Dubai, UAE – 28 November 2022– With 2022 coming to an end, 2023 is set to feature an astonishing landscape of change for organisations across the Middle East. In light of the region’s race towards digitalization, Netskope, the leader in Secure Access Services Edge (SASE), has revealed its annual threat predictions and anticipated trends in cyberattacker behaviour, cloud security, and more.

Jonathan Mepsted, VP for Middle East and Africa at Netskope explained; “Similar to how we have done this in years past, we have sourced these predictions from across our team of internal experts; our global and regional CIOs, CISOs, CTOs and the specialists in our Threat Labs. Some of these predictions touch on topics that you may have seen discussed this year, considering how they will evolve, while others feature technologies and dynamics that may be completely new on the radar of Middle Eastern organisations for 2023.”

The threat of Ransomware-as-a-Service and extortion groups will continue to intensify

Attacks involving data encryption and theft of confidential information are on the rise. There is a growing trend that we believe will intensify in 2023, where we have two extremes. On one side, we have the infamous Ransomware-as-a-Service, in which attackers focus on both encryption and theft of sensitive data. On the other side, we have extortion groups, like LAPSUS$ and RansomHouse, which breach companies only to exfiltrate sensitive data, without encrypting any files. We believe 2023 will be filled with attacks sourced from RaaS groups and from extortion groups, perhaps even intensifying an Extortion-as-a-Service model. Gustavo Palazolo, Staff Threat Research Engineer

Software supply chain security will be a bigger focus for organizations

There has been a significant increase in software supply chain attacks in recent years. As we discover more vulnerabilities in application source code, especially among open source software, we expect this type of attack to continue growing. This calls to attention a need for organizations to strengthen their measures and strategies for software supply chain security. Clive Fuentebella, Threat Research Engineer

The world of tomorrow is a “quantum” one

Organizations will start to prepare for a quantum world in 2023. During 2022, guidelines and standards were made available for quantum-resistant algorithms, and this means organizations need to start thinking about things like post-quantum cryptography challenges. While it’s a way off, regulatory groups like NIST and ENISA are urging organizations to start their programs now to make sure they are prepared. Neil Thacker, CISO, EMEA

Attitudes toward the “industrial metaverse” will begin to shift

Our collective attitudes towards the “industrial metaverse” will begin to shift in 2023. Instead of being seen as something esoteric, we will see wider recognition that its key components—the digital shop floor (used interchangeably as a “digital twin” by some) in combination with supply chain automation and optimisation through AI/ML models—are real and relevant, bringing new cybersecurity challenges with it. And with this new attitude toward the industrial metaverse comes the opportunity to drive a deep technological shift as a business change initiative. Ilona Simpson, Chief Information Officer, EMEA

Phishing operations will increase in sophistication to bypass MFA

Phishing is a social engineering technique. You need to find someone with their guard down and convince them that you are legitimate, and they should either give you their password or otherwise authorize you to access their accounts. Multi-Factor Authentication (MFA) has long been touted as a “solution” to the phishing problem, but what it really does is force attackers to change tactics. Between easy-to-deploy reverse proxy phishing tools and techniques for abusing OAuth workflows to sidestep MFA and gain direct access to cloud apps, we expect to see an increase in sophistication in targeted phishing attacks to bypass MFA. Ray Canzanese, Director, Threat Research