With 2022 coming to an end, the year 2023 promises to be a remarkable year of change for organizations throughout the Middle East. Netskope, the leader in Secure Access Services Edge (SASE), has revealed its annual threat predictions and anticipated trends in cyber-attacker behaviour, cloud security, and more in light of the region’s race to digitalization.
Jonathan Mepsted, VP for Middle East and Africa at Netskope explained; “Similar to how we have done this in years past, we have sourced these predictions from across our team of internal experts; our global and regional CIOs, CISOs, CTOs and the specialists in our Threat Labs. Some of these predictions touch on topics that you may have seen discussed this year, considering how they will evolve, while others feature technologies and dynamics that may be completely new on the radar of Middle Eastern organisations for 2023.”
Data encryption and confidential information theft attacks are on the rise. We see two extremes in a growing trend that we believe will intensify in 2023. On the one hand, there is the infamous Ransomware-as-a-Service, in which attackers focus on both encryption and data theft. Extortion groups, such as LAPSUS$ and RansomHouse, on the other hand, breach companies solely to exfiltrate sensitive data without encrypting any files. We believe that 2023 will be filled with attacks originating from RaaS and extortion groups, possibly intensifying an Extortion-as-a-Service model. Staff Threat Research Engineer Gustavo Palazolo
In recent years, there has been a significant increase in software supply chain attacks. We expect this type of attack to grow as more vulnerabilities in application source code are discovered, particularly in open source software. This highlights the need for organizations to strengthen their software supply chain security measures and strategies. Threat Research Engineer Clive Fuentebella
Organizations will start to prepare for a quantum world in 2023. During 2022, guidelines and standards were made available for quantum-resistant algorithms, and this means organizations need to start thinking about things like post-quantum cryptography challenges. While it’s a way off, regulatory groups like NIST and ENISA are urging organizations to start their programs now to make sure they are prepared. Neil Thacker, CISO, EMEA
Our collective attitudes towards the “industrial metaverse” will begin to shift in 2023. Instead of being seen as something esoteric, we will see wider recognition that its key components—the digital shop floor (used interchangeably as a “digital twin” by some) in combination with supply chain automation and optimisation through AI/ML models—are real and relevant, bringing new cybersecurity challenges with it. And with this new attitude toward the industrial metaverse comes the opportunity to drive a deep technological shift as a business change initiative. Ilona Simpson, Chief Information Officer, EMEA
Phishing is a social engineering technique. You need to find someone with their guard down and convince them that you are legitimate, and they should either give you their password or otherwise authorize you to access their accounts. Multi-Factor Authentication (MFA) has long been touted as a “solution” to the phishing problem, but what it really does is force attackers to change tactics. Between easy-to-deploy reverse proxy phishing tools and techniques for abusing OAuth workflows to sidestep MFA and gain direct access to cloud apps, we expect to see an increase in sophistication in targeted phishing attacks to bypass MFA. Ray Canzanese, Director, Threat Research