While they may appear simplistic and even self-evident to readers at CybersecAsia, these trends harbor destructive potential if underestimated and unaddressed

The relentless escalation of cyber warfare and cybercrime makes the approaching new year a fertile ground for predictions of what other cyber risks await the world.

In an interview, Righard Zwienenberg, Senior Research Fellow, ESET, provided CybersecAsia.net readers some guidance based on his 34 years of experience in the industry.

Righard Zwienenberg, Senior Research Fellow, ESET

In his predictions for the year 2023, Righard made the following observations and predictions:

    1. Cybercrime will be directed more towards countries (that is, their critical infrastructures).
    2. Enterprises are more likely to focus on their operating systems to prevent attacks.
    3. Even now, many organizations have not learned from the COVID-19 pandemic on approaching digitalization and cybersecurity. There is no clear picture on what organizations will do if another massive pandemic strikes.
    4. More SMEs will understand the importance of investing on cybersecurity, whether by choice or by regulatory pressure.
    5. Dialogs between CISOs and cybersecurity solutions providers will increase. Firms should start interacting with all security vendors, and should be preemptive in reminding/warning customers about cyber safety practices.
    6. The huge demand for skilled professionals in cybersecurity will continue to grow in 2023. The number of such professionals will also increase. More new roles within cybersecurity teams will be created, with one that is growing in demand: Cybersecurity Information Analyst.
    7. Information flow on recent trends and attacks will not stop within the IT team. For example, Finance heads (CFOs) will also have to be educated by the CISO team on the threat opportunities. Finance teams are likely to take threats more seriously than earlier, as they know, by not investing in security, they will end up paying more in the form of attacks and regulatory fines.
    8. Education on cybersecurity will increase. Ideally elementary level schools will have basic outlines on cybersecurity while universities will mandate it. We will see more courses related to security skills updating. Organizations may start setting aside mandatory budgets on cybersecurity training.
    9. The practice of network segmentation will become more widespread as more IoT devices are put into use.
    10. Remote Desktop Protocol (RDP) is causing cybersecurity issues worldwide, with an almost 900% increase in detected breach attempts by ESET. Yet, around 77% of the small- and medium-sized enterprises will continue using RDP.

Regarding ransomware trends, Wannacryptor seems to be the most prevalent. “In the heat map, Russia, US, South America, Spain, Ukraine, Indonesia and India ransomware incidents are increasing (in ESET’s user base). Russia, USA, China, Ukraine and Israel are the top countries where many ransomware attacks are detected”, Righard noted. As far as Asia Pacific region is concerned, he predicts the top five countries where ransomware will be prevalent: China, Thailand, India, Indonesia and Japan.

Righard also noted that many cyber-attack victim organizations fail to report incidents, and this trend may in 2023 cause changes in cyber regulations to mandate reporting, just as Australia has done.