Cyber risk trends are constantly evolving, driven by the pace of technological advancements that streamline business processes yet can introduce vulnerabilities in your company’s attack surface. With increased use of SaaS, cloud solutions, APIs, and third-party services, companies have many exposed and connected internet-facing assets that they’re unaware of, providing an open door for attackers to exploit.
The threat landscape is also evolving. As cybersecurity has become increasingly sophisticated, so too have cyber attack methods. That’s why it’s imperative to stay on top of the latest cyber risk trends, how they can impact your business, and what you can do to better protect your organization’s sensitive assets and data. To offer a glimpse into the current threat landscape, we curated this list of the most important cyber risk trends companies face, such as:
- Supply chain attacks
- Unmonitored employee devices vulnerable to threats
- Internal threats
- Increasingly sophisticated ransomware attacks
- AI-driven phishing attacks
- DDoS attacks leveraging botnets
- Social engineering attacks
- Automotive attacks
- Internet of Things (IoT) risks
- …and more
To curate this collection of current and upcoming cyber risk trends, we reached out to a panel of cybersecurity professionals and business and technology leaders and asked them to answer this question:
Meet Our Panel of Cybersecurity Pros & Business Leaders:
Keep reading to learn what our panel had to say about the cyber risk trends you need to watch for.
Annie McIntyre is EverLine’s Director of Operational Security. She was a Principal Member of Technical Staff and Program Manager at Sandia National Laboratories, researching threats, vulnerabilities, and protection of critical infrastructure systems and cyber security for fossil and renewable energy systems.
“Supply chain risks, evolving phishing techniques, and invasive malware are going to continue to be top risk trends…”
Threats that are willing to take time, gather data, and slowly infiltrate networks are perhaps the most damaging. Even with the increased awareness of the supply chain and organized efforts many companies have undertaken in the last year, the risks are still high, and there is much work to be done.
John McClurg is the Sr. Vice President and CISO at BlackBerry.
“This year will be about focusing on the role that humans play in cyberspace…”
This year also made it clear that remote work is here to stay – meaning Zero Trust measures will become even more crucial, and CIOs will need to focus on associated internal threats and mitigating human risk.
These are my predictions:
- Adversarial learning – CIOs need to understand this technique: bad actors training neural networks to fool predictive algorithms.
- The future of the workplace – Zero Trust security measures will only become more important.
- Human risk – Research has consistently shown that humans are still the most notable risk to cybersecurity, and this largely results from a lack of awareness, negligence, or inappropriate access controls.
- Increased focus on internal threats – User access to resources should also be dynamically controlled based on real-time risk assessments of their current behavior, while user-focused security controls are deployed at every enterprise network and cloud application ingress point to prevent remote employees from accidentally or intentionally violating security policies.
- More sophisticated ransomware attacks – The threat landscape is rapidly expanding, and bad actors will be relentless in their efforts to carry out more sophisticated attacks in the year ahead.
- Navigating new requirements – Highly visible attacks on the software supply chain start with access to the weakest link. As we head into a new year, it will be important for businesses of all sizes to be engaged as new secure software development practices are defined.
- Greater IT/OT convergence – The Internet of Things (IoT) will continue to expand exponentially, bringing together physical and cyber systems. In the near future, we could see an increase in the number of organizations adopting the convergence model, particularly in the wake of CISA’s guidelines on achieving integrated security.
- Lessening the impact of the skills gap – Leaders in the security space will also be focused on closing their cybersecurity skills shortage.
Arthur co-founded Xentric Solutions with his partner George Mkrtchyan in 2014 as an IT Service Provider that specializes in cybersecurity.
“Cyber risk trends to watch are…”
- Increase in Smishing (SMS Phishing messages): These are becoming more and more prevalent as people expect them less than in emails, so are more prone to tap a link from a bad agent. It’s also increasing exposure as the number of work access from mobile devices has increased exponentially since the pandemic.
- Attacks on 5G devices: 5G has been around for a few years, but it is only now starting to take a foothold as a commonly utilized technology. With anything new, you can expect hackers to take advantage of any code vulnerabilities they can find and exploit.
