How will the cybersecurity threat landscape will continue to become more sophisticated throughout 2023. To understand what likely to come for cybersecurity in the year ahead, Digital Journal contacted Terry Olaes, Senior Technical Director at Skybox Security.
Olaes predicts that, within the U.S., cybersecurity directives from the federal government will lead to a rise in threat actor activity against federal agencies. In particular, the threat of spear phishing will be further complicated by the rise of fake LinkedIn profiles. Spear phishing is a phishing method that targets specific individuals or groups within an organization.
It is also likely that threat actors will leverage novel programming languages to become untraceable. As to the main area of attack, it appears that a growing target will be the retail industry as organizations gear up for the Payment Card Industry Data Security Standard (PCI DSS 4.0). This standard is intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information.
Terry Olaes, Senior Technical Director at Skybox Security
A growing target on the retail industry as organizations gear up for PCI DSS 4.0
Olaes sees the advent of this new regulation as both an opportunity to strengthen security and a vulnerability: “Much like changing regulations for government agencies, retailers are preparing to navigate a new standard: the Payment Card Industry Data Security Standard (PCI DSS) 4.0. Effective in 2024, this new standard will impact all organizations that store, transmit or process cardholder data and sensitive authentication data. The new standard allows organizations to customize their approach to proving compliance with each PCI DSS security requirement.”
While the standard looks good, it hides some issues as Olaes notes: “If organizations take this direction, there are growing opportunities for threat actors to exploit retailers who may have taken non-standard routes to achieve compliance. Additionally, the long lead time to implement these regulations gives attackers more opportunity to use those requirements as a blueprint to breach retailers before they have time to implement changes to their cybersecurity strategy.”
Threat actors will leverage novel programming languages to become untraceable.
The second issues that Olaes calls out is in relation to more sophisticated coding on the part of malicious actors. Here Olaes finds: “Instead of using common programming languages like Python, threat actors will begin leveraging languages like Rust that cybersecurity tools aren’t designed to catch, causing attacks to go undetected. Some organizations today continue to neglect to implement cybersecurity basics that detect and prevent basic attacks, let alone attacks built on uncommon languages.”
