Making cybersecurity predictions is easy (“Cybercriminals will become more inventive”). Making actionable ones for IT security leaders is much harder. We’ve assembled what we hope is a useful list of predictions from cybersecurity vendors – people who know what threat actors talk about on dark web forums, as well as the strengths and weaknesses of their customers’ IT infrastructures.
There’s no promise that all/most/some of these predictions will come true. The bottom line is, there will be no let-up in attacks. So this advice from Dave Orban, senior manager of product marketing of Commvault is vital:
“Prepare — and be recovery-ready. Your approach needs to be proactive and multi-pronged. Assess your risks and mitigate them upfront; protect your assets and harden your infrastructure; continuously monitor to identify possible threats; respond rapidly; and recover and restore as quickly as possible to minimize business disruption.”
And here, according to vendor experts, are some of the things they think we must be prepared for.
Jon France, CISO at (ISC)²
— Demand for cyber insurance is going to increase, but it’s going to become harder to get. In Q1 2022 alone, premiums for cyber insurance rose nearly 28 per cent compared with Q4 2021. This is largely due to heightened awareness of the financial and reputational risks of cyber incidents such as ransomware attacks, data breaches, vulnerability exploitation and more. At the same time, underwriters are also making requirements for obtaining cyber insurance much more strict, requiring things like two-factor authentication and the adoption of specific technologies like EDR, XDR and more. In fact, these documents used to be two-page questionnaires…now they’re full audits and 12+ pages long. So, increasing cyber insurance premiums and stricter requirements to obtain insurance will be interesting hurdles to watch in 2023.
On the flip side, we will likely also see an increase in demand stemming from the rising incidence of supply chain issues. Because of these issues, companies will likely start requiring more and more that any vendor or third party they work with must have cyber insurance. As we’re already starting to see, with geopolitical issues spilling out across borders, in addition to the cyber threats companies are constantly facing, companies are going to prioritize protecting their most critical assets (including their reputations). In 2023, demand for cyber insurance will continue to increase, as will prices and requirements for obtaining these policies.
Also in 2023, industries will continue to underestimate the importance of securing OT infrastructure. Securing these systems doesn’t mean forcing “new” technology onto the systems – it’s not about zero trust or having more regulations or more patching requirements. It’s about increasing visibility into assets, implementing mitigating controls, and building resiliency plans so that if the worst comes, downtime and impact can be mitigated. In 2023, we’re likely to see the industry continue to misconceive what is needed to secure these systems, and we’ll likely see a major attack on critical infrastructure because of it.
Tyler Moffitt, senior security analyst, OpenText Security Solutions
— Small and medium-sized businesses (SMBs) will need to do more with less, and cyber resiliency will be more important than ever. Cybercriminals will increase ransomware attacks on SMBs as prime targets in the wake of heightened geopolitical tensions, such as the war in Ukraine, and rising inflation in the U.S. This will force SMBs to do more with less, while already having smaller cybersecurity teams and budgets to defend against attacks, and it will make cyber resiliency more important than ever. Our recent SMB survey found that 52 per cent of respondents felt more at risk of a ransomware attack due to heightened geopolitical tensions, and 57 per cent were also concerned about their security budgets shrinking due to inflation.
John Fokker, head of threat intelligence, Trellix
— Teens and young adults will engage at increasing levels in cybercrime – everything from large-scale attacks on enterprises and governments to low-level crimes that target family, friends, peers, and strangers. Attacks against Windows domains will scale. More domain privilege escalation vulnerabilities will be discovered, as well as more real-world attacks against Microsoft Windows with the explicit goal of complete network takeover. As groups of loosely organized individuals fueled by propaganda align for a common cause, they will ramp up their use of cyber tools to voice their anger and cause disruption across the globe.
Charles Henderson, global managing partner and head of IBM Security X-Force
— Cybercriminals look for organizations or industries teetering at the edge and then make their move to tip them over. Last year, we saw that with manufacturing — a strained industry viewed as the backbone of supply chains. With the distinct possibility of a global recession on the horizon, we expect to see ransomware attacks spike in 2023. However, larger organizations in regions heavily impacted during the ransomware boom are the most prepared for this wave, after investing time and money in fighting back.