- One-Time Password (OTP) Bypass: Multi-Factor Authentication (MFA) is one of the easiest ways to add an incredible amount of security to your accounts. Typical ways MFA are implemented are: email, SMS, and authenticator apps. Hardware Yubikeys are more secure, but they are implemented far less than other options. However, cybercriminals can bypass the OTP in a number of ways. It will also be interesting to watch how the introduction of Passkeys (FIDO Alliance) will change this dynamic and what risks might arise in the intermediary state.
- Elevated Phishing with AI: It’s really getting hard to spot phishing emails since cybercriminals are using AI and machine learning to create their phishing attacks. They will look spot-on and accurate to the brand they are impersonating and will come personalized to you. It also makes it easier to create them, so they can send out more frequently to more people than ever before. These AI tactics are more successful, and far more people are falling for them.
Simon Kadota is a Digital Marketing Specialist at DNSnetworks.
“At DNS, we’ve seen that Spoofing seems to be on the rise again…”
We get around 30 notifications on a weekly basis from emails pretending to be our CEO asking for people’s personal emails/phone numbers. This type of scam has been around for a while, but it doesn’t mean it’s not effective anymore.
So what can you do about this?
As we go into 2023, the most important thing businesses can do to better protect themselves is to ensure that their employees do have some training in cyber awareness.
The first thing is to ensure your employees know what spam looks like and how they can report it if they see anything suspicious in their inboxes. Employees should also be taught how to spot phishing emails and what they should do if they get one (or any other malicious email).
Dmitry Kurskov is the Head of the Information Security Department at ScienceSoft, an IT security consulting and software development company.
“We expect to see more attacks targeting innovative technologies like IoT, blockchain, cloud, and VR/AR…”
These technologies have penetrated all domains of our life, but, unfortunately, often don’t have proper security. Hackers will increasingly adopt edge technology like ML and AI to make cyberattacks harder to stop, detect, and mitigate.
For example, it can enable them to carry out sophisticated phishing attacks or create polymorphic malware that endlessly changes its properties to avoid detection by security tools.
Another worrying trend is the growing market of Hacking-as-a-Service. It allows any amateur with a credit card and Internet access to get hold of advanced hacking techniques and tools and launch destructive attacks.
Dan Richings is administering the position of Senior Vice President of Product Management at Adaptiva, an endpoint management solution for the digital workspace.
“An increase in the sophistication of cyber threats will lead to a rise in attacks and breaches…”
A major concern for businesses will be the potential for data theft and intellectual property loss. Businesses will also need to prepare for increased disruption from cyber attacks and ransomware.
With the advent of artificial intelligence (AI), cybersecurity will become even more critical for businesses. AI can be used for both defensive and offensive purposes, to detect cyber threats and potential attackers, and to respond with appropriate countermeasures.
The most crucial cyber risk trend for companies is the development of DDoS attacks. DDoS attacks are massive cyber attacks that target websites and servers with a barrage of corrupted data requests in an effort to disable a website or service. They are among the most dangerous forms of cyber attacks and can disrupt businesses’ operations and even lead to the closure of websites.
The growth of DDoS attacks will be fueled by easy-to-use malware tools that allow anyone with a computer to create and launch a large-scale attack.
Alaa Negeda is a Senior Solution Architect and Chief Technology Officer at AlxTel and an IT expert with 23 years of experience.
“The most important cyber risk trends companies need to look out for are…”
- Increased use of ransomware: This type of malware is on the rise, with ransomware variants affecting more organizations each year. In fact, in 2018, ransomware accounted for more than half of all data breaches.
- Increased use of spear phishing: Spear phishing is designed to trick the victim into opening a malicious email, after which the attacker can steal their login credentials or other sensitive information.
- Increased use of botnets: Botnets are often used to launch distributed denial of service (DDoS) attacks, steal data, and other malicious activities.
Tina Grant is the Quality Assessor at Aerospheres.
“The most important cyber risk trends to watch for are…”
- Rise of automotive hacking: Today’s automobiles come equipped with automatic features, including airbags, power steering, motor timing, door locks, and adaptive cruise control aid systems that connect with Bluetooth and WiFi, introducing several security risks. With more autonomous vehicles on the road in 2023, it’s anticipated that attempts to take control of them or listen in on conversations will increase. Automated or self-driving cars employ an even more complicated process that demands stringent cybersecurity precautions.
