The Top Security and Investigation Risks and Threats of 2023
Entering 2023, security leaders are reviewing data from 2022 and looking at the year ahead to identify possible threats and risks on the horizon that could lead to crisis situations for their organizations.
It’s no secret that the world of security is always in a state of flux. From the ongoing threat of cyber attacks to the proliferation of new fraud schemes and the rise of deepfake technology, it’s essential for OSINT professionals to be informed about evolving risks and stay one step ahead of malicious actors. That’s why Skopenow has broken down the top security and investigation risks and threats that we predict will impact organizations in the coming year.
Read on to learn more about the latest trends and potential threats in the areas of cyber security, fraud, and AI-enabled crime among others. You’ll also find tips to minimize risk and prepare your organization for these challenges.
Recession-Related Crime Spike
Following the COVID-19 pandemic and the war in Ukraine, economies are slowing down. Inflation had a significant global impact in 2022 and the ripple effects of that are likely to be seen in 2023; the world might very well be on the verge of a recession. When facing heightened financial pressures like increased fuel costs, high inflation, stagnant wages, and reduced purchasing power, more people turn to crime.
In a recession, the types of crime that tend to increase are those that offer a financial reward for perpetrators, such as fraud. During the 1980, 1990, and 2008 recessions, fraud offenses increased between 5% and 10%—and these numbers were dwarfed by the 20% jump during the 2008-2009 financial crisis. Security teams must be prepared for the likely increase in external fraud and insider threats led by market volatility and financial stress. (Learn more about crime trends during a recession.)
Reduced Security Budgets
A combination of geopolitics, inflation, increased energy costs, supply chain issues, and the threat of recession has raised costs for businesses and created worry among C-suite executives looking to tighten their belts. With many organizations also expecting consumer demand to decrease in the possible recession, money is on everyone's mind. Security leaders will presumably be asked to do more with less and find themselves with a smaller budget to manage the probable increase in crime and security incidents. To tackle this conundrum, security leaders will likely seek efficiencies through automation technology and invest in the most effective tools to maximize ROI and enable their teams to scale their efforts without significant increases in personnel.
Deepfakes are an emerging technology where a person’s likeness replaces another’s in existing media to create synthetic videos, photos, or audio. The goal is to convincingly simulate the subject of the media as another person. (You may remember a deepfake Tom Cruise went viral on TikTok in 2021.)
Deepfakes can be used by fraudsters to support a range of scams, such as identity theft and imposter scams. While the majority of deepfake videos created at this time have telltale signs that identify the media is manipulated, the technology is advancing at pace and will soon be indistinguishable from real media. With the rise of image- and video-based social media like Instagram, TikTok, and Snapchat, many individuals are posting enough photos and videos to support the creation of a deepfake. Few organizations have taken any action to prepare against the risk of deepfakes. However, security teams should begin preparations to ensure they can detect deepfakes and handle the media fallout of failure to detect them.
The Emergence of AI-Enabled Crimes
In late 2022, the AI chatbot system ChatGPT was released for public usage. When provided with prompts or asked basic questions, ChatGPT gives users answers composed of information harvested from the internet. ChatGPT can do both simple tasks, like explaining a topic, and more complex tasks, like writing blog posts and essays or creating code. One example of the potential for the misuse of AI recently gained the public’s attention when artists complained that an author used a text-to-image AI tool called Midjourney to create images for an AI-generated children’s book. Because Midjourney is trained on images and artwork pulled from the internet, and artists have not consented to having their content used for training, a question arises: should the content owners be compensated?
With AI tools essentially scraping the internet to provide answers, the content produced and owned by your organization could be used to create new content that competitors may publish. Another potential risk is that employees may, without company permission, begin to automate their tasks through AI tools without taking on other tasks to compensate for their new efficiency, thereby gaming the system to keep their salary for a much smaller workload. Organizations will need to monitor the surface web for the misuse of company content and scale internal investigations to include those leveraging AI to commit fraud or other crimes against the business.
Phishing attacks soared in 2022. Organizations experienced a 61% increase in the rate of phishing attacks over a six-month period during 2022 (255 million attacks) when compared to the same period in 2021. It’s likely this trend will continue into 2023 and organizations will continue to see a rise (or at least a continuation) in phishing attacks as economic hardship causes more people to be willing to turn to crime for financial gain. Security teams, particularly those at financial institutions and online retailers, must be prepared to identify fraudsters and prepare evidential material against them to support disruption.
