The attack landscape predictions for this coming year are coming in. This time, cybercriminals are expected to up the ante making attacks like ransomware more sophisticated and effective. And the use of AI makes all attacks real wild cards. Organizations are in the spotlight preparing for this year's crop of improving cyberattacks and new regulations are playing a part. But they won’t stop the attacks, so keeping on top of the risks is your best bet.

CIRCIA Upfront

There's a new law affecting all organizations who are victims of cybercrime in the U.S. Due to take effect soon is a law known as CIRCIA, or the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Through required reporting, CIRCIA promotes transparency and accountability for businesses when cybercrimes occur. It also allows CISA (Cybersecurity and Infrastructure Security Agency) to identify attack trends and share that information with those benefiting from it. CISA can also use CIRCIA information to quickly help victims of attacks.

Generative AI, or GenAI (think ChatGPT), continues to grow. In particular, social engineering attacks benefit from its use. With a few key words, cybercriminals can plot pointed phishing attacks on a massive scale without displaying the usual red flags of phishing like poor spelling and grammar. Deepfakes and voice cloning are other GenAI areas ripe for the picking. Overall, GenAI will make phishing and other social engineering attacks more convincing.

Ransomware, the scourge of healthcare, education, businesses, and state and city services (to name a few), is all about cybercriminals getting ransom payments for critical data they've encrypted. Adding to this attack is double extortion against ransomware victims using their hijacked sensitive data. According to Verizon, ransomware was involved in 24% of all data breaches last year.

Hacking as a Business is booming. With Malware as a Service (MaaS) available to rent or buy on the dark web, hackers have all they need for their cyberattack goals. Attacks by aspiring hackers and their rented malware of choice have it easy with tutorials and step-by-step instructions. Also, "hired guns" are available to do your hacking for you. It's believed more threat groups will offer hacking as a service for the right price.

Cyber-education and Zero Trust are two practices businesses need more of this year. With 96% of malware delivered via email, employees of every level from bottom to top benefit from recurring cybersecurity awareness training. Zero trust for organizations means no one is trusted by default. Whether inside or outside an organization's network, as with employees and vendors, verification is required every step of the way with system interaction.

What you can do is always have your guard up for various attacks. Consider a zero-trust policy for yourself when it comes to providing sensitive information to anyone. Make sure the person on the other end of the phone is really who they claim to be and hold that information close until you’re sure. Pay attention to email and text messages, as well as visual voice messages. If you cannot be sure, double check. Keep all of your systems updated and install anti-virus/anti-malware software on every one of them.

Cybercrime predictions are a heads-up for what we can expect to see on the attack horizon. With AI and other hacking tools getting better every day, organizations need to prepare for the worst and hope for the best — it's a cybersecurity must-do this year.