By Sunil Sharma
In a world dominated by technology, we have seen rise in cyberattacks, both in terms of volume as
well as complexity. The Sophos State of Ransomware 2022 revealed alarming findings that showed
that 78% of surveyed organisations in India were hit by ransomware. In addition, more than 90% of
Indian organisations that were attacked said these attacks impacted their ability to operate and led
to a loss of business/revenue. Over the course of 2022, we continue to see cyberattacks taking place
at a large scale, dominating news headlines, and crippling organisations for days.
Today, it is safe to say that with the commercialization of ransomware-as-a-service, cyberattacks are
getting more brazen, and will continue to evolve in 2023.
Here’s are some cybersecurity trends to watch out for in 2023:
Mobile devices are increasingly targeted:
As mobile applications have become the dominant way in which people interact with the internet,
mobile devices are at the center of a burgeoning range of new types of cybercrime. Not only are
attackers still using fake applications to deliver malware injectors, spyware and banking-associated
malware, but newer forms of cyber fraud have been growing in popularity, such as “pig butchering”
schemes. Today, both Android and iOS devices are increasingly being targeted by fake applications;
what is worrisome to note is that criminals have found ways to use social engineering to breach
Apple’s walled gardens.
Crypto-related scams will increase:
The devaluation of Monero, one of the most popular cryptocurrencies for cryptominers, led to a
decrease in one of the oldest and most popular types of cryptocrime—cryptomining. There is also a
rise in crypto-related mobile apps in the form of fake wallets that are used to scam investors.
Additionally, crypto-related scams are continually shifting and mutating, swinging from fake
cryptocurrency investment to fake crypto derivative investments, and into other fake financial
markets.
5G will bring about increased cybercrime:
The recent launch of 5G in India will be a game-changer for technology adoption in India. 5G
technology, will improve on its predecessors with faster speeds, higher bandwidth and lower
latency, which will likely make it more common than 4G ever was. While the faster speeds definitely
have their advantages for users, they’ll also cause disadvantages, since hackers will be able to exploit
its speed.
Attacks on the cloud supply chain will disrupt firms:
As enterprises continue to move applications to the cloud, reliance on third parties and partners
increases, which also raises the risk of threats via the supply chain. Log4J has already proven how
numerous organisations can be impacted by a piece of dependent code that is incorporated into the
software packaging process. There is already and increase in cyberattacks using weak supply chain
practices which will continue in the near future, unless active threat hunting methods are deployed.
In light of the above, there is a strong need for enterprises and individuals to protect themselves and
their data. Organisations also need to have a robust cybersecurity strategy in place, in order to
mitigate threats, and prevent damage to the businesses’ reputation and finances. Additionally,
proactive response plan development allows internal teams to evaluate different response protocols
and be better prepared in case of any cyberattacks.
A few best practices that organisations can implement are:
Leverage cybersecurity-as-a-service (CSaaS): Through this security model, outsourced specialists
provide companies with urgently needed defenses and on-demand intervention. By outsourcing all
security operations or augmenting existing teams, organisations can ensure 24/7 threat hunting,
detection and response capabilities. This is made possible through managed detection and response
(MDR), a core CSaaS offering.
Maintain good IT environment hygiene: Robust IT environment hygiene minimizes the likelihood of
incidents occurring—so routinely check your security controls and address any unpatched
vulnerabilities, like open remote desktop protocol (RDP) ports.
Keep a hard copy of your incident response plan: Always have a physical copy of your incident
response plan on hand. If your organization is hit with ransomware, digital copies of your plan could
be among the files encrypted.
Today cybersecurity has become so complex that organisations cannot afford to handle it on their
own. In order to mitigate threats, enterprises should work with a trusted partner to implement
robust security strategies and build a secure operating environment.
(The writer is the Managing Director – Sales, India & SAARC for Sophos)