- Automation and integration: Because it is difficult to secure large and complicated web applications, automation and cybersecurity are important concepts in the software development process. However, it’s not always as easy to secure the information, especially if it’s a large volume and complex.
- The cloud risk: As more and more businesses migrate to the cloud, security procedures must be regularly reviewed and improved to prevent security breaches. Despite internet programs — like those from Google and Microsoft — still having strong security measures in place, it’s the client end that often leads to mistakes, dangerous malware, and online scams.
Joshua Ridley is the CEO and co-founder of Willow Inc.
“Cybersecurity poses one of the biggest threats and risks to businesses right now…”
Cybersecurity is needed now more than ever as cybercrime continues to escalate year over year. There were 50% more attack attempts per week on corporate networks globally in the 2021 calendar year compared with 2020. The war on Ukraine and a focus on NATO countries have shown us how cyber attacks can play out when buildings, real-world assets, energy, and other critical infrastructure suppliers are targeted.
Cybersecurity is more critical than ever now in infrastructure as the pandemic has widely increased the number of technologies requiring more protected IoT /OT across facilities.
Remote and hybrid work models have also created increased security needs as employees in various industries require remote access to sensitive data in many cases.
Protecting infrastructure assets with cybersecurity is critical to national security. Today’s reality is that the consequences of a cyber incident could result in an inability to operate and generate revenue, severe reputational damage, and physical harm.
Boris Jabes is the CEO and Co-Founder of Census, a data integration platform that operationalizes data, creating a world of better, more agile business operations.
“Companies need to pay attention to the latest cyber risk trends…”
With organizations increasingly relying on digital technologies, the possibility of cyber threats will only increase over time. To protect their data and systems from these risks, companies must be aware of the following:
- Ransomware attacks: In 2021, the average cost of a ransomware attack was $1.85 million in damages and losses, making it one of the most prominent cybersecurity threats today.
- Cloud security breaches: A single cloud security breach can cause significant losses in data and operations, meaning businesses must ensure their cloud systems are always up-to-date and secure.
- Social engineering attacks: Social engineering attacks can have devastating results if users fall for them, so companies must take extra measures to protect their employees from such scams.
- IoT security concerns: As more and more IoT devices are added to the network, it is important for companies to implement security measures that protect them from being hacked or infiltrated by malicious actors.
By staying abreast of the latest cyber risk trends and implementing appropriate security measures, companies can ensure their data remains secure and protected against potential threats.
Eric is a Cybersecurity Consultant with SecurityTech. With a strong commitment to online security and digital freedom, Eric is working hard to deliver the content and analysis his audience is looking for when he is not coaching or consulting. His other passions include web development and finding new ways to use VR.
“The most overlooked aspect of cyber risk is trust…”
When a company has a breach, and millions of people are affected, many of them lose faith in the company that had the breach. Couple this with a shortage of qualified cybersecurity professionals, and you have a lot of large organizations losing a lot of customers.
The only way to solve this problem is to pave the way toward regaining trust in tech. But without enough people to protect systems, that is not possible. Organizations must get creative to fill out their security teams and offer something in return to customers whose data falls into the wrong hands.
Jessica is a Manager at iBoysoft, a High-Tech company.
“Cyber crime is increasing day by day…”
This is not only dangerous for individuals but also very harmful for big companies as hackers attack the personal information of cyber criminals through different techniques. Some of the most important cyber risk trends that companies need to be very careful about are:
- Cloud breaches: The cloud is very helpful as it allows you to get your data no matter where you are. But its dangerous side is that just like you, your cyber enemy can also get access to your personal information and can harm your company.
- IoT attacks: This is another type of cyber attack that is extremely harmful to companies. Different devices used by your company for different purposes — such as printers, computers, laptops, etc. — can be used for stealing your company’s data.
Geordie is the Founder of Onestop Devshop.
“The most important cyber risk trends to watch for …”
- Stolen information: Though this sounds ridiculous, humans are capable of making errors. Apple fell victim to stolen information after an employee left a new iPhone prototype lying around. After a few hours, the hardware and specs of the new phone, which had not been released, were all over the internet.
- Ransomware: Ransomware is a malicious program that blocks access to a computer, system, or network until you pay a fee. You will receive a message that your computer or phone is hacked in such a case. The person will also tell you that they will restore the access if you pay a fee.
