2023 extremely insecure as cybercrime surges, KnowBe4 reports
BY BEN EGUZOZIE
As the world counts down to the end of 2022, and embraces 2023, a new report says there will likely be a continued increase in the sophistication and prevalence of mobile malware attacks, particularly against Android devices, a report by KnowBe4 Africa said.
Cybercriminals are limbering up for another year of security contortions, the report noted. In 2022, the problems changed a bit, but security threats and vulnerabilities did not, it added.
“Looking ahead at 2023, it is very likely that there will be a continued increase in the sophistication and prevalence of mobile malware attacks, particularly against Android devices,” Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 AFRICA, said.
Collard noted that in 2022, the FluBot trojan did sweep through Android phone users, stealing passwords, online banking details and sensitive information. “It was extremely effective, and it is very likely we will see more of this type of attack in 2023.”
The KnowBe4 Africa expert said, operational environments such as SCADA [supervisory control and data acquisition], were becoming increasingly digitised and more inclusive of IoT technologies. “This means that where a malware infection could have potentially only impacted a company’s administrative network in the past, the interconnected and digital transformation of these systems now makes them all open to risk. This can impact a company’s downtime, but it can also impact on the physical safety and wellbeing of employees. Even worse, we have noticed a shift amongst threat actors away from financial services to the manufacturing industry”.
This situation can evolve within high-risk plants or manufacturing environments where systems are digitised and connected to enhance worker or machinery safety. If these systems are hacked, it could lead to unexpected problems or safety issues. If there is not the right amount of security in place, then the increased attack surface presented by digitised systems creates more opportunities for cybercriminals.
Collard said: “of course, the more complex systems get, the more difficult it becomes to properly secure them”. “There is IoT and there is operational technology, and then there are interconnected cyber-physical worlds or systems such as autonomous cars and digital twins that increase the attack surface. The key word for 2023 is vigilance. Companies need to become more vigilant, and they need to be more prepared for what lies ahead.”
Another area of concern lies in the increased use of Internet of Things (IoT) solutions. This technology has been lurking in the wings, full of promises about the connected future, for years, but now it is finally finding its digital feet and making inroads across smart cities, organisations and solutions. However, it is also a significant risk, Collard indicated.
In 2020 and 2021, the global landscape was filled with new vulnerabilities and fresh attack vectors due to the radical changes in working environments, approaches and investments. For example, companies around the world went remote, and then hybrid. Employees went home, and then everywhere. Systems went digital, and into the cloud. However, cybercriminals activated their fingers and took advantages of the holes that nobody knew they had left behind. By this 2022, there were some stand out facts that beamed a light on the complexity of security and the threats facing the organisation and individual.
According to research by SAP and Onapsis, it can take less than 72 hours for threat actors to weaponize a vulnerability. When added to ‘the fast and the Frivolous–Pacing Remediation of Internet-Facing Vulnerabilities, findings said 53% of organisations have at least one vulnerability with around 22% having around 1,000 vulnerabilities each.
This does not paint a cheerful picture for security teams or companies. And, just to put a few more logs on the fire, the 2022 Vulnerability and Threat Trends Report said that there had been more than 20,000 new vulnerabilities released in 2021 alone.
Africa, a continent globally acclaimed as a fast-rising fintech region, could stand a greater risk in the ensuing scary cybersecurity scenario for 2023. The continent’s fintech is being fired by increasing smartphone ownership, declining internet costs, expanded network coverage, and a young, fast-growing, and rapidly urbanizing population.
On the other side of the cybersecurity coin, however, is the fact that decision-makers across all levels of the organisation have become more aware of security, and more invested in implementing it properly. This trend sharply rose in 2022, and will continue on its upward trajectory well into 2023 – and this will go a long way towards helping companies be better prepared for the onslaught that lies ahead.
Collard said: “Board members and decision-makers are putting security and resilience on the agenda. They are aware that cybersecurity is a growing problem, and this is being driven by the media; and by changing data privacy and protection laws, as well as by a more people-centric approach to business. Companies are recognising the importance of security protocols for protecting their employees and their data, and putting the right processes in place.”
Looking ahead, it is hard to predict precisely what vector, threat, attack surface or vulnerability will be exploited by cybercriminals in 2023. What is easy to predict is that they will try, and keep on trying, because it is a business, and a profitable one. To combat the risks and embed a culture of security within the business, companies need to focus on training, security skills development, robust security solutions, and constant awareness.