Five Audacious and Outrageous Cybersecurity Predictions for 2023

Cybersecurity professionals just love to make predictions. How accurate they are is anyone’s guess, so Kate O’Flaherty decided they may as well be audacious (and sometimes, ludicrous). Grab a pinch of salt, kick back and enjoy these five outrageous cybersecurity predictions for 2023 made by experts with their tongues firmly in their cheeks

1: Every security problem will be solved by zero trust adoption

 Each year, a security trend is predicted to solve every business problem, and 2023 will be no different. In 2023, the ‘culprit’ will be zero trust, according to independent security researcher Sean Wright. “2023 will finally be the year when all our security problems will be solved by this magical solution,” he jests.

Over the course of this year, zero trust will make so much impact that breaches will soon become a thing of the past, Wright predicts. “Sure, we’ve had the same predictions year after year, but 2023 will be different. After all, we haven’t given it enough time; it’s only been around for a decade or so. Google introduced its own flavour, BeyondCorp, in 2009.

“It’s not like organisations are facing an incredibly challenging year, especially security teams who have all the time in the world to tackle new and exciting projects,” Wright adds, with enough sarcasm to sink a ship. “Companies also have loads of spare cash to throw at costly and time-consuming projects like confetti.”

The move to zero trust will, of course, make many people very happy, Wright continues with a smirk. He thinks 2023 will see pressured engineering and IT departments “shout in joy” at the thought of the additional workload. “It’s not like they will have much else to do: We still face the same human issues such as using weak or re-used passwords, not to mention the lack of multi-factor authentication (MFA), but zero trust will overcome all of these great challenges,” Wrights says. “After all, the system will know when an attacker has managed to successfully compromise employee X’s account via a successful phishing attack and prevent access.”

The results of this approach are clear, says Wright: “Attackers will finally hang up their phishing coats, admitting defeat. CISOs around the world will sleep soundly knowing that they have zero trust in their systems and employees.”

2: ChatGPT will form the basis of devastating cyber-attacks

We’re still in Q1 of 2023, and ChatGPT is already dominating tech conversations. While people are raving about the technology’s efficiency, there’s no doubt that adversaries will use ChatGPT to form the basis of multiple types of attacks.

So much so that Ian Thornton-Trump, CISO at Cyjax, predicts that ChatGPT could be used to launch a business email compromise (BEC) cyber-assault with devastating consequences. He describes how adversaries could use the intelligent technology to impersonate Christopher Gerard Cavoli, Supreme Headquarters Allied Powers Europe (SHAPE) commander: “The attack will nearly cause US and NATO forces to deploy to Taiwan in response to unprecedented hostile Chinese activity detailed in top secret intelligence reports – also created by ChatGPT – and sent as email attachments.  NATO will be embarrassed for nearly going to war over a BEC attack that impersonated the commander, and Russian threat actors will be implicated,” he scoffs, imagination running wild.

“NATO will be embarrassed for nearly going to war over a BEC attack that impersonated the commander, and Russian threat actors will be implicated”Ian Thornton-Trump

While the attack he describes is, of course, somewhat unlikely, the threat posed by ChatGPT does need to be considered by organisations of all sizes. ChatGPT is already panicking businesses with the ease and speed in which it can write malicious code, says Jake Moore, global cybersecurity advisor at ESET. With this in mind, illicit use of ChatGPT will be adopted by malware-as-a-service products and other weapons in attackers’ toolkits, Moore predicts.

“ChatGPT has unlimited uses and it plays perfectly into the hands of criminals with its endless activity,” says Moore.

In 2023, Moore predicts that ChatGPT will “fool even the most savvy people” with its clever phishing email writing capabilities: “It really does offer the full automated exploitation experience,” he says. No pinch of salt is needed for this prediction.

 

3: Cyber war will play out on the national stage

“As with all wars throughout history, the cause will be a matter of dispute,” says Christian Toon, CISO at law firm Pinsent Masons, as he describes how cyber war could play out: “Nations could be driven by power, wealth, ideology or land. We’ve hypothesised about a cyber war for over a generation now, but 2023 will be the time we see it play out on the national stage,” he predicts.

