Top cyber security threats in 2023

From the evolution of AI to an increase in targeted ransomware, the year ahead presents major challenges for Australian businesses. --30 January 2023

Heading into 2023, new cyber risks are developing every day and existing threats are evolving at an unprecedented pace.

The paradigm shift in the culture of work caused more cyber security headaches and created more opportunities for cybercriminals to infiltrate systems.

With the growing use of digital technologies and systems, cyber security is on top of the agenda in 2023 for organisations as well as individuals.

Evolution of AI in cyber attacks

The growth of AI is creating new opportunities for cyber attacks and alliances among threat groups. As a result, organisations increasingly face more significant challenges in taking proactive cyber security measures, according to My Business General Manager of Products, Phil Parisis.

With the advent of AI-powered products and services, more and more people are interacting with AI and becoming familiar with the technology.

For example, ChatGPT, an advanced natural language processing (NLP) model developed by OpenAI, has seen a significant increase in engagement since its release to the general public – marking a major inflection point in the growth of AI-based platforms but also increased dangers to cyber security.

“ChatGPT is excellent at replying to any content query, such as emails and essays,” Mr Parisis said.

“They are writing some seriously good emails that can trigger these cyber attacks and easily trick people.”

This is also especially applicable when paired with an attack method called business email compromise, or BEC.

With BEC, attackers use a template to generate a deceptive email that tricks a recipient into providing the attacker with the information or asset they want.

“Security tools are often employed to detect BEC attacks, but with the help of ChatGPT, attackers could potentially have unique content for each email generated for them with the help of AI, making these attacks harder to detect,” Mr Parisis said.

“Similarly, writing phishing emails may become easier without any of the typos or unique formats that today are often critical to differentiate these attacks from legitimate emails.”

Ransomware challenges

Ransomware will also continue to stay in the headlines in 2023. Ransomware groups are also growing even more lucrative and powerful by selling ransomware as a service.

With the distinct possibility of a global recession on the horizon, it is expected to see ransomware attacks spike in 2023, according to Mr Parisis.

Ransomware attackers are also becoming more sophisticated in their phishing exploits through machine learning and more coordinated sharing on the dark web.

“Cyber hacking as a service or ransomware as a service will continue to rise,” Mr Parisis said.

“I think these services will grow, which will be consolidated into one system and be dominated by a very strong, integrated cybercriminal network.

“We expect to see more ransomware attacks on organisations that are not cyber secure in the near term.”

Attacks on the health sector

Cyber threats are on the rise in the healthcare sector. The critical nature of healthcare services, combined with the shift to virtual care and relatively low levels of cyber controls in the sector, makes these organisations a prime target for cybercriminals, Mr Parisis explained.

Large batches of data (containing names, birth dates, patient numbers, policy numbers, diagnosis codes, billing information, etc.) are becoming increasingly valuable to exploit for attackers.

Mr Parisis said cybercriminals were increasingly targeting the healthcare sector and, at the same time, expanding their operations and increasing the sophistication of their tools, techniques and procedures, generating more revenue, and enabling further attacks.

“Health is always a concern but now it’s not just large health providers, but smaller ones like GP clinics and pathology centres that are at risk,” Mr Parisis said.

“They’re going to ask for ransoms and target people directly. Even though it starts up as a business problem, it’s going to lead down to a client-profile patient problem around healthcare specifically.”

Securing defences

With the current landscape seeing growth in the scale of cyber threats, in 2023, expect the spotlight to add pressure to businesses that have underinvested in security.

Mr Parisis said with rising challenges threatening more businesses and individuals, it always comes down to the need for more education and training.

The new year can become a time of renewal as businesses plan for resiliency in the face of ever-present cyber attacks.

Effective security awareness training helps employees understand proper cyber protocols, and the security risks associated with their actions and identify cyber attacks they may encounter via email and the web.

Security awareness training also helps to minimise risk, thus preventing the loss of money or brand reputation. An effective awareness training program addresses the cyber security mistakes that employees may make when using email, the web, and in the physical world.

“Australia is a rich country and it’s an easy way for attackers to make a lot of easy money,” Mr Parisis warned.

“Unfortunately, there are so many businesses that can easily be affected and the government can’t keep up and help every business around. This makes it more important for businesses to be resilient themselves so they can deal with any future risks.”

How we help

Need help protecting your business? My Business Cyber offers a complete solution to test, train and measure awareness, reducing the risk of human error. Protect your business from cyber scams and attacks with automated staff training, phishing simulations, tools, and resources.