If Check Point Software’s Cybersecurity Predictions for 2023 are anything to go by, then next year will see even more global cyberattacks, government regulation, and consolidation of security solutions take place than we have ever seen. With hacking and deepfake cyberattacks on the rise, it has become imperative for local and abroad organisations to reduce the complexity of their security environments.
What is concerning is that Check Point research has found that global cyberattacks increased by 28% in the third quarter of this year, with the average weekly attacks per company reaching over 1 130. This means that the threat of compromise is constant, and companies, regardless of size or industry sector, will get compromised.
The war in Ukraine has also highlighted how state-mobilised hacktivism will accelerate in the coming year as cyberattacks against infrastructure and supply chains continue to dominate.
Another important trend that South African businesses and those across the continent will feel acute is the workforce gap of employees. A shortage of cybersecurity experts has resulted in significant gaps continuing to emerge, especially at a time when hybrid work is becoming more common. Cybercriminals will continue to exploit these practices and find weak points in the cyber defences of companies that are not able to safeguard all entry points into the business back-end effectively.
One of the ways that local businesses can address both the skills gap and the expanding cybersecurity is to consolidate and automate their infrastructure. This will empower them to better monitor and manage their attack surfaces. At the same time, they will be in a stronger position to prevent all types of threats while reducing the complexity of their environments and placing less demand on limited staff resources.
An important checklist
The Check Point predictions fall into four categories: malware and phishing; hacktivism; emerging government regulations; and security consolidation.
One of the central themes across these categories is the persistent threat of ransomware. Not only was it the most significant threat facing companies and governments this year, but the ransomware ecosystem will continue to evolve as smaller, more agile criminal groups access advanced technologies. As much as companies are using automated defensive solutions, so are hackers leveraging artificial intelligence and machine learning to perpetrate their attacks.
Even though phishing will remain an ongoing challenge, Check Point also predicts that next year will see collaboration solutions being targeted. Platforms like Slack, Teams, OneDrive, and Google Drive will be in the spotlight, especially regarding phishing. One of the reasons for this is how quickly these environments have become a rich source of sensitive data. Gaining access through phishing can significantly compromise the integrity of a company’s information.
Future forward concerns
The Transnet incident notwithstanding, state-mobilised hacktivism will evolve and become more organised and sophisticated. Check Point has found that state-backed groups have already attacked targets in the US, Germany, Italy, Norway, Finland, Poland, and Japan.
Another concern, while still in its infancy in South Africa and the rest of the continent, is the weaponising of deep fakes. High-profile businesses and political leaders will be targeted as hackers use deep fake technology to manipulate opinions or trick employees into giving up access credentials. Given how quickly fake news spreads on local social media platforms, the potential disruption caused by deep fakes can have massive operational consequences.
While South African businesses are still navigating their way around POPIA and GDPR, Check Point expects governments worldwide to introduce even more laws around data breaches to ensure citizens are better protected against potential fraud.
Furthermore, there is an expectation that governments will introduce new national cybercrime task forces like what Singapore has done. These inter-agency task forces are designed to counter ransomware and cybercrime. It comes down to combining the resources and expertise of businesses, government departments, and law enforcement to combat the growing threat to commerce and consumers.
Lindsay Blackie, Channel Manager at Westcon-Comstor