Where is the future of cybersecurity heading?
As headlines about cyber threats cause great concerns for businesses, it is everyone’s responsibility to stay ahead of the curve when it comes to emerging cyber threats – not just the IT team. Of course, the future of cybersecurity is uncertain, but one thing is clear: threats will continue to evolve and become more sophisticated.
The threat landscape has widened with the emergence of the metaverse, 5G, and quantum computing – to name a few.
As Tech Wire Asia is always looking for the next big story, cybersecurity is one topic that will remain in the spotlight in the upcoming years. As society relies more and more on technology and the internet, the threat of cyber attacks will only increase.
It’s difficult to predict the future of cybersecurity. The field is constantly evolving, with the ongoing development of new technology and strategies. Field experts and cybersecurity advocates as well vendors not only continue to highlight the importance of this topic but also warn of potential threats. Having said that, Tech Wire Asia predicts that a few trends will influence the future of cybersecurity.
Metaverse is cool, but a hassle
According to a report from McKinsey & Company, more than US$ 120 billion had been invested in the metaverse this year. This figure has more than doubled compared to 2021. With this figure in mind, cybercriminals look at the metaverse as their new playground. How so? There are concerns that the avatars in the metaverse could be taken over by cybercriminals and used for the wrong reasons. There are also concerns about authentication. How can users know an avatar is who it claims to be?
The amount of data being created and leaked will continue to increase. Combine that with data from the Internet of Things (IoT) smart gadgets, autonomous vehicles, always-on mobile phones, and virtual reality devices; it’s zettabytes of data.
The fact that the metaverse experience is global and is exempt from local data protection rules like GDPR could lead to complicated disputes between the policies governing data breach notification.
5G is fast, but is it fast enough to stop cybercriminals?
According to the GSM Association’s (GSMA) Mobile Economy Asia-Pacific 2022 report, 5G adoption is expected to increase across Asia-Pacific, reaching more than 400 million 5G connections by 2025, representing just over 14% of all mobile connections.
One of its fundamental features is the ability to be hosted on software-only platforms. As network operators switch from hardware-based infrastructures to software-based mobile networks, they provide new attack routes for cybercriminals and additional risks for everyone else.
Furthermore, IoT deployments like autonomous vehicles and smart cities will be made possible by 5G. However, the Internet of Things has often been shown to pose security risks on numerous fronts. While 5G networks may not be in danger here, the main use cases they support most certainly are. For example, cybercriminals could infiltrate the network to launch ransomware attacks or even take over IoT devices.
Tighten up the defense against quantum computing attacks.
Information is encoded exponentially quicker with quantum computing than traditional methods via a process called “quantum entanglement.” This advancement indicates that quantum-based algorithms may be able to crack current encryption protocols, making them useless against cyberattacks.
With the advancement in quantum computing, security leaders will be forced to start considering this sensitive encrypted data in a post-quantum world. However, this tactic will also draw in attackers who prefer to steal the information and store it for later sale or decryption than to get around previously secured encrypted material.
As such, the United States is already ensuring post quantum cryptography becomes a reality in 2023. Other countries are also beginning to see how state sponsored cyberattacks could be tempted using hack now, decrypt later methods.
Ransomware: The never-ending game.
Ransomware will continue to evolve, and studies indicate that attacks worsen yearly. According to Mimecast’s State of Ransomware Readiness Report 2022, two-fifths of cybersecurity leaders (40%) have seen ransomware attacks this year that use compromised credentials tactics, up from 33% last year.
Attackers are now focusing more on data exfiltration than only encryption of company data. Attackers frequently use this stolen data to their advantage through extortion. Another way would be to resell the exfiltrated data by listing a login and password dump for sale on a darknet forum.
Double-extortion attacks, in which threat actors threaten to expose data online and hold it for ransom, have also grown in popularity. There may be new extortion groups looking to disclose more information about an organization in the future.
There are now concerns on cybersecurity insurance, especially with the increasing number of attacks. Either way, organizations are going to find it a lot more expensive to deal with ransomware. It’s no longer just about paying a ransom, but also being accountable to their customers and meeting regulatory requirements.
Beware of the people inside an organization.
Many people inside a company have access to sensitive information. Why does that matter? Today’s most devastating security threats come from trusted insiders, including malicious insiders and careless insiders, not from malicious outsiders or malware. This is why employees are often regarded as the weakest link when it comes to cybersecurity in any organization.
According to a global survey of IT and security leaders across the US, EMEA, and APAC, nearly one-third of businesses have suffered a ransomware attack caused by a malicious insider. This threat is encountered as frequently as the accidental insider (35%).
Insider threats are complex; they stem from human nature and don’t have a set pattern. Although there are additional motives for affiliates to act this way, financial gain is the primary driving force behind most insider threats. Or it could just happen due to an employee using data carelessly.
User education and training can help organizations prevent insider threats by educating users about the dangers and effects of their behavior. Users must be given the tools and information they need to identify suspicious activity, report it, and comprehend the value of data security.
In the coming years, expect to see an increase in artificial intelligence-powered attacks and more targeted and personalized phishing scams. Cybercriminals will also likely continue exploiting IoT vulnerabilities, using connected devices to infiltrate networks and steal sensitive information.
Everyone must stay vigilant and proactive in protecting each other and systems. This means regularly updating software, implementing strong security protocols, and educating employees on how to identify and prevent cyber threats. By staying ahead of the game, businesses can ensure the safety and security of the organization in the face of an ever-evolving cyber landscape.
This article is based on Tech Wire Asia’s perspective on the threat landscape that has occurred this year.
- Analog Devices reaffirms its position in Singapore’s semiconductor market with a new facility
- The US is preparing an executive order to restrict investments in China, but Elon Musk isn’t worried about it
- SEMI: The five Ws and one H to a supply chain initiative for the semiconductor industry.
- Dark Pink: The cyber tune you never wanted to hear
- Untie Nots set to transform loyalty for Singapore’s largest supermarket chain