- Password guessing: Password guessing may seem like a simple technique, but stolen passwords could be incredibly damaging. Some company employees leave passwords on notebooks, allowing any malicious person to access them. Carelessly placed passwords could give malicious individuals authorized access to computer systems.
- Recording keystrokes: Hackers can email you malware known as keyloggers, which record what you type on your computer. The malware then passes the data to hackers, who use it to access sensitive data.
- Phishing attacks: A phishing attack comes from a third-party hacker who creates sites that look genuine.
- Viruses or malware: Cyber attackers can send viruses or malware to individuals or businesses to wipe data off their computers.
- Distributed Denial-of-Service (DDoS): DDoS is a form of protest that cybercriminals typically use on large companies.
Daniel Chan is the CTO of Marketplace Fairness.
“The most important cyber risk trends companies must look out for are…”
Ransomware, data breaches, and insider threats.
Companies can mitigate these risks by investing in cybersecurity, training employees on cybersecurity best practices, and having a data management plan in place.
Jeroen van Gils
Jeroen van Gils is the CEO of LiFi. They provide a wireless optical networking technology service that uses light-emitting diodes (LED) for data transmission. In addition, he consults with individuals and organizations regarding Business Affairs, High Technology, Digital Marketing, Leadership, Finance, and Management.
“Cybersecurity is one of the most important risks facing businesses in the coming years…”
In order to ensure that their businesses are as secure as possible, companies need to be aware of the most important cyber risk trends. Here are three of the most important cyber risk trends companies should look out for:
- The rise of ransomware: Cybersecurity breaches can result in a number of different types of attacks, including ransomware. This is becoming increasingly common, and businesses must be prepared for it.
- The increasing use of AI: AI has the potential to help companies automate their cybersecurity processes. However, this also raises concerns about how well AI can protect companies from attack. If an attacker can get access to AI systems, they could use it to exploit vulnerabilities or launch other attacks.
- The spread of disinformation: Disinformation can be used to discredit sources of information, spread panic among employees, and even disrupt business operations. Companies need to be aware of the threats posed by disinformation and ensure that they are up-to-date on how to identify and combat it.
James Angel is the Co-Founder of DYL.
“IoT security flaws are an important cyber risk trend to watch for …”
IoT gadgets are smart equipment like fitness watches or voice assistants like Google Home. Insider Intelligence predicts that within the next five years, approximately 64 billion IoT devices will be deployed around the globe. The rise is partly fueled by the rise of remote work.
Some may not think they belong in the IoT sector, but the fact is that the greater the number of internet-connected gadgets, the greater the opportunity for cybercrime. It’s a lot easier for hackers to compromise your company’s data and digital infrastructure because more doors are open to them. As a result, IoT has emerged as a critical component of 2023 cyber security developments.
Michael Chepurnyak is the founder and CEO at Ein-des-ein.
“As a web and app development company, we cooperate with clients from multiple industries, including FinTech and eCommerce, where client data security is the top priority…”
We already see some tendencies in the cyber security field, as companies are already preparing to defend their projects from the following threats:
- Phishing attacks: Phishing attacks are still a major problem for companies of all sizes, when hackers send emails or links that appear to be from a legitimate source but are actually designed to steal sensitive information or infect the recipient’s computer with malware.
- More sophisticated attacks: We also expect crypto scammers to become even more sophisticated in their methods. One of our clients has recently dealt with a cryptocurrency-related scam case. These scams often take the form of fake investment opportunities or fraudulent exchanges that promise high returns but end up stealing people’s money.
- Ransomware attacks: Ransomware attacks have been on the rise in recent years, and unfortunately, we expect this trend to continue. Businesses will be particularly vulnerable to ransomware attacks, as they often have sensitive data that hackers can use to blackmail them.
Rajesh Namase is the Co-Founder and Professional Tech Blogger at TechRT. He has considerable experience in the field of cybersecurity since one of his responsibilities as a tech guy in the organization is to monitor and ensure that our digital barriers are well-maintained and serve their purpose in securing our data.
“As we move further into the digital age, companies are increasingly at risk for cyberattacks…”
While there are many different types of cyber risks, here are three of the most important trends companies need to look out for:
- Ransomware attacks will continue to increase. Ransomware attacks can be devastating for businesses, often leading to data loss and downtime. In 2021, we saw a surge in ransomware attacks targeting healthcare organizations. This trend is expected to continue into 2024, with attackers likely targeting other industries as well.
