The global <a href="https://www.thenationalnews.com/business/technology/2022/09/30/cyber-threats-growing-across-sectors-with-22tn-in-debt-at-risk-moodys-says/" target="_blank">cyber security</a> market's size is expected to expand at a compound annual growth rate of 12 per cent from 2022 to 2030, from $184.93 billion last year, according to the US company Grand View Research. The growing number of <a href="https://www.thenationalnews.com/business/banking/2022/05/17/gcc-banks-minimise-cyber-risks-with-strong-investment-in-digital-security-sp-says/" target="_blank">cyber attacks</a> and the fast proliferation of online shopping platforms, increased adoption of cloud solutions and rapid expansion of smart machines and connected devices are some of the factors driving the market growth. As the <a href="https://www.thenationalnews.com/business/technology/2021/07/27/cyber-criminals-will-weaponise-operational-technology-environments-to-harm-humans-by-2025/" target="_blank">industry</a> evolves at a prolific pace,<i> The National</i> looks at the top 12 cyber security threats and trends of the year ahead. If you have ever seen the sci-fi movie “The 6th Day”, we are on the same path for having replicas of our digital selves. In 2023, deep fakes will become so authentic that not only will we see our digital identities being stolen, but also digital versions of our DNAs will be at risk, according to industry experts. Exposing our digital DNA on the internet will enable deep fakes to replicate and create digital humans. A deep fake is a human impersonation created with advanced technologies, including artificial intelligence and machine learning. Humans sync their physical lives on social media with constant uploads of photos, videos, audio and personal preferences with enough data points and some enhanced algorithms, said Joseph Carson, chief security scientist at California-based security firm Delinea. “It is only a matter of time before attackers can create lifelike digital avatars of anyone, and it will be incredibly difficult to identify the difference without sophisticated technology to analyse the source data,” Mr Carson said. Smart home and Internet of Thing (IoT) devices are increasingly being targeted by cyber criminals as the most vulnerable entry points to any home or business security network. The typical cyber attack moves from hacker to device, but 2023 may bring cyber offensives that jump between smart devices, including wearable devices, voice-controlled assistants, smartphones and temperature-control equipment at home, experts said. Factors such as extensive connectivity, widespread sharing of data among devices and reliance on weak security networks will rapidly orchestrate such attacks. The scope of threats related to supply chains has never been higher. Attackers now have more resources and tools at their disposal to disrupt supply chains that are crucial to maintain adequate supply of goods and services, especially during the pandemics such as Covid-19. The standard diligence and security assessments that chief security officers have performed on third parties are no longer adequate given the escalating frequency and impact of supply chain attacks, experts said. Regulations, such as the EU <a href="https://www.europarl.europa.eu/thinktank/en/document/EPRS_BRI(2021)689333" target="_blank">Network and Information Security</a> Directive 2.0, are forcing companies to conduct more frequent and dynamic assessments of their supply chain risk and to better control the access third parties have to their networks. Don’t let your camera’s viewfinder deceive you. The camera on the mobile devices is a powerful tool for documenting memories and daily lives. These cameras have been augmented with software algorithms to recognise AI tools to enhance the quality of pictures and videos. “In 2023, [we] expect to see the first of many exploits that challenge smart cameras and the technology embedded within to leverage vulnerabilities,” said Brian Chappell, chief security strategist at cyber security firm BeyondTrust for Europe, Middle East, Africa and Asia Pacific. “The technology may itself become exploitable for malware execution. This malicious behaviour … can obfuscate sensitive information, provide misinformation, embed malware or perform some other form of misdirection based on the content.” A QR code is a machine-readable code used for storing information for reading by a smart device. It is just like a digital business card that usually has various details such as phone number, email and home address. When you scan a compromised QR code, it could send your location coordinates to a geolocation-enabled application and can also automatically redirect you to a malicious website. With more organisations aiming to buy cyber insurance as a financial safety net to protect their businesses from serious financial exposure resulting from data breaches and ransomware attacks, the need to get a solid cyber strategy in place will be mandated to get insurance. “The days of cheap and easy are over,” said Mr Carson. As of the second quarter of 2022, the US cyber-insurance prices <a href="https://www.marsh.com/us/services/international-placement-services/insights/global_insurance_market_index.html">increased 79 per cent over the prior year</a>, according to Marsh global insurance market index. “The truth is, it is becoming downright difficult to obtain quality cyber insurance at a reasonable rate. In 2023, more businesses will face the stark realisation that they are <a href="https://www.beyondtrust.com/blog/entry/is-your-organization-still-cyber-insurable">not cyber insurable</a>,” said Mr Chappell. The growth of non-password-based primary authentication could finally spell the end of the personal password in 2023 and in the years to come, experts said. More applications, not just the operating system itself, will start using advanced non-password technologies, such as biometrics, either to authenticate directly or leverage biometric technology, like Microsoft Hello, Apple FaceID or TouchID, to authorise access. “Personal accounts are still commonly backed by passwords as the ultimate fallback, but the need to remember, retrieve and type passwords is going to dwindle rapidly as the technology to reliably recognise us improves,” Mr Chappell said. The use of ransomware has picked up pace and became more dangerous in 2022. It will continue its rapid rise next year and its variations will increase with the frequency of attacks. A <a href="https://www.cybereason.com/ransomware-the-true-cost-to-business-2022">recent report by security firm Cybereason</a> found that 73 per cent of organisations suffered at least one ransomware attack in 2022, compared with just 55 per cent in 2021. “With ransomware continuing to adapt with different enhancements, we must always be flexible to change,” Mr Carson said. As electric vehicles and autonomous technology aim to become mainstream, they also carry the threat of increased cyber attacks. Threat actors could disable vehicle’s display screens, entertainment, navigation, climate controls, and even the ability to call for help using the car’s system. This could be more dangerous when autonomous driving truly goes mainstream. “Expect to see everything from custom displays to malware using car resources for crypto mining. In the next decade, this will be a risk surface and viable commercial market no one should ignore,” said Morey J Haber, chief security officer<i><b> </b></i>at BeyondTrust for Europe, Middle East, Africa and Asia-Pacific. An increase in the number of cyber attacks on energy production and distribution networks will lead to power outages, fuel shortages and heating or cooling resource depletion. While a fault in any energy source can drive prices higher, the threat of an intentional disruption could leave people out in the cold or completely disrupt electronic transaction processing, said Mr Haber. “Threat actors recognise this weakness, and we should expect nation-states and opportunistic cyber-organised crime syndicates to refine their methods to target energy sectors.” In 2022, threat actors, such as Lapsus$, exposed the shortcomings of multi-factor authentication. The terms MFA bombing, MFA bypass, and MFA fatigue all leapt into the cyber security lexicon. In 2023, experts expect a new round of attack vectors that target and successfully bypass MFA strategies. Lapsus$ bypasses MFA framework using techniques such as spamming original account holders. This year, some of its victims included Microsoft, T-Mobile and Nvidia. Cyber criminals could weaponise operational technology environments to harm or kill humans, the Connecticut-based technology research and consulting company Gartner has said. The OT is a type of computing and communication system – including both hardware and software – that controls industrial operations, mainly focusing on the physical devices and processes they use. It is used to gather and analyse data in real time, which is further used to monitor a manufacturing unit or to control equipment. Various industries, such as telecoms and oil and gas, use OTs to ensure different devices work in co-ordination. "OT that once had a single function and purpose is now becoming smarter, leveraging commercial operating systems and applications to perform expanded missions. As these devices expand in scope, their design is susceptible to vulnerabilities and exploitation," Mr Chappell said.