2022 witnessed some major global events - intensified war in Ukraine, rising global prices, the energy crisis, the Olympic games and World Cup… All of us are trying to learn new things and gain experiences from big or small things happening around the world, especially in this digital age. No one can truly predict what 2023 will bring but here at AdSecure, we wanted to share with you some of our ad security and digital threat predictions for 2023.
The Impact of the economic recession on cyber attacks
When we talk about cyber attacks or malvertising and ad security threats, we are not talking about automated machines or software driving these attacks, we are talking about motivated and inventive human beings that will do whatever it takes to exploit victims for financial gain, especially when some parts of the world are experiencing an economic recession and energy crisis right now. We have already seen an increasing malvertising trend in the second half of this year, and in 2023, cyber criminals will continue to look for ways to develop new practices to keep their exploitative business models going. As highlighted in our in depth blog post: What is Malvertising? And how to stop it, cyber criminals have so many different tools at their disposal to exploit end users through digital advertising and compromise and security. With an economic crunch, there is less money available, which forces malvertising cyber criminals to look for even more inventive ways to earn revenues from poor unsuspecting end users which is why this is one of our digital threat predictions for 2023.
Insight: As we reported in September 2022, with the rise of global prices, AdSecure detecting more and more tech support scams as Malvertisers ramp up their activities. Now more than ever, Publishers should have full control over what ads are placed on their websites. A robust ad security and ad quality solution, like AdSecure, is imperative. Whether that is from the ad distribution network that the publisher is a client of or the publisher themselves, AdSecure can detect every form of malvertising to stop all malicious ad campaigns dead! Check out all our detections here.
Artificial intelligence (AI) will play an increasingly important role in cybersecurity
Next in our digital threat predictions for 2023 is the use and abuse of AI. The ad tech ecosystem has seen an increasing amount of ad security cyberattacks since the pandemic, and yet it has become more and more difficult for cybersecurity experts to predict what the next dangerous attacks will be and how to react to them. Here is where Artificial intelligence comes into play. AI is a technology that enables a machine to simulate human behavior, such as thinking like humans and mimicking human actions. The goal of using AI in cybersecurity is to use this technology to solve complex problems or recognize patterns that might indicate threats, and as AI can process massive amounts of data at once. According to a report by IBM ‘Cost of a data breach 2022: A million-dollar race to detect and respond’, organizations using AI and automation had a 74-day shorter breach lifecycle and saved an average of USD 3 million compared to those organizations without AI.
Unfortunately, like any other technology, AI in ad security can be a double-edged sword and become a useful tool for cybercriminals. Hackers use AI algorithms to identify system vulnerabilities of networks that contain valuable information or data. Machine learning can also be used to design large numbers of personalized scams or phishing emails to lure victims into submitting their financial information or personal details. What's more, they have ways to bypass the spam blockers or defense systems activated by users to stop phishing emails. Therefore, more and more companies will need to invest more in cybersecurity, especially AI solutions, to help counteract the ever-growing number of cybercriminals who are using AI as a weapon.
Insight: 2023 will see AI innovation expand from a focus on defense to proactive security and simulated attacks. A recent study by Acumen research predicted that by 2030 the market for AI cybersecurity products will reach nearly $133.8 billion, which is an 800% increase from the $14.9 billion spent in 2021.
Supply chain attacks
Up next in our digital threat predictions for 2023 are supply chain attacks. A supply chain attack is a type of cyber attack designed to disrupt or damage an organization by targeting less secure and vulnerable elements of the ad supply chain, compromising ad security. Malicious actors choose to exploit well-known and widely distributed open source vulnerabilities, such as Log4Shell. Infected software could then compromise customer data or IT systems.
A report from IBM Security found that at least 62% of organizations worldwide faced supply chain attacks this year. Kevin Kirkwood from LogRhythm, considers supply chain attacks to remain a major threat to users of open-source software:
“In 2023, we’ll see bad actors attack vulnerabilities in low-hanging open-source vendors with the intention of compromising the global supply chain that utilizes third-party code. Attackers will infect the open-source repositories and chromium stores with malicious code and will wait for developers and other end users to come along and pick up the new sources and plugins. Without a robust scanning program and a ‘curated zone’ for source code and plugins, companies will continue to be at risk.”
Insight: The monetary effects and reputation damage for an enterprise from a supply chain attack can be dramatic, therefore it is vital for organizations and business to identify and protect vulnerable resources, decrease the risk from developer endpoints, implement a Zero Trust Architecture (ZTA), and look for more proactive approaches to detect suspicious patterns or access.
Working from home continues to have security issues
The last of our digital threat predictions for 2023 is based around working from home. Before the COVID-19 pandemic, all employees were office-based so it wasn't so complicated for system experts to implement preventative security measures and regularly check and update employee's working laptops and smartphones to ensure they were free of spyware and malware. Today, employees that work in WFH-friendly industries are able to enjoy their freedom and flexibility, however, it has become more and more challenging for the system teams to implement new security policies for the remote workplace. In 2023, workers are more likely to connect to company networks with their unsecured personal devices, which can lead to employees unknowingly falling victim to malicious attacks, in which cyber criminals try to trick users into revealing their passwords.
Ensuring that employees are running the latest versions of antivirus software and other possible measures is no longer enough, when inadequate security practices in cloud-based computing make remote workers a hunting ground for threat actors. Phishing attacks and DDoS (Distributed Denial of Service) attacks will continue to be the top security issues for remote workers.
Insight: Communicating these challenges and helping remote employees understand them is more critical than ever because not all employees understand the protocols for securing their internet access and handling sensitive data. Ideally, IT teams should provide training that contains examples of common cyber attacks and best practices so the employees can learn and be prepared to defend their own Network.
One final thought
Profit is important to an enterprise, but in today's era of fierce competition, sustainable and long-term development is what businesses should value more. Companies that are committed to contributing to a safer digital ecosystem, ad security and delivering a high-quality user experience will be best positioned to excel in the digital economy we all live in. As more and more technological innovations continue to affect our daily online lives, all of us should be prepared to safeguard our online security and personal data safety.