Cybercrime in 2023: a scary trend

Cyber security trends 2023

But the solution is always there

For astrology enthusiasts, 2023 will be the year of Libra and Scorpio. For everyone else, it will be the year of the difficult geopolitical situation, the energy crisis and also the further growth of cybercrime, which will be even scarier than it has been so far.
To give a little bit more detail, this year will also be the year of crime-as-a-service, during which cybercrime will become ever-more structured as a real business model to launch increasingly sophisticated attacks.

To get a pretty clear idea of what trends in the cyber world will be like by 2023, without consulting astrologers and fortune tellers, just read the Clusit report, which was released in November. Some quite reliable estimates emerge from it.

Referring to the year just ended, the report calculated that in the first six months of 2022, cybersecurity attacks considered serious, i.e. with a systemic impact that affected several aspects of society (politics, economy, geopolitics) numbered 1,141 (+8.4% compared to 2021), i.e. 190 attacks per month, with a peak in March 2022, of 225 attacks, the highest value ever to occur.

If, since 2011, there have been more than 15,000 serious attacks, but more than half of them (8,285) have occurred in the last 4 and a half years, it is not difficult to understand the direction of the trend.

If we try to compare 2022 data with 2018 data, attacks grew by 53% from January to June, with a monthly average of serious attacks globally that rose from 124 to 190.

In addition, what has struck the researchers most is that the attacks have come, in addition to the usual large supranational organisations, also from young pirates who increasingly delight in ruining the plans and projects of companies and establishments.

In short, by 2023, the forecasts do not seem to promise any improvement: indeed, experts agree that there will be a general increase in global attacks, thanks to the disturbance of geopolitical balances linked to the Russian-Ukrainian conflict and the financial and energy crisis. The target of hackers will therefore be, above all, governments, companies and strategic infrastructures.

In addition, with the rise of the metaverse, avatar crimes and transactions in virtual city stores will also increase, and with the use of digital wallets and cryptocurrencies, the attack surface will also increase. Not only that: given the use of augmented and virtual reality tools, attackers will also move into the field of biometric data.

Regarding the various modes of attack, Phishing and Ransomware are still present on the podium, but they will never remain the same, rather, they will develop into even more subtle and refined strategies.

Just think that already today, one email for every 99 of those we receive can be classed as a phishing email.

Taking into account that one in three is regularly opened, we can understand how phishing will also be the primary trend in cybersecurity in 2023.

The FBI has warned that phishing attacks could increase by as much as 400% year-on-year.

As for Ransomware, in 2022, attacks increased by 33% compared to the previous year.

Therefore, it is not difficult to predict that in 2023, this will also be one of the dominant trends in cybersecurity, also fueled by the phenomenon of Ransomware as a service, i.e. the automated market for the production of ransomware.

All experts, therefore, agree that in 2023, more companies and institutions will be affected, and more critical infrastructures will be impacted.

The seriousness of the situation has also been recognised at the institutional level, so much so that in 2022, the European Union adopted an updated directive on cybersecurity, the Nis 2,and Italy, together with the countries of the European Union, the United States, Japan, India, Australia, the United Kingdom and others, has joined the Counter Ransomware Initiative,participating in the work of the last international summit, in Washington, last November, with the shared objective of developing common responses to ransomware attacks across the world, through joint measures, information sharing and new platforms for the fight against attacks on infrastructure.

As with any problem, however, we must no longer wait for solutions to come from above; instead, we must be organised and ready to respond to attacks without leaving ourselves unprepared.

Precisely for this reason, the almost unanimous conclusion is that choosing an identity management approach of the zero trust type, based on the premise that nothing, inside or outside the company, should be automatically considered secure, and that all devices and users requesting access are considered unauthorised until proven otherwise, can no longer be an optional approach but instead must become a “must”.

For those who still have doubts, it may be useful to know that according to IBM, those who have adopted the zero trust system have saved an average of one million dollars in damage from cyber attacks compared to those who have not.

It is no coincidence that the spending budget for cybersecurity is no longer perceived as a cost and is increasingly considered an element of competitive advantage. By 2023, businesses are expected to spend nearly $190 billion on cybersecurity.

This is a record figure (it was 172 billion in 2022, and 151 in 2021) that is destined to be surpassed in the years to come, given that the average annual growth trend until 2026 is estimated at 11% and will lead companies to spend over 260 billion dollars.

Awareness of the risks can make a difference

Remote work protection, zero-trust networks and cloud security will be the drivers of cybersecurity spending in 2023. All of these are necessary protection measures, but they could be useless if not supported by the correct digital posture on the part of each individual. Security can be said to be such only if it is built on a solid foundation of awareness and knowledge of risks.
It is well established that the human factor remains the element of weakness most exploited by hackers.
Therefore, it is important to work specifically on this, through ongoing and quality training and the construction of knowledge that can stand up to even the most astute cybercriminals.