Cybersecurity Landscape in 2023
By Alexandru Petrescu
Cybersecurity experts, researchers and specialized vendors are submitting their predictions for what might be in store for the industry in 2023, the phrase “economic uncertainty” was often invoked and may be the leitmotiv security professionals take in consideration when making important business decisions.
In current year, we will see fewer resources and tighter security budgets in corporate settings thanks to this “economic uncertainty”, resulting in lower security posture across organizations. Because of this, threat actors will capitalize on this asymmetry and evolve faster, creating the perfect storm for an amplified number of breaches across all vectors in 2023, especially using email as an attack vector.
In tough economic times, an organization’s c-suite will be focused on cutting what they perceive as non-essential costs. It’s exceptionally important that when leadership thinks about cybersecurity budgets, they take the time to carefully analyze and understand what they are protecting from a business perspective.
According to Gartner, digital immune systems that deliver resilience and mitigate security and operational risks will be a key strategic technology trend in 2023.
As cyberattacks continue to rise, I anticipate more organizations will be doubling down on frontline prevention and detection technologies to stay secure and aiming to consolidate cybersecurity tools where possible.
The major challenge for cybersecurity itself will be a lack of transparency and information sharing between companies. It will be extremely difficult to follow the ‘business as usual’ concept and remain neutral. Global political conglomerates will unfortunately influence cyberspace and cybersecurity.
According to industry’s experts, over the next 5 years, every organization with 100 employees or more will be spending at the bare minimum 10% of their operating budget on digital security tools,
The cybersecurity industry is historically resilient in tough economic times. On the verge of a possible recession, this time won’t be any different. Recession or not, businesses are facing unprecedented volume and sophistication of threats. The potential losses from cybersecurity threats aren’t going to go down, either, with damage from cyberattacks expected to reach $10.5 billion annually by 2025. Amid that backdrop, a recent survey of CIOs revealed that two-thirds plan to increase cyber spending in 2023.
Cybercriminals don’t retreat in the face of economic trouble — if anything, they are going to increase their presence. As businesses try to keep pace, in 2023 we’ll see significant growth in the endpoint protection market as a whole. Companies that maintain efficient cybersecurity resources will fare much better in the long run than those who make widespread cuts.
Millions of people escaped the drudgery of the Covid-19 pandemic’s years by turning to iGaming and generally increasing their digital footprint. These virtual worlds also lured in a different kind of enthusiast — the kind who sought to steal people’s personal information and real-world money.
In recent months, cybersecurity firms have warned that cybercrime in gaming has increased substantially since the start of the pandemic, and that the vulnerabilities — for gambling studios as well as players — are far from being vanquished.
“When you add more users or devices or applications to a user pool, you’re creating a larger attack surface,” the experts are warning.
Justin Cappos, a professor of computer science and engineering at New York University, said one thing that makes the gaming industry vulnerable is that developers are not hired to create secure software. They are hired to deliver iGaming experience fast and frequently.
According to the Akamai report, gaming is the industry most hit by distributed denial of service, or DDoS, attacks, in which an attacker uses an automated technique to overwhelm servers with requests, severely slowing down the service or taking it offline altogether. These attacks can eat into a company’s bottom line as it scrambles to restore access and address customer complaints.
Akamai warned that as the gaming industry expands, it will attract more cybercrime.
Game studios have also struggled to fend off attempts to steal their users’ data, take their games offline or leak their game code. In these attacks, hackers may use the stolen information as ransom or try to auction it for huge sums of money.
iGaming companies needed to patch vulnerabilities in their code, improve employee training about hacks and look out for online leaks of employee credentials.
Cyber teams are going to be in the spotlight now more than ever. Understanding their security posture for businesses is crucial; knowing what current tools are available and the gaps that currently exist in your infrastructure will help you to protect your enterprise. The need for bigger cyber budgets and having the right people in place is critical. With ongoing talent shortages, consider partnering with a third-party firm to ensure you have fail-proof processes, documentation, and regular third-party assessments.
In 2023, we will see a new evolution of cyber insurance emerge with specific coverage criteria tied to cyber hygiene. Cybersecurity teams will be required to demonstrate the efficacy of their strategy, and organizations that fail to maintain proper safeguards will be excluded from coverage when an attack occurs.
As detailed in different online activity reports, COVID-related lockdowns and social distancing resulted in a major increase in iGaming and the data shows no sign of this trend slowing (Akamai report” Gaming Respawned”, 2022) with gambling apps downloads being one of the primary traffic drivers.
After refining the technology over many years, iGaming companies are growing their investment in cloud-based gaming, which will represent an expansion of gaming companies’ attack surfaces. Concurrently, cyberattacks on player accounts and gaming companies increased dramatically in the past year, with web application attacks growing by 167%.
The value in iGaming continues to grow and to attract cybercriminals, cheaters, money launderers, and other bad actors. DDoS attacks against the gaming industry remain a major threat, and have grown by 5% since the previous year.
Online gaming and gambling entertainment remains the industry most hit by DDoS attacks, accounting for 37% of all DDoS traffic observed globally, nearly twice that of the second-most DDoS-attacked vertical — financial services.
With the digital challenges of today’s world constantly increasing, cybercriminals have not ended their focus on iGaming platforms, players, and organizations. This comes as no surprise since players tend to stay connected online to one another and with the world at large.
More important, criminals target online players because they’re inclined to spend money on the things that makes them happy. To an attacker, players represent value. If they can hack into user accounts, bad actors can steal everything from in-game currencies and assets to account information, and then sell the loot on the dark web. Or, they can steal a whole account, along with the time a gamer had invested in creating am iGaming experience. Additionally, if hackers can breach a gambling company, they can wreak all sorts of havoc — from stealing the source code and engineering cheats that make the game unfair to extorting companies by encrypting systems or publicly exposing exfiltrated data.
Therefore, the ongoing geopolitical storm brings not only classical cyberthreats for iGaming industry but also unpredictable risks and “black swans” the main risks for 2023 will be data-protection, business continuity, financial transaction’s integrity and supply-chain stability. While all these are big challenges for business right now, cybersecurity is not merely an issue, it’s a major problem that needs to be addressed immediately. Overall digital architectures, especially for multinational operators, will become more of a sweet spot for targeted ransomware and state-sponsored espionage campaigns.
So, I strongly suggest to digital armour plate yourself, as a business, before becoming a number on a corporate cyber incidents statics for 2023.
If you want to continue this discussion, feel free to reach out to me, at alexandru.petrescu@bigcyberdefense.com