Kevin Bocek, VP of security strategy and threat intelligence at Venafi
— The ransomware cash cow may stop mooing in 2023, forcing hackers to pivot to other revenue generators – like selling stolen machine identities. We’ve already seen a high price for code signing machine identities on dark web markets, and groups like Lapsus$ regularly use them to launch devastating attacks such as the Lapsus$ theft of data from Nvidia. Their value will only increase this coming year. In addition, nation-state attacks will become more feral as ground war tactics become more untamed and unpredictable, bringing the cyber and physical worlds into a collision course. These will have the potential to spill over into other nations, as Russia becomes more daring, trying to win the war by any means – and could be used as a distraction to target other nations with cyberattacks.
Chip Gibbons, CISO at Thrive
— Business Email Compromise (BEC) will continue to be a top attack method from cyber attackers, and the easiest way into an organization. With the increase in zero-day attacks, people are going to be looking at reducing their externally available footprint. Multifactor authentication (MFA) will be ubiquitous and nothing should be externally available without it.
Avihay Cohen, CTO and co-founder of Seraphic Security
— The browser, the gateway to an organization’s endpoint, becomes the main target for threat actors. Browsers power just about everything we do and are undoubtedly the most used applications, especially as more applications like CRM tools migrate from native applications to existing fully in the browser. Because so much of our daily work and personal activities live in the browser, it’s the perfect gateway for threat actors to reach an organization’s core. As browsers become more complex with new features and uses, threat actors will heavily target browser bugs and vulnerabilities in 2023 to breach organizations and access sensitive data.
George Gerchow, CSO and SVP of IT, Sumo Logic
— Organizations got a crash course in hybrid and remote work at the start of the pandemic. While many of the related security and technology issues have been ironed out, some of the remaining challenges aren’t about technology. One concern is employee mental health and another is creating the right processes and procedures to access the infrastructure. Additionally, the threat landscape is beyond the enterprise perimeter, making it difficult to identify employees and detect behaviors. Employees are going to continue to use devices for both personal and professional purposes, increasing risk but also improving productivity. Also, security orchestration, automation and response (SOAR) will continue to exist, but will be increasingly absorbed into other security platforms and the term will die out as it becomes baked into overall security. SOAR will converge with security information and event management (SIEM), and acquisitions will continue to contribute to vendor consolidation.
Marijus Briedis, chief technical officer, NordVPN
— 5G will create more cybersecurity challenges. Even though 5G will provide users with a faster internet connection, it will also require significant attention to be paid to the new infrastructure, opening more access points for hackers to compromise. And with the global shortage of cybersecurity experts, it will be increasingly difficult to prevent that. In addition, wave bye-bye to third-party cookies. Google promised to eliminate third-party cookies in Chrome browsers by 2024. This is great news for anyone who values their privacy. At the moment, Google is thinking of new ways to track its flow (such as through FLoC). So even though we cannot say that user tracking is gone, we can celebrate the era of intrusive tracking coming to an end.
Cody Cornell, co-founder and chief strategy officer, Swimlane
— As economic uncertainty looms in the air, as organizations plan for 2023 budgets, the conversation around purchasing cybersecurity solutions will transition from “what are we buying?” to “why are we buying it?” With leadership looking to tighten budgets, the C-suite will begin to question the effectiveness and outcomes of security tools rather than just worrying about having solutions in place, ensuring the budget is spent on tools that bring value to the business. Also, organizations will begin to move their response to high-fidelity alerts to their automation system, as opposed to running it through a data lake or some type of SIEM as they are very cost prohibitive and slow to respond to high-fidelity information.
Rohyt Belani, chief executive officer and co-founder, Cofense
— Cybersecurity will not be immune to the recession. In2023, we will see fewer resources and tighter security budgets in corporate settings thanks to economic uncertainty, resulting in subpar security posture across organizations. Because of this, threat actors will capitalize on this asymmetry and evolve faster, creating the perfect storm for an amplified number of breaches across all vectors in 2023, especially using email as an attack vector. Email security and endpoint security will be at the top of the CISO’s wish list.
Jeremy Kowalczyk, senior security architect, Cequence Security
— Threat actors will become more sophisticated in 2023 by leveraging the unholy trinity of application security interface (API) attack vectors. Historically, malicious actors targeting APIs would leverage only one of the tactics outlined by the OWASP Top 10. The reality is that APIs are under attack from several different vectors. In the year ahead, we will see attackers evolve to use a combination of three different tactics–Broken User Authentication (API2), Excessive Data Exposure (API3) and Improper Assets Management (API9)–to bypass common security controls and achieve their end goal. The increased combination of these three threats indicate that attackers will be performing new levels of analysis to understand how each API works – including how they interact with one another and what the expected result will be.
