In late 2021, I was interviewed by Forbes as part of an article on 8 Crystal Ball Predictions About Cyberattacks in 2022. At the time, I predicted that we’d all have to be much more vigilant in defending against cyberattacks from state-sponsored groups around the world.
Fortunately, not all of these predictions came true, although I still think the industry was wise to consider them at the time. For example, we just didn’t see any attacks against major COVID-19 vaccine makers or against high-profile events such as the World Cup. This was most likely due to the combination of increased diligence and cybercriminals looking for more profitable opportunities elsewhere, and frankly — as in the case of the World Cup — the expenditure of lots of money on tools and software to prevent the attacks.
So…why publish an article about 2023 predictions in March? It’s simple. We should never treat data security introspection and systems evaluation as we do New Year’s resolutions: made with the best of intentions but quickly abandoned.
Back to the Forbes article, one of the quoted experts predicted that cyber-threats would continue to evolve and increase in number, especially ransomware. I believe this will always be the case because cybercriminals continue to be motivated by potential financial gains and the acquisition of intellectual property. In the case of ransomware, the volume of these attacks has increased because many of them have been successful in getting the affected company to pay the ransom as well as the fact that they believe insurance companies will pay the ransom on the company’s behalf. Another reason for their success is that ransomware effectively obfuscates the theft of intellectual property.
While many of the 2022 predictions in that article represented valid concerns, the good news is that we simply did not experience all of them in the way we envisioned. Yet, one stood out: the fact that cybercriminals will continue to adopt more sophisticated strategies to do harm as they try to stay a step ahead. With this in mind, I have three additional cybersecurity predictions for 2023.
Although you’ll notice a theme of national security in my predictions, as CISO of a for-profit business, I am ever mindful that security breaches of any kind can – and do – bring negative implications for businesses and their customers.
We’ve officially reached the point where modern warfare will most likely start as a cyber event rather than a physical (kinetic) demonstration of force. While not widely reported, this happened in Eastern Europe in February 2022: Cybercriminals sponsored by the aggressor hit the attacked country’s infrastructure and other systems with crippling DDoS and other cyberattacks more than a week before the land invasion commenced.
I believe this will now become the norm. If there is a major conflict or an advance in an existing conflict, the first waves will be cyber—cyberattacks against critical infrastructure, service providers, and essential government entities and the businesses that support them. This can be an extremely effective way to disrupt communications and take important operations and services offline as well as prove a capability.
I also believe that we’ll see social media platforms start to be used as an actual weapon. This will evolve past the standard ways that social media platforms are used to distribute and disrupt information flow, share videos, and solicit support and assistance. Now virtually anyone can use social media and other technology to track and target the opposition and its followers. We’ve already seen examples in the current war in Eastern Europe where both sides have used open-source intelligence from social media sites as well as IP address tracking to develop very effective targeted bombing campaigns.
Fortunately, the United States is not in such a conflict, but the takeaway is still important. Companies need to be very careful about what information they or their employees share and protect other technical details as much as possible to bolster their cybersecurity defenses.
I think we’ll start to see more scrutiny related to sanctions and even banning foreign-made equipment and technology in the United States and possibly within NATO countries. For example, recreational drones are becoming more popular in the U.S. and now offer the latest advances, such as high-resolution cameras that are so accurate they can use geolocation data to identify and track images within just a few feet.
However, there’s a real concern about the data these products collect, and more specifically, if it could be sent back to the countries that manufacture them without the knowledge of the user. If so, what is the purpose, and what is this data being used for?
Again, this prediction has real cybersecurity implications not just for government organizations, but also for the industrial sector and private companies. Imagine if a foreign power used data collected from products and technology that were strategically placed in the United States as part of a powerful cyberattack or even a covert intelligence collection tool. It’s possible a rogue nation-state or other group could target vital infrastructure such as power and energy, gas pipelines, telecommunications, water, or even roadways—which could be devastating.
In many ways, 2022 was a turbulent year, and unfortunately, one where global geopolitical developments could potentially put U.S. companies at more risk. For data center providers and their customers, this means now is the time to thoroughly assess their existing cybersecurity defenses. There’s a saying in the cybersecurity industry today: “It’s not if you’ll come under attack, but when.” Knowing this, while also considering where new cyberattacks could come from, may help give you the upper hand against new adversaries in 2023.
Discover the DataBank Difference today:
Hybrid infrastructure solutions with boundless edge reach and a human touch.