2023 Could Be a Security Nightmare. Here’s Why.

I’ve been watching the German-language Netflix series Dark, and this isn’t exactly a spoiler, but a character on the show can see the future. I’d love and hate such a gift. On the one hand, it would be incredibly helpful to know everything that will happen in online security in 2023, especially since I offer weekly internet safety tips via the SecurityWatch newsletter. On the other hand, knowing ahead of time about all the data breaches, phishing attempts, ransomware infections, and identity theft scams the online world will endure would probably be terrible for my mental well-being.

I can’t see the future, so I did the next best thing and gathered predictions from online security industry experts. Below are quotes from engineers, researchers, and other industry professionals with their 2023 predictions for various aspects of the online security ecosystem. Unfortunately, it doesn't paint a very encouraging picture for the year ahead, but it's better to be prepared than to get caught off guard.

Personal Online Safety 

“Next year will not be any easier when it comes to keeping users’ data safe and private. Authoritarian countries and hackers are working hard to compromise those factors. However, I see the light at the end of the tunnel because people are starting to value their data, pushing businesses and governments to take action.”

-Marijus Briedis, chief technical officer, NordVPN

“Consumer attitudes toward online security and privacy will heighten. A key driver here will be that while enterprises getting hacked and hit by ransomware continue to make headlines, cybercriminals have begun to hit not just enterprise businesses with deep pockets, but small/medium sized businesses (SMBs) and individuals. 

“SMBs and consumers are actually far more vulnerable to successful attacks, as they do not have the level of protection that larger enterprises have. As working from home and working from anywhere remain the paradigm for many across the data/analytics field, they [employees] will require data protection and security solutions that can also protect them wherever they are.”

-Surya Varanasi, chief technical officer, StorCentric

“The availability of personal information on the dark web continues to escalate, and phishing continues to be a significant issue to both consumers and businesses. Due to this increased access to personal data, campaigns conducted by cybercriminals designed to steal additional personal data, credentials or extract money from the victim are likely to become more personally targeted and sophisticated, potentially even using deep fake technology, making it harder for the recipient to identify real vs. malicious emails.”

-Tony Anscombe, chief security evangelist, ESET

"Although it's fun to speculate about deepfakes and AI and other fanciful things being used by cybercriminals (and maybe there will be some of this), for the most part, the bad guys fall back on tried-and-trusted techniques.

“If something works to con people into handing over their credentials, data, or money, why wouldn't they use the same trick over and over again?  This is why we still see phishing attacks and email attachment malware that use social engineering techniques to dupe the unwary years after they were first seen.

"The old tricks work.  Expect to see more and more exploitation through them."

-Graham Cluley, security expert at GrahamCluley.com

Social Media Safety Concerns

“Fears of disinformation and minimal online harassment moderation amongst major social media platforms like Twitter and Facebook have resulted in many longtime users looking for alternative options.

“Mastodon, Hive Social, and Post have all seen upticks in users, especially since Elon Musk’s acquisition of Twitter. But as these emerging social media platforms gain both traction and popularity, keeping users' information secure from cybercriminals will be as much of a challenge for them just as it is for the major tech giants. 

“As users begin to test out smaller, emerging networks, expect many social media platforms to begin incorporating cyber-safe protocols like multi-factor authentication and sophisticated password management. Not only will the platforms and users benefit from minimized risks of data breaches or cyber compromises, emerging platforms will be able to build trust with a new group of users who are prioritizing safe and sound information flow.”

-Lisa Plaggemier, executive director, National Cybersecurity Alliance

What Is Two-Factor Authentication?

Real Scams in Virtual Spaces

“We’re already seeing instances of identity theft and deep fake attacks in the current version of our digital world, in which bad actors prey on executives to make wire transfers of hundreds of thousands of dollars outside a company. What’s not to say there won’t be an uptick in similar scams inside the metaverse virtual reality?