- AI-powered attacks will become more sophisticated. Artificial intelligence is being used by both attackers and defenders to automate various tasks related to cybersecurity.
- The number of phishing attacks will also continue to grow. Phishing attacks are another type of cyberattack that is on the rise.
Companies need to take steps to protect themselves from these threats by implementing strong security measures and incident response plans. They should also educate their employees on cybersecurity best practices like what we are doing in our organization.
By being aware of the latest trends and taking proactive steps, companies can help mitigate the risk of a costly cyberattack.
John Simmons is an IT Expert at InboxAlly, an email deliverability tool that helps your outreach emails reach your prospect’s inbox and avoid the spam folder.
“Work from anywhere and the relentless shift to cloud computing services have accelerated cybersecurity risks for companies…”
Ransomware attacks will continue to rise in 2023. In today’s threat landscape, no one’s systems are safe, and there are no signs of cyber criminals slowing down in these efforts. Humans are the weakest link when it comes to security, so companies need to invest in employee training to ward off cyber attacks.
Anup Kayastha is the Owner of HeightComparison, an intuitive comparison tool that allows you to compare heights between people or objects.
“Hybrid workplaces continue to be the norm in 2023…”
And this will see more employees using personal devices to access company networks.
These personal devices are likely to be unsecured, which will undoubtedly compromise the security of corporate networks, even when they are cloud-based. Phishing and ransomware attacks will likely increase this coming year as hackers target remote employees who are considered easy prey.
Remote working also exposes teams to impersonation scams as members of the team don’t really know each other and probably have never met face-to-face. Such scams will also pose a major cybersecurity threat to company networks and the privacy of customer data.
Luciano Colos is a serial entrepreneur, advisor, and investor. He launched his first startup right after completing a Fulbright fellowship that granted him a Master of Engineering at UC Berkeley in 2014. His new company, PitchGrade, develops cutting-edge AI applications for entrepreneurs, such as a pitch deck review tool that helps startup founders create compelling pitch decks so that fundraising is the least of their concerns.
“While cyber threats have been around for quite some time, I believe that the trends of…”
Remote work and globalization have made it easier for cybercriminals to reach their targets.
Remote work has made it possible for employees to work from anywhere at any time, which also means that it is harder for companies to monitor their security protocols.
Cybercriminals have also taken advantage of globalization by using the internet to reach a larger audience of victims. With more people using the internet and social media to engage with others, it is easier for cybercriminals to target people with phishing scams, ransomware, and other types of attacks that can take advantage of people’s curiosity and gullibility.
Jason is the co-founder and President of Moss Technologies, REI marketing solutions.
“One important cyber risk trend companies need to look out for is…”
Utilizing a complex EDR to rebuild endpoints.
Attacks by ransomware have increased (by 240%) over the past two years and will keep growing. Endpoints are typically a ransomware infection’s first point of entry; thus, enterprises must minimize their exposure to attack. Attackers are now investing time in compromising backups, several nodes, and services in order to launch an attack after they have taken over the entire system.
Organizations will need to improve their ability to rebuild endpoints using an advanced EDR by 2023. Organizations will also use single sign-on with MFA protection more frequently and be more cautious when using free SaaS apps or SaaS apps that can’t be integrated with single sign-on.
Inga Broerman is the Vice President of Marketing at BluLogix.
“The widespread adoption of AI, machine learning, and the resulting technological advancements have had a profound effect on the field of cybersecurity…”
Automatic danger detection, facial recognition, natural language processing (NLP), and other forms of automated security have all benefited greatly from the use of AI. A downside is that it is also being used to create sophisticated viruses and assaults that may circumvent modern safeguards. Systems that use artificial intelligence to detect threats can anticipate new assaults and immediately alert administrators to any data breach.
Milos is a project manager in IT at VPNCentral with a Master’s degree in Marketing.
“Cybersecurity has been challenged constantly and exponentially following developments in the tech world…”
Staying safe online in these unstable times is getting harder, even if you are experienced working on the web. COVID-19 enhanced these threats with the shift to remote work when almost everyone approached the World Wide Web through different IP addresses.
