Cybersecurity is important. I think we can all agree about that. And, it’s forever evolving, because just as we figure out a response to a cyber threat, hackers go and find a new way of attacking.
The latest in cyber threat evolution was using AI to create malware. But, that’s not all there is to it. That’s why maintaining cybersecurity is not a one-time exercise. One needs to work hard to keep up.
And, as with anything that is ongoing, one can expect to see patterns and trends.
So, what are the cybersecurity trends we can expect to see in 2023?
AI and ML For Cybersecurity
As AI and machine learning (ML) become more sophisticated, threat actors are using these technologies to avoid detection.
The preferred method of hackers is not high-tech hacking exercises, as shown in movies. What they do almost 71% of the time is steal valid credentials and then use those to force their way into accounts.
For example, they steal an email address used to register an account on an online platform. Then, they try to brute-force their way into that account using commonly used passwords.
If they succeed in cracking the password, they’d use that email/password combination on other websites.
(That’s why you shouldn’t use the same password for different accounts.)
Now, unless they buy a stolen list of email addresses, most hackers use social engineering attacks to get people’s credentials.
With the help of AI, they are creating not just more refined malware but also phishing emails that are more personalised.
So, whilst businesses are using AI to detect cyber attacks, they end up being reactionary rather than proactive. By the time they “teach” AI how to identify a new threat, hackers have moved on to another method.
Fortunately, just as AI can be used to craft better (for lack of a better word) attacks, it can also be used to prevent them.
One of the things AI does better than you or I is speedy analysis. Where we might take us hours or days to go through data and get anything meaningful out of it, AI can do it in minutes.
As a result, its predictive analytics capabilities could be used to infer and predict threats. Once the threats have been identified, it’s easier to mitigate them with fewer resources.
Patching Open Source Code Vulnerabilities
Open source code can be very handy. But, it is also very likely to have vulnerabilities. Synopsys researchers have reported that almost 84% of open source code bases had at least one vulnerability in their Open Source Security and Risk Analysis (OSSRA) report.
The problem with weaknesses in the code is that they can be exploited by threat actors. The way to deal with them is by using penetration testing to find exploitable flaws and patching them.
(You can also make use of cloud penetration testing services from reliable service providers like DigitalXRAID. The company has also launched a first-of-its-kind cybersecurity platform.)
Simple, right?
Unfortunately, the report also found that 91% of the patches weren’t implemented. Maybe the devsecops team didn’t have enough time or resources.
Maybe they didn’t think the benefits weren’t worth risking the unintended consequences.
Or, maybe they just weren’t aware that there was an updated version of the code available.
Either way, these vulnerabilities exist and can be exploited.
To avoid that, and to potentially keep the open code they’ve used updated, businesses might need to keep a software bill of materials (SBOM). According to the report, this will include any open source code they’ve used, its licenses, versions, and patch statuses.
This practice would be very handy in making sure any open source code used by your business is not putting you at risk.
Training Employees on the Dangers of Phishing Attacks
Sometimes, when something works, there is no real need to change it up. That seems to be the case with phishing.
Phishing is a form of social engineering attack where a legit-looking email is designed to get the victim to click on a link. That, then, redirects them to a page where their info is stolen.
Apparently, hackers most often like to use (or abuse, rather) Microsoft, Amazon, DocuSign, Google, DHL, and Adobe. However, don’t be surprised to see emails from banks in your inbox as well.
Again, the best way to combat this challenge is the old-fashioned “train your employees” method. Human error is inevitable, but training people to identify emails that might be dodgy can help a lot.
As can limiting their access.
So, there you have it. Here are some ways you can keep your business safe from cyber-attacks in 2023.