious purposes, are also now used to further enhance the credibility of social engineering attacks.

Since every employee is a potential target of a social engineering strike, cybersecurity education is imperative so that everyone is armed with the awareness needed to detect and avoid these attacks, transforming them from the weakest link in the security chain to a virtual human firewall.

Citrin Cooperman can provide you with the resources and specialists you need in order to bolster your cybersecurity defenses against these growing threats. Speak to a member of our Technology, Risk Advisory, and Cybersecurity Practice today or contact Kevin Ricci at kricci@citrincooperman.com.