With the rise of IoT devices and using cloud storage, vulnerability comes from different sides, including poor data management and poor cyber hygiene. To secure themselves from ransomware, companies should provide cybersecurity training and presentations to minimize these risks. One wrong move can result in a breach costing millions of dollars, and it’s always better to prevent than cure.
Malware and phishing will be the main threats in 2023. Proven software solutions are essential for being resilient in these challenging circumstances. Companies with higher value will be exposed, especially when the crypto market suffers. Moreover, cyberwar is not just a term; it’s a reality, and organizations connected with the government shouldn’t ignore it.
Stan Hutcheon is the Web Developer at Epos Now.
“There are a few key cyber risk trends that companies should be aware of…”
First, ransomware is becoming increasingly sophisticated and difficult to detect. Additionally, cybercrime is becoming more organized and lucrative, with hackers targeting larger organizations and seeking out sensitive data that can be sold on the black market.
Another trend to watch out for is the growing use of artificial intelligence in cyberattacks. AI can be used to automate attacks and reconnaissance processes, making it difficult for companies to defend against them. To stay safe in the coming years, it’s important for companies to have strong cybersecurity protocols in place and ensure that all employees are aware of the risks posed by cybercrime.
Matthew Ramirez is a serial entrepreneur and investor, as well as a Forbes 30 under 30 alumni. He grew and sold his first company, WriteLab, to Chegg (NYSE: CHGG) in 2018, where he worked for three years as Director of Product Management. His new company, Rephrasely, develops cutting-edge AI applications that help journalists and other authors create compelling and varied content for their audiences.
“Cybercriminals are becoming more sophisticated and are using various methods to steal information and money…”
One of the most common methods is phishing, which involves sending emails that look legitimate but actually contain malicious software that can infect computers. Cybercriminals are also targeting social media platforms, such as Facebook and Twitter, to spread their messages and lure people into clicking on malicious links or downloading corrupt files.
One of the most recent examples is Facebook CEO Mark Zuckerberg getting his Twitter and Pinterest accounts hacked. In order to protect themselves from cybercriminals, businesses should educate their employees about phishing scams and how to spot them. They should also have a comprehensive cybersecurity plan in place that includes anti-phishing software and training programs. This will help them stay vigilant against cyber threats and prevent them from falling victim to phishing scams.
Christian Velitchkov is the Co-Founder of Twiz LLC.
“The increasing use of AI/ML is the most important cyber risk trend companies need to look out for…”
The intricacy of crimes and the increasing number of attack surfaces make it more challenging for human security specialists to respond to each alarm. Where AI/ML enters the picture is in this situation.
The identification and mitigation of hazards are one of the most well-known applications of ML. The system picks up on the typical activity and traffic patterns and immediately notices any irregularities.
Furthermore, machine learning algorithms can recognize trends, track massive amounts of network traffic, and anticipate attacks. The need for AL/ML adoption is growing more urgent by the day since hackers are known to employ ML to find security holes in business networks.
Adopting these technologies, therefore, is a must rather than a nice-to-have. Last but not least, according to an IBM study, businesses that employ AI and automation in security saved $3 million per year on average compared to those that don’t.
Today’s companies are using SaaS, cloud, APIs, and third-party services more than ever before, creating a constantly evolving attack surface. The increased use of artificial intelligence and machine learning and the proliferation of IoT devices contribute to attack surface complexity. Hyper-connected assets such as these are often invisible and unmanaged, creating easy entry points for attackers to exploit.
With cyber risk trends like supply chain attacks, ransomware, and phishing continuing to grow, it’s become increasingly difficult for companies to protect the complete attack surface effectively.
Traditional vulnerability management solutions remain valuable, but they fall short of meeting the challenge of discovering and protecting the vast volume of known and unknown connected assets that put your organization at risk.
An external attack surface management (EASM) solution like IONIX provides the complete attack surface visibility today’s enterprises require, automatically mapping your attack surface and identifying your internet-facing assets and their connections.
IONIX’s vulnerability assessment engine identifies, ranks, and prioritizes vulnerabilities so you can devote the proper resources to mitigating or remediating the most serious risks first, while freezing your most vulnerable assets with Active Protection to halt attacks until your security team can eliminate the vulnerability.
Request a free risk assessment from IONIX today to learn more about your company’s risks and how our EASM solution can protect your evolving attack surface.