“As we start to look ahead to 2023, businesses will need to be careful and considered in their approach to delivering this nascent technology. Dragging passwords into the metaverse is a recipe for breaches. But if we’re thoughtful about the controls put in place to identify users and deploy continual authentication—leveraging different factors such as biometrics and closely monitoring user behavior—it’ll help to alleviate those security concerns around the metaverse.” 

-Rick McElroy, principal cyber security strategist, VMware

Ransomware on the Rise

“Ransomware will remain a huge and relentlessly growing global threat to high-profile targets and individuals. There are likely a few reasons for this continuing trend. One is that today’s ransomware is attacking widely, rapidly, aggressively, and randomly—especially with ransomware as a service (RaaS) becoming increasingly prevalent, looking for any possible weakness in defense. The second is that small and medium-sized businesses do not typically have the technology or manpower as their enterprise counterparts.”

-Brian Dunagan, vice president of engineering, Retrospect

The Age of AI Is Upon Us

“Adversarial AI will go mainstream as the adoption of AI and machine learning models continues to take hold across various industries. In the coming year, we’re likely to see cyber adversaries using artificial intelligence and machine learning models to create attacks that can self-propagate across a network or exploit vectors in data sets used to model ML frameworks.

“First, AI algorithms can be trained on manipulated or fake data, known as ‘poisoned data,’ which can cause the AI to make incorrect decisions or take malicious actions. Additionally, attackers can create ‘adversarial examples,’ which are inputs designed to fool an AI system into making an incorrect decision. Another way that adversarial AI can be vulnerable to cyber attacks is through the use of AI algorithms to manipulate and deceive individuals. This could involve creating fake social media profiles or websites that appear legitimate but are actually designed to collect sensitive information or spread malware.

“Adversarial AI will also likely be used to enhance and continue existing attacks, such as disrupting critical infrastructures like power grids or transportation systems. The ability of AI algorithms to learn and adapt makes them particularly well-suited for this type of attack, and the potential consequences of such an attack could be devastating.”

-Lisa Plaggemier, executive director, National Cybersecurity Alliance (NCA)

Recommended by Our Editors

Ramp Up Your Cybersecurity With PCMag's Online Safety Checklist

ChatGPT: Is It Going to Take Your Job?

The Best Ransomware Protection for 2024

“I'm expecting to see completely automated malware campaigns, where malware gangs have built systems that automatically react when their attacks are blocked by security systems. This would mean that automation based on machine learning would rewrite malicious emails they send, register new malicious domain names, rewrite exploit code and add layers of obfuscation on top of malware binaries. Once this happens, we'll see that the only thing stopping a bad AI will be a good AI.

“I'm worried.”

-Mikko Hyppönen, chief research officer, WithSecure

2023: A Year to Fear?

As you can see, security experts find plenty to be concerned about next year, from adversarial AI to rising ransomware—with plenty of plain old phishing and identity theft, too. That said, some experts saw bright spots in consumers becoming more aware of both the threats and the value of their private data. Turning on multi-factor authentication wherever it's available will be a big help, and so will better password management. Finally, consumer and business engagement and education will be more important than ever in this world of exotic and familiar threats, and Security Watch and PCMag keep doing what they can to help.

Like what you're reading? Get an extra story delivered to your inbox weekly. Sign up for the SecurityWatch newsletter.

What Else Is Happening in the Security World This Week?

Feds Seize 48 Domains That Offered DDoS-for-Hire Attacks. The Justice Department has also charged six suspects for running the websites, which allowed customers to generate DDoS attacks to knock websites and users offline.

We Never Learn: One of Your Passwords Is Probably Password. NordPass' list of the year's most common passwords includes the usual suspects. These are the codes to avoid as you go into 2023.

FBI's InfraGard US Critical Infrastructure Intelligence Portal Hacked. A database containing the contact details of more than 80,000 high-profile private sector people is now up for sale on a cybercrime forum.

US Expected to Place Another 36 Chinese Companies on Entity List. Chinese memory maker Yangtze Memory Technologies is the only confirmed new entry.

Master Social Media Without Sacrificing Your Privacy. Posting on social media is all about communication, whether chatting among friends or broadcasting to the public. Just take care that you don't give away too much information.