In light of the region’s race towards digitalisation, Netskope, the leader in Secure Access Services Edge (SASE), has revealed its annual threat predictions and anticipated trends in cyber attacker behaviour, cloud security, and more
Jonathan Mepsted, VP for Middle East and Africa at Netskope, commented, “Similar to how we have done this in years past, we have sourced these predictions from across our team of internal experts; our global and regional CIOs, CISOs, CTOs and the specialists in our Threat Labs. Some of these predictions touch on topics that you may have seen discussed this year, considering how they will evolve, while others feature technologies and dynamics that may be completely new on the radar of Middle Eastern organisations for 2023.”
Gustavo Palazolo, staff threat research engineer, explained, “Attacks involving data encryption and theft of confidential information are on the rise. There is a growing trend that we believe will intensify in 2023, where we have two extremes. On one side, we have the infamous Ransomware-as-a-Service (RaaS), in which attackers focus on both encryption and theft of sensitive data. On the other side, we have extortion groups, like LAPSUS$ and RansomHouse, which breach companies only to exfiltrate sensitive data, without encrypting any files. We believe 2023 will be filled with attacks sourced from RaaS groups and from extortion groups, perhaps even intensifying an Extortion-as-a-Service model.”
Ilona Simpson, chief information officer, EMEA, expects that the collective attitudes towards the ‘industrial metaverse’ will begin to shift in 2023. Instead of being seen as something obscure, we will see wider recognition that its key components – the digital shop floor in combination with supply chain automation and optimisation through AI/ML models – are real and relevant, bringing new cybersecurity challenges with it. And with this new attitude toward the industrial metaverse, comes the opportunity to drive a deep technological shift as a business change initiative.
Another expectation is for hackers and potential attackers to find ways of bypassing multi-factor authorisation (MFA). Although MFA is currently viewed as a solution to the issue of phishing, it only serves to encourage attackers to change tactics. Easy-to-deploy reverse phishing tools and methods for abusing AuthO workflows are examples of ways in which MFA can be bypassed, as Netskope expects to see an increase in sophisticated targeted phishing attacks.
