Middle Eastern Cyber Security Trends for 2023 and Beyond

As 2022 winds down, 2023 looks set to be a transformative year for businesses across the Middle East. In light of the region’s rush to digitalization, Netskope has released its yearly threat forecasts and predicted trends in cyber-attacker behaviour, cloud security, and more.

Jonathan Mepsted, Vice President for the Middle East and Africa at Netskope, explained that the forecasts were gathered from various global and regional CIOs, CISOs, and CTOs. Some of these forecasts involve developments already covered this year, while others highlight technology and dynamics that may be new to the focus of Middle Eastern organizations in 2023.

The threat of Ransomware-as-a-Service and extortion groups will escalate further

Data encryption and thefts of private information are on the rise. In a developing pattern that is predicted to reach its peak in 2023, two contrasting extremes are observed. On one hand, there is the notorious Ransomware-as-a-Service (RaaS), where hackers concentrate on both data theft and encryption. On the other hand, extortion organizations like LAPSUS$ and RansomHouse break into businesses only to exfiltrate sensitive data without encrypting any files. Year 2023 is anticipated to be a year rife with attacks launched by RaaS and extortion gangs, with the latter likely stepping up their Extortion-as-a-Service (ExaaS) model.

Organizations will place more emphasis on software supply chain security

Software supply chain threats have significantly increased during the past few years. This type of attack is expected to become more common as more flaws in application source code, especially in open source software, are found. This demonstrates the necessity for businesses to improve their software supply chain security policies and tactics.

The “quantum” world of the future

In 2023, businesses will begin to be ready for a quantum world. As quantum-resistant algorithms were available with accompanying standards and guidelines in 2022, businesses were prompted to consider issues like post-quantum cryptography. Even though it’s a while off, regulatory agencies like NIST and ENISA are advising businesses to start their programs right away to make sure they’re ready.

The “industrial metaverse” will start to change people’s perspectives

In 2023, the way the “industrial metaverse” is viewed will start to change. A greater acceptance of its core components will be explored—the digital shop floor (sometimes referred to as a “digital twin” by some) combined with supply chain automation and optimization using AI/ML models—rather than its perception as something esoteric, bringing new cybersecurity challenges with it. And with this fresh perspective on the industrial metaverse, there is a chance to spearhead a significant technology revolution as a corporate change project.

To avoid Multi-Factor Authentication (MFA), phishing activities will become more sophisticated

Phishing is a form of social engineering. You need to find someone who isn’t paying attention and convince them that you are who you say you are. Then, they should either give you their password or allow you to access their accounts in another way. Multi-Factor Authentication (MFA), which has long been promoted as a “solution” to the phishing issue, actually compels attackers to switch up their strategies. With easy-to-use reverse proxy phishing tools and ways to abuse OAuth workflows to get around MFA and get direct access to cloud apps, we expect targeted phishing attacks to get smarter to get around MFA.