So what will the cyber war look like? “Allegiance will be forced digitally, and new terms defined where ‘cyber patriots’ and ‘cyber tyrants’ do battle in the open,” says Toon.

He audaciously predicts that society and its economies will feel the brunt of this impact more than ever. “Sanctions and the rules of war will impact life and businesses the world over. Rule-free engagements online will allow anyone to damage, deface, destroy or degrade digital services to disadvantage others.”

As the world waits for cyber war to hit, it’ll be integral that everyone is prepared, Toon warns. “Businesses and those charged with protecting operational activities and national infrastructure will need to bunker down and ensure their cyber controls are robust enough to deal with tactics deployed by nation states and their affiliated cyber groups,” says Toon, serving up a dose of realism amongst the sensationalism. “History has a habit of repeating itself: After all, what is cyber war good for? Absolutely nothing.”

 4: Deepfakes will become mainstream and widespread

Number four is less whimsical. Deepfakes are becoming increasingly convincing, but experts predict that 2023 could be the year they become part of multiple types of cyber attacks. If you’re unfamiliar with a deepfake, think of it like a modern-day version of photoshop. Deepfakes use artificial intelligence to make images of fake events. “We’re about to enter the golden age of social engineering, with adversaries poised to make use of next-level deep fakes to enhance the effectiveness of these attacks,” says António Vasconcelos, technology strategist at SentinelOne. And by adversaries, he means cyber criminals or hackers.

“Not only will we see an increase in voice deepfakes – such as AI-generated CEO voice audio that convinces staff to transfer funds to a scammer’s account – there will also be a move towards deepfake video clips with the sole aim of generating a large number of shares.” This prediction is undoubtedly less audacious.

“Rule-free engagements online will allow anyone to damage, deface, destroy or degrade digital services to disadvantage others.”  Christian Toon

Imagine a deep fake video of a drunk politician, a celebrity in a compromising position, or a simple swap of Putin’s face on Kim Kardashian’s body going viral, Vasconcelos suggests. “Even if people know the video might be fake, it could still easily lure millions of viewers into clicking malicious links.”

Today, it takes much less time than you’d expect to develop a deepfake good enough to fool people: “As demonstrated in a recent experiment, it only takes about 72 hours to create a decent face swap using publicly available tools and an off-the-shelf graphics processing unit (GPU),” Vasconcelos says.

“There’s no shortage of people still falling for all the usual, easy-to-produce phishing bait, but threat actors are always looking for ways to get more cyber crime value for money. Deepfakes offer them an easy way to deploy social engineering attacks far and wide, so think twice the next time you’re tempted to click on a viral video,” Vasconcelos warns.

5: Spyware-like technologies will infiltrate viral apps

Number five also serves up a less frivolous prediction. Over the last few years, Israeli company NSO Group and the Pegasus spyware’s ability to steal data from infected devices has hit multiple headlines. In 2023, the threat from spyware-like technologies could become more wide-reaching, according to Philip Ingram, MBE, a former colonel in British military intelligence.

“If we look at the increasing use of viral apps in our day-to-day activities, people readily click ‘accept’ terms and conditions on services such as TikTok without reading them. So how do we know if the coding in an app offers the same access to a device as Pegasus?” Ingram asks.

In an age of increasing data collection, Ingram warns of the consequences many people could face: “How do we know what data is collected, what interactions there are with other apps and where any exported data go? Given the sheer volume of data that mobile devices now process, they are the vulnerable cyber underbelly exploited not just by criminals but by nation states,” says Ingram.

In 2023, he predicts nation states will continue to increase their focus on digital currencies, which could pose a similar threat: “The digital Yuan is already being trialed for businesses in some provinces in China, and of course it will be managed through an app. How can we identify potential threat vectors through apps and interactions in an expanding digital universe including the so-called metaverse? Will nation states exploit opportunities?”

Amid this complex and developing environment, Ingram points out just how difficult it is to protect user data. “The interconnectivity of threat vectors and adversaries continues to become more complex and we are all potential targets.”

So, there you have it, five outrageous and audacious cybersecurity predictions for 2023, served with varying quantities of salt and tongues that were often (but not always) positioned firmly in cheek. Only time will tell which, if any, will come true.