Increased Risk of Damage to Brands' Reputations
Born between the mid-1990s and the early 2010s, Generation Z grew up in a world connected through the internet. Now adults, Gen Z are active political actors who quickly organize online to influence opinion and public policy through social media. Reputational damage is a significant threat to organizations, as they may become the target of online actors due to issues like inappropriate language usage by employees, social justice issues, environmental concerns, or misinformation campaigns by competitors. One inappropriate tweet from a CEO, employee, or client can go viral and ruin the reputation of a company. Similarly, negative reviews from disgruntled customers can be easily communicated and gain public traction on platforms like TikTok. Security teams should be monitoring brand mentions on social media to detect negative discourse about their organization.
Reduced Security Labor Force
The 75 million-strong Baby Boomer population is at retirement age, and many workers’ retirement plans were hastened by the COVID-19 pandemic. This left little time for succession planning to be implemented. The next line of workers, Generation X, is a much smaller population at only 50 million individuals, meaning many of the Baby Boomer vacancies will be unfilled. With the less experienced 85 million-strong Millennials and Generation Z worker populations left to fill the gaps, there is a strong possibility of knowledge gaps in the security process. Significant investment in recruitment, retainment, training, and technology will be required to ensure security teams can continue to manage their existing workload.
Increased Impact of Organized Crime
With living costs increasing and households feeling the financial pressure, crime, particularly fraud, will become even more prolific. More individuals will rely on criminals involved in money lending and loan sharking, while others turn to illicit acts to pay their bills. These workers will be recruited by organized criminal groups to facilitate crimes from insider positions. The escalation of fraud and money-related crimes will drive a growing need to identify and find connections between individuals linked to organized crime groups. We predict that in 2023, security teams will identify a heightened need for real-time risk analysis in crime and security incidents and increasingly rely on automation tools to fuel the process.
Escalating Geopolitical Conflict
Global instability can impact any organization, affecting employees, supply chains, and investment. In 2023, Russia, China, and Iran will be watched closely by security teams around the world.
Struggling in Ukraine and facing continued sanctions, Russia will likely become more isolated from the West, increasingly taking rogue actions that pose a serious risk to Europe and the U.S. With reduced economic and military power, Russia will likely focus on more diminutive acts like cyberattacks and election interference.
The impact of poor decision-making during Covid and political discontent have disrupted China. Xi Jinping, who is preoccupied with nationalist policy, may be losing his grip on the country while facing increased pressures from the West and close neighbors like Taiwan and Hong Kong.
As 2022 ends, Iran finds itself in a very difficult geopolitical position, encountering continued anti-government protests and political pressure. Iran is collaborating with Russia, supplying weapons, while experiencing significant internal discontent due to human rights issues, influenced heavily by the requirement for women to wear a hijab.
Throughout 2023, security teams will need to monitor intelligence relating to Russia, China, and Iran to identify possible impacts on their organization. Situational awareness tools will likely play a significant role in providing timely and reliable intelligence to inform decision-making.
The Likely Red Herring
In late 2022, the crypto exchange FTX collapsed, a topic Skopenow recently covered. Cryptocurrencies have long been used by criminals to launder funds, pay for illicit goods and services, and support fraud. The criminal use of cryptocurrency and NFTs is likely to continue into the new year, however, 2023 will likely see increased efforts to combat existing flaws in the crypto industry. Following the FTX debacle, governments will likely be taking proactive measures to implement regulations and security protocols to control cryptocurrencies, such as the Lummis-Gillibrand bill and the Markets in Crypto Assets bill, which should help reduce scams and criminal misuse.
2023 is shaping up to be a year of significant security and investigative challenges. Global issues and cybercrime continue to be major concerns, with an increase in attacks targeting the remote workforce, and deepfake and AI technologies present new risks related to verification and authentication. It’s crucial for those in the OSINT community to be plugged into these and other emerging trends, and to develop strategies to mitigate threats.
Want to learn more about how Skopenow optimizes OSINT in any due diligence, investigation, or research workflow? Request a demo and free trial today at www.skopenow.com/try.