AHMORE BURGER-SMIDT: Personal data privacy nightmare ahead in 2023

Have you stopped to take note of the cybercrime predictions for 2023? Without a doubt technology is an enabler that presents efficiencies, both in terms of lower costs and saving time. Cloud solutions have introduced advantages beyond imagination and scalability. Importantly, it enables enhanced cybersecurity. 

We have created a cyber world for our businesses and our personal lives, but this has introduced a downside. In the digital era that’s cybercrime. Unfortunately, as a result of our shift online to conduct business every day, cybercriminals are focused on devising schemes to take advantage of flaws in data storage, personal information protection mechanisms and encryption.

Phishing scams hit a record in 2022 amid global cyberattacks, data breaches and crypto heists. Not only that, but it was also  a year during which we noted a rise in hacktivism cases where state-sponsored cyber legions disrupted critical infrastructure and services, defaced websites, launched distributed denial-of-service (DDoS) attacks and stole information.

The financial damage is growing, too. In 2022, the average cost of an attack reached $4.35m — up 2.6% on the previous year, according to IBM’s Cost of a Data Breach report. It is said that the global annual cost of cybercrime will reach $8-trillion in 2023.

So, what is the biggest problem that businesses and individuals face? It is estimated that 80% of reported cybercrimes are attributed to phishing attacks in the technology sector. Phishing attacks have become the second-most common reason for data breaches.

Business email compromise (BEC) phishing scams are one of the tools most often used by cybercriminals. In addition, now that crypto is ever present Cybersecurity Ventures predicts crypto crime will cost the world $30bn annually by 2025.

Software as a Service (SaaS) is not new. But adoption is still growing every year. Experts believe cyberattackers will increasingly target the SaaS APIs enterprises use to connect critical data and services. This means 2023 will most likely introduce targeted attacks on top-tier cloud providers. 

The dark web, being the marketplace where cybercriminals go to sell data including personal information, is estimated to grow rapidly. Cybercrime is flourishing, partly due to the ease which cybercriminals can sell and profit from their illicit gains.

Advertising and selling victims’ data will logically rise in 2023. The most valuable personal information happens to be healthcare information, and this can cause irreparable damage to the lives of individuals.

Consumers embrace new technology partly because it makes their daily comings and goings that much more convenient. There are billions of devices connected to the internet and attackers have a huge number of (often not well-secured) connections to target. The unsecured connections are open doors inviting cybercriminal in.

What might make this worse in 2023 is the proliferation of Internet of Things (IoT) devices lurking in the shadows of a business' IT environment, such as software applications and services being used by employees without explicit IT department approval.

We should expect that cybercriminals will continue to find more innovative ways to evade endpoint detection & response (EDR) security solutions. Therefore, technology that monitors end-user devices to detect ransomware and malware will be vulnerable. Security watchers say criminals have developed many EDR evasion techniques. They expect to see these tools to be sold widely on the dark web in 2023. 

Cyberattacks are not a question of “if”, but “when”.

Unusual activity

The only way organisations can stop an attack or reduce its impact is by identifying unusual activity across their entire ecosystem of users, applications and infrastructure. Gartner predicts that the demand for cloud-based detection and response solutions will significantly increase in the coming years.

Governments around the world are stepping up efforts to protect the data privacy of citizens. Gartner has stated that in 2023 “65% of the world’s population will have personal data covered under modern privacy regulations, up from 10% in 2020”. And, without doubt, cybercriminals will evolve as well.

The end of 2022 marked about a year-and-a-half since the Protection of Personal Information Act (Popia) came into effect in SA. Implementation has been slow, staggered and — encouragingly — steadfast. We should expect enforcement to lift off during 2023.

The protection of the most valuable asset of any business — personal information — should be top of mind for every executive team, and item number one on the risk register. We should treat personal electronic data with great care and respect. It is long-lasting and once it is in the wrong hands it can dangerous and there’s no getting it back. 

• Burger-Smidt is head of regulatory practice at Werksmans Attorneys.