Quokka 2023 Predictions
Quokka 2023 Predictions
December 6, 2022
Cybersecurity threats have never been greater and with the knowledge base of cybercriminals only expanding, cybersecurity experts must also continue to think outside of the box to beat them. Let’s take a look at some cybersecurity predictions for 2023 from our Quokka team.
Inflation and increased interest rates will continue to put pressure on both consumers and lenders. But these types of economic setbacks will spark innovation. Businesses and employees will work even harder to put the best products and hold the customer experience sacred.
—Dana Waldman, Chief Executive Officer
With threats on the rise, organizations will have to increase their cybersecurity investments in 2023. With the recent shift in remote work becoming the new normal, cybercriminals have found new ways to poke holes in a company’s network. We are going to see a shift in cyber investments with solutions that are more device-centric and personalized. This will include an increase in security spend on cyber-physical systems (CPS) and wearables.
—Angelos Stavrou, Founder and Chief Science Officer
Supply-chain attacks have proven to be a potent attack vector in the past and next year they will continue to proliferate. Mobile devices will be a greater target due to our smartphones being an extension of our personal and working lives, and these devices are no exception to supply-chain attacks as these attacks will cast a wide net over a captive user base. We will see an increase in cybercriminals using selective targeting by employing scrutinizing criteria in an attempt to limit the probability of detection. We will also see the presence of insecure debugging and engineering apps finding their way into Android vendor builds.
—Ryan Johnson, Senior Director of R&D
The need for comprehensive mobile security testing beyond market app vetting will increase. As publishers start to require MASVS compliance, developers will need to use more robust and comprehensive security testing services to assess compliance and harden their apps against attacks.
—Mohamed Elsabagh, Senior Director of R&D
We will see increased adoption of biometric authentication using our mobile devices on all major websites. This will replace passwords. Apple has already implemented this with PassKey, and Google is already building this as part of Android next year. This will make the need for better mobile hygiene even more relevant than ever.
—Nikos Kiourtis, VP of Engineering and Technology
In 2023, the trend toward digital transformation will continue to accelerate with new and innovative technologies. This will include improvement in wearables and 5G technology, which will enable more devices to run Android and iOS. Unfortunately, this will also increase the number of complex cyberthreats and malicious actors focusing on wearable technology, mobile devices and applications.
By 2023, government regulations requiring organizations to provide free and accessible consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP (source: Gartner). Next year, I predict that privacy will become a primary concern for the consumer and organizations will frantically try to comply with the new regulations. With the focus being on the consumer’s privacy, organizations will need to turn to new solutions and if not, it will lead to compliance actions against large corporations. In the next few years, we will see large organizations’ average annual budget for privacy continue to increase substantially, allowing a shift from compliance ethics to competitive differentiation.
I predict that cybercriminals will focus more on one-stop solutions apps. When compared to single-purpose apps, one-stop solution apps provide convenience for users but they also become a more attractive target for attackers since user data is further concentrated. This warrants additional scrutiny as the impact of a potential data breach grows. The complexity of providing the functionality in one-stop solution apps makes securing the software more challenging.
As Google continues to further lock down Android with every new release, cybercriminals will become more savvy and the attacks will become increasingly more sophisticated. We will see attackers targeting vulnerabilities below the application layer (e.g., supply chain vulnerabilities; vulnerabilities in pre-installed system apps and components; vulnerabilities in co-processors). This will result in an increased demand for cutting-edge, comprehensive, mobile security testing beyond market app vetting.
The rise of BYOD will be accompanied by an increase in malicious attacks that attempt to breach the workspace sandbox. This makes pre-installed apps with privileged access a more desirable target for privilege escalation attacks. Mobile OS developers will continue to make accommodative changes at the operating system level to facilitate the adoption of BYOD but with continued improvements and dedicated efforts by cybercriminals, there is a higher chance of a security gap. The balance of security and usability for BYOD will need to be carefully considered and properly implemented.