Cybersecurity threats never stop evolving. Just when you thought you had things under control, cyber criminals find new ways to adapt and forge their attacks. How will cybercrime change in 2023? We detail five ways below – and tell you what you can do to protect yourself and your organization from what could be a very tumultuous year ahead.

Digital Supply Chain Attacks
In 2023, there will be an increase in digital supply chain attacks. By 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, according to Gartner. If they’re correct, that would be triple the amount of attacks than those that happened in 2021. The digitization of supply chains is a relatively new thing. In the past, cybercrime related to supply chains weren’t much of a concern. But with the modernization of supply chains moving into the New Year, supply chains need to be secured properly.

How to Mitigate Risk:  With digital supply chain being a relatively new thing, it also means that your organization is likely using new technology to help you accomplish your goals. With new technology comes new risk. Update your cybersecurity configurations to account for this, and hire professionals that have experience with this area of security who can ensure your security measures are being implemented correctly.

Mobile Cyber Threats
According to Verizon, cybercrimes targeting mobile devices has risen by 22% in just the last year. There is no indication that these numbers will decrease any time soon.

As mobile devices become more of a target for hackers, methods like SMS-authentication become less secure. Last year alone, Uber and Okta were both targets of security breaches that involved one-time passcodes.

How to Mitigate Risk: The need to move away from SMS-based authentication is necessary, and needs to be replaced with multi-factor authentication – a much more secure method of security. Additionally, the need to implement software that helps users verify their identity is required as well. The 2022 Global Risks Report from the World Economic Forum states that 95% of cybersecurity incidents are due to human error. Implementing tools that help reduce social engineering attacks and enable secure user verification will reduce the chance of human error causing a problem.

Cloud Security
With every passing year, more and more businesses are adopting cloud technologies. Protecting your cloud activities should be a top priority in 2023. Cybercriminals adapt and have become more sophisticated in the way they can attack your cloud services. This means adopting a cloud security plan is essential if your organization is planning on relying more on cloud technologies.

How to Mitigate Risk: Adopt a “Zero-trust” policy. This type of policy essentially means that you and your organization should verify everything. Anyone who is expected to have access to your cloud data needs to be verified and authorized – every time.

Ransomware-as-a-Service
They say the only constant is change. “They’re” not wrong. Ransomware is one of, if not the most critical security concern year to year – and that’s because it’s constantly changing. Cybercriminals adapt to new securities designed to thwart their efforts and implement changes that keep them one step ahead of the good guys.

One growing trend with the constant threat of ransomware is “Ransomware-as-a-service”, which is basically when a cybercriminal leases out their infrastructure to other criminals or groups. RaaS kits make it possible for criminals to quickly and easily execute an attack – and now that cybercriminals are starting to work together, the threat of an increased number of ransomware attacks is very possible.

How to Mitigate Risk: The best defense against a ransomware attack is the end user. Whether it be employees, students or executives – enabling them to have the proper education on how to avoid falling victim to a ransomware attack is truly the best defense. Document and teach your organizations cybersecurity principles, and keep them readily available to everyone in your organization so that all can stay vigilant. Additionally, having other measures such as anti-virus protections, password policies, MFA, and email-security tools in place can add the extra security needed to keep ransomware at bay.

Data Privacy Laws
Over the next year, data privacy laws in several states are changing. These new state-specific laws are just the beginning, as more laws are expected in the years to come.

How to Mitigate Risk: You and your organization needs to assess your current practices and procedures to make sure they comply with your states’ laws. By following proper cybersecurity protocols and implementing common standard practices, you’ll be in a good spot as you ensure your standards are up-to-date.

Story via The Hacker News