Trend Micro Incorporated, a global cybersecurity leader, has recently released its newest report: “Future/Tense: Trend Micro Security Predictions for 2023“. The report cautions that in 2023, threat actors will increase attacks on security blind spots in the home office, software supply chain, and cloud as cyber threats continue to grow year-on-year. The report anticipates several IT security trends to watch out for in 2023.
Firstly, remote working is here to stay, and so a renewed focus on unpatched VPNs, connected SOHO (Small Office/Home Office) devices and back-end cloud infrastructure will be expected to cause threats. VPNs represent an attractive target, and home routers are often left unpatched and unmanaged by central IT. Secondly, there is a growing supply chain threat from managed service providers (MSPs) due to their access to a large volume of downstream customers, making them a more profitable target. Thirdly, “Living off the cloud” techniques may become more common, such as attackers using a victim’s backup solutions to download stolen data into their storage destination. Fourthly, connected car threats will increase, with malicious actors targeting cloud APIs, which sit between in-vehicle embedded-SIMs and back-end application servers. Finally, Ransomware-as-a-service (RaaS) groups may shift their focus towards the cloud, and social engineering will be turbo-charged, with business email compromise (BEC)-as-a-service offerings and the rise of deepfake-based BEC.
To mitigate these emerging threats in 2023, Trend Micro recommends organisations implement zero trust strategies, provide employee training and awareness raising, consolidate onto a single security platform, stress test IT infrastructures to ensure attack readiness, and create a software bill of materials (SBOM) for every application. These actions will help minimise damage without sacrificing user productivity, turn employees into effective lines of defence, improve a company’s ability to detect suspicious activity, reduce the burden on security teams, and deliver visibility into code developed in-house, bought from commercial sources, and built from third-party sources.
