By Caique Barqueta: The year 2022 was marked by various types of cyber attacks, bringing a lot of turbulence to organizations' cybersecurity teams. In light of this, we have mentioned the main aspects and trends for companies to adopt and monitor in order to mitigate cyber attacks this year.

One of them is the human-machine spectrum. Machine learning will become an increasingly important cyber technology and will guide the emerging generation of security products.

Remember that the trends we've mentioned here may change, as the cyber market is based on several points that may change.

IoT (Internet of Things) devices

By the year 2023, the number of IoT-connected devices is expected to increase to 43 billion worldwide, more than 13% compared to 2022. This growth rate is due to new sensors, more computing power and reliable mobile connectivity around the world, creating greater accessibility and availability.

As the use of devices increases, so will the security risk, because the growth isn't just occurring in our homes through smart TVs and other devices.

Companies are also observing the power that the IoT brings to the corporate world, sometimes helping with automation and controls, and this is one of the practices that will be adopted in 2023.

One of the points we've noted is that IoT devices end up being an easy target for cybercriminals, as they are vulnerable to network attacks.

As an example, a malicious agent could exploit an IoT device as a network entry point, using it as a springboard to launch a more sophisticated ransomware attack, or even direct the IoT device to send network requests, causing packet floods and carrying out a DDoS attack.

Employee awareness and training

Another trend is employee awareness in the year 2023, because due to the large number of attacks, companies need to ensure that all teams and people are trained with the latest skills to identify attacks, such as phishing, which is one of the initial vectors.

In addition, we can mention the adoption of in-house employee training, because as the shortage of professionals is quite high, companies should focus on training and updating existing and newly hired staff. Cyber security professionals must prevent and respond to attacks with practical experience to be able to do the job.

Use of Artificial Intelligence (AI)

Artificial Intelligence is gaining more and more ground in the technology market, as they create systems that offer automation, security and other advantages. AI came to prominence in 2023 thanks to the great success of ChatGPT and social media users who end up sharing with new Lensa avatars on various platforms.

That's why it would be no different if artificial intelligence were to feature prominently at the start of the year. It is very likely that the technology will be even more sophisticated and extended to mass functions.

According to PWC, this technology is expected to contribute almost US$16 trillion to the world economy by 2030. On the other hand, when it comes to cybersecurity, you have to be on your guard.

We can say that AI has reached several areas, including hacking, because malicious agents can ask AI to create code that can be used to carry out cyber attacks.

Through their malicious use, hackers can enter false data to contaminate the algorithms and thus generate incorrect results, jeopardizing companies' decision-making and even causing the machines to transfer resources to criminals.

As an example, we can ask the AI to create part of the program code to remain persistent in the victim's operating system.

Attacks on the Supply Chain

In this type of attack, cybercriminals invade corporate networks through vulnerabilities or compromised third-party devices. Supply chain attacks are an emerging type of threat that targets software developers and suppliers. The aim is to access source code, create processes or update mechanisms by infecting legitimate applications in order to distribute malware.

They know that companies that provide supplies to organizations can be a great initial attack vector, since making malicious software available in a supply chain can lead to a massive cyberattack and affect several organizations and people.

Follow up and download our e-book "Attacks on the Supply Chain: Why now and what to do?", and understand why Supply Chains are currently the fastest growing attack surface in companies.

Mitigation measures

Therefore, we realize that there are some fields in which cybersecurity should be applied and better developed, in view of the constant evolution of Internet of Things (IoT) devices, attacks on supply chains, the use of Artificial Intelligence to plan attacks and employee awareness and training aimed at mitigation.

Therefore, we have also listed some of the main mitigation measures that can be adopted by organizations with a view to combating cyber attacks.

• Use strong passwords, incorporating symbols, letters, numbers, uppercase and lowercase letters, as well as implementing periodic password changes for employees;
• Raise awareness among employees on a regular basis with the aim of providing training to prevent them from downloading malicious artifacts, clicking on unknown links, and so on;
• Check the possibility of implementing security tools such as firewalls, EDR tools, XDR tools, antivirus tools and other solutions to protect the security perimeter;
• Creating or hiring people to work with cyber security, as well as using tools and services related to Threat Intelligence.

The above recommendations are not limited to other solutions and measures that can be used to combat cyber attacks on the organization.

References:

• Cyber Threat Intelligence Group, Heimdall by ISH Technology.
• Increase in IoT devices
• Publication regarding AI's request to create part of the code.
• Forecast of worldwide spending on IoT technologies.