By Vinay Sharma, Regional Director, India and SAARC, NETSCOUT
As we bid goodbye to 2023, the cybersecurity domain has once again proven to be a very dynamic and challenging one. The year was characterized by new and emerging threats and innovations making it a rollercoaster ride for cybersecurity professionals, globally. In this article, we take a closer look at the key trends and challenges that shaped the cybersecurity landscape in 2023.
Geopolitical Unrest
Nation-state actors directly target Internet infrastructure to take out critical communications, e-commerce, and other vital infrastructure dependent on Internet connectivity. Since the initiation of ground operations in the Russia/Ukraine conflict, ideologically motivated DDoS attacks targeting the United States, Ukraine, Finland, Sweden, Russia, and other countries have remained constant. Last year, Finland experienced a wave of DDoS attacks before and immediately after its NATO acceptance. Sweden experienced a similar onslaught as that country’s bid to join NATO moved forward. But it’s not just politics: A wave of DDoS attacks hammered wireless telecommunications, no doubt a result of 5G wireless connectivity expanding at a staggering rate and subscribers opting to use 5G as their primary internet connection.
Machine Learning and Artificial Intelligence
As the use of artificial intelligence (AI) and machine learning (ML) for cybersecurity and other purposes increased, these technologies continued to advance and improve. There was an improvement in AI and ML technologies for threat hunting this year as they became more integrated into threat-hunting tools. However, cybercriminals exploited the same technologies to further finetune their attack strategies.
Ransomware onslaught
These attacks that are a major threat to businesses as well as individuals evolved further and became more sophisticated in 2023. There was an increase in the use of ransomware in combination with others, such as supply chain attacks. Hospitals and other healthcare organizations besides governmental entities were targeted more and there was an increase in triple extortion attacks.
DDoS Landscape
There was a sharp increase in DDoS attacks against multiple wireless telecommunications providers which was a global trend. Direct flooding and application-layer DDoS attacks became more popular as anti-spoofing efforts increased globally making it more difficult for spoofed packets to travel across the internet. These attacks came from much more powerful sources, such as cloud-based infrastructure with massive compute and bandwidth resources.
Outbound and Cross-bound DDoS attacks were as devastating and disruptive as inbound attacks. Adaptive DDoS attacks were on the rise too.
Cloud Computing
The growth of cloud computing and the Internet of Things (IoT) continued during the year. Although cloud computing has been around for many years, more and more companies are using it for production workloads as opposed to simply using it for prototyping. These production workloads require both performance and security monitoring to ensure that data is not stolen or modified in the cloud. Attacks on resources in the cloud increased, and security monitoring of these resources became more important.
Threat Detection and Response
Endpoint/network detection and response (EDR/NDR) technologies continued to evolve, integrate, and merge into extended detection and response (XDR). Although EDR has been a well-known and valuable tool, it has some shortcomings. In part due to its maturity in the market, threat actors have developed multiple ways to avoid EDR protections. The attack surface increased exponentially with IoT, software as a service (SaaS), bring-your-own-device (BYOD), serverless applications, fifth-generation wireless (5G), and more. To fill the gaps, most organizations turned to NDR because everything eventually must traverse the network, leaving threats with fewer hiding places. NDR is also more scalable because it can be placed strategically for maximum visibility.
Cybersecurity regulations and compliance
Government agencies across the globe worked towards further enhancing cybersecurity regulations and compliance standards, as it became a national security imperative. Businesses faced higher scrutiny and regulatory requirements. In India, the Central Government passed its long-awaited Digital Personal Data Protection Act (DPDP).
Human error – threats from within
Organizations saw human error as one of the most prevalent reasons for data breaches where employees were directly responsible for a significant number of attacks. This led to businesses focusing on training employees and updating them on the latest types of attacks and how to combat them.
The healthcare sector was at high risk
The healthcare industry saw a significant rise in cyberattacks in 2023. Most of the ransomware attacks targeted patient data, disrupted operations, or took over systems. Millions of patients were affected. Phishing scams were the most common.
IoT device vulnerabilities
Manufacturing got increasingly concerned about the vulnerabilities of IoT devices which while bringing in convenience introduced risks as well. The number of connected IoT devices has increased significantly, presenting a further opportunity for cyber-criminals to carry out attacks.
There is a lack of IoT security awareness and it is extremely crucial to educate the IoT users about the risks of using these devices and how to safeguard themselves.
Zero Trust Architecture
In 2023, the adoption of Zero Trust Architecture increased as several organizations across industry verticals fortified their defenses against evolving threats. Embracing the Zero Trust Model became a strategic imperative as opposed to the traditional perimeter-based approach. The former stressed continuous verification and strict access controls.
