Specific Criticism of CVSS4
Marc Ruef
As we do every year, we would like to end 2022 with a forecast for the coming year 2023. The following are just those topics that we believe will manifest themselves or even develop further. Regardless: Stay healthy!
The consistent growth of successful ransomware attacks has continued into 2022. As a result, it can now no longer be denied that this will remain the greatest risk for companies and private individuals. Accordingly, an increase can be expected to take place in 2023 as well. It remains too easy and too successful for criminals to implement this business model. Industry, business and the authorities will come under increasing pressure and will have to deal with the problem consistently at both the technical and legal levels.
The business model of ransomware has consistently become more professional in recent years. Statistical figures on successful infections, forced payments and leaks clearly show this. In the process, the concept of triple exortion will increase and be cultivated. On the one hand, data is encrypted in order to have it ransomed. If this is not done, for example because a backup is available, an unwelcome release of data is promised. In the case of triple exortion, the threat is then also made that the affected customers will be blackmailed. This is a very real problem, especially in the case of sensitive data, such as in the health or financial sectors. The number of these cases will increase consistently.
Chatbots are nothing new. However, the quality achieved with ChatGPT is second to none. The product is able to very concretely understand the needs of its counterpart, respond to them, answer questions and write texts. This will immediately pose a problem for various professional fields. On the one hand, the writing professions, such as journalists, who will be replaced sooner or later, especially for simpler transcripts. On the other hand schools, which now suddenly have to be able to recognize fabricated homework and essays as such in order to prevent cheating.
The end of 2022 was marked by the possibilities for creating images using artificial intelligence. However, the first promising attempts are now already taking place in the video sector. By formulating scenes, entire video sequences can be created fully automatically. At the moment, these still look highly artificial and can therefore quickly be recognized as a fictitious product. However, the quality of these will increase greatly, so that consistent improvements can be expected in the next one to two years.
Data protection laws have become more important in the Internet age. This has been established in Europe primarily through the European Union’s General Data Protection Regulation (GDPR). The legislators of the individual countries, especially outside of Europe, are now striving for adequate regulatory requirements in dealing with personal data. This presents internationally operating companies with the challenge of having to deal with the fragmented legal framework of individual states or regions. Particularly in highly regulated areas such as the financial sector, certain requirements will torpedo the economic viability of individual business models, leading to the partial withdrawal of individual institutions.
The takeover of Twitter by Elon Musk and his curious decisions have shown how problematic and fragile social networks are. Statistics prove that an exodus has taken place, from which Mastodon was able to profit in the first place. Users are now realizing that the construct that has been built up over years should be taken with a grain of salt. An increase in skepticism will lead to a temporary loss of users and the rise of decentralized alternatives. It is doubtful, however, that user behavior will adapt in the long term.
Although our analyses of the conflict in Ukraine have shown that cyberspace played only a minor role for Russia during the hostilities, politically motivated incidents in the cyber domain will increase. Governments will increasingly discover for themselves the new possibilities and be willing to take greater risks. This will lead to more tension in international relations. This, in turn, will have to increase the willingness of individual states to talk in order to be able to agree on a consensual approach – especially with regard to actions below the threshold of war.
Networking does not stop at everyday infrastructure. Basic needs such as communication, transportation, water and electricity supply are no longer conceivable without the Internet. This dependency introduces more fragility to our society. Accordingly, these components become worthwhile targets for cybercriminals and state actors seeking to advance their interests through targeted disruption. That there is a high need for protection here has been realized in recent years. This must not be given in any way, because critical infrastructure must be protected consistently and sustainably.
The topic Cyber Threat Intelligence could establish itself in the cybersecurity field. It has been realized that it is possible to anticipate imminent threats with skilful early detection. Until now, however, reliance has been placed primarily on validated indicators. These include, for example, IP addresses and host names of systems that have been used for attacks in the past. However, the trend will be to build additional predictive indicators with the help of Big Data and Artificial Intelligence. So there will have to be less and less talk about IOC (Indicator of Compromise) and more talk about IOB (Indicator of Behavior) instead. Only in this way will it really be possible to stay one step ahead.
Our experts will get in contact with you!
Marc Ruef
Marc Ruef
Marc Ruef
Marc Ruef
Our experts will get in contact with you!