Marc Rivero, senior security researcher, Kaspersky
— We are predicting two major scenes inside the ransomware landscape in the upcoming year. One of them will be the usage of destructive ransomware with the unique purpose of resource destruction and the impact of what we call ‘regional attacks,’ where certain families only impact certain regions. For instance, the mobile malware landscape made a big evolution in the Latin American region, bypassing the security methods applied by banks such as OTP (one-time passcode) and MFA. Malware-as-a-service is another important thing to observe as this kind of underground service is commonly found around ransomware attacks impacting larger organizations.”
As geopolitics increasingly occupy the attention not only of the public but also of cybercriminals, ransomware groups are expected to make demands for some form of political action instead of asking for ransom money. An example of this is Freeud; brand-new ransomware with wiper capabilities.
Nik Achesco, chief data officer, Okera
— Data Subject Access Requests (DSARs) gets supercharged: With more breaches becoming public, policy makers are being forced to represent a frustrated consumer base and hold companies more accountable. As such, we’re continuing to see a boom in policies, regulations, and permissibility, with corporate executives being held accountable for not following best practices. In 2023, new technologies along with attention from the legal community will pick up steam enabling individuals to gain greater visibility and control of what, where, and how their data is being used. Worse, it will cripple many enterprises that still struggle with over-provisioning of data, lack of full visibility, and legacy patterns operating in contemporary distributed data environments.
Robert Prigge, CEO, Jumio
— Social media sites will be pressured to implement rigorous age verification controls. The U.S. Congress is contemplating the Children’s Online Privacy Protection Act (COPPA 2.0) and Kids Online Safety Act (KOSA), while California passed the Age-Appropriate Design Code Act (AADCA). At the same time, Instagram andYubo recently launched AI-powered age verification programs that go beyond traditional age checks, like questionnaires where minors can easily lie about their age. Digital identity verification that leverages the power of AI and biometrics will be a crucial tool to confirm users are the age they’re claiming to be.
David Anteliz, senior technical director, Skybox Security
— The increase in cybersecurity directives from the federal government will lead to a rise in threat actor activity against federal agencies. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a number of new guidance this year. Most recently, Binding Operational Directive 23-01 mandates federal agencies to take necessary steps to improve their asset visibility and vulnerability detection capabilities in the next six months. In 2023, threat actors will ramp up their attacks on before new cybersecurity controls are implemented ahead of 2023 deadlines. This increase in attacks will likely come in the form of supply chain attacks as malicious actors seek to do their worst before they get caught. Also, threat actors will place an increased focus on targeting individuals via fake accounts on LinkedIn.
Irfan Shakeel, VP of training and certification services, OPSWAT
— Cyberattacks on the healthcare industry will continue to increase. The healthcare industry is most vulnerable to cyberattacks, which makes it a lucrative target for cybercriminals. With healthcare staff generally unaware of the extent of cyber risks and best practices, educating them is of vital importance to protect the healthcare industry from cyberattacks.”
Olivier Gaudin, CEO and co-founder of SonarSource
— Software hits a fork in the road. Good software must have the ability to evolve and change – even radically when necessary – to meet shifting business and customer demands. For example, software that was initially designed to do X may have to transform to do Y such as Visual Studio Code. Over time this software has evolved to include rich editing capabilities including intelligent auto code completion, customization of fonts, layouts, and colors, and is now expanding its use in a cloud-based environment. Next year, we’ll see software start to diverge into two categories: Software that is malleable and can change to easily incorporate new functionality, and software that is rigid and can’t. The latter will prove to have limited business value and will eventually fall out of favor entirely as executives expect that software is dynamic enough to accommodate emerging use cases.
Kevin Kirkwood, Deputy CISO, Logrhythm
— Software supply chain attacks will continue to be one of the biggest threats to enterprises using open-source software. Organizations should be on high alert for supply chain attacks if they use open-source software. In recent years, hackers have become more strategic when it comes to exploiting open-source software and code. 2023 will be no different. Bad actors examine the code and its components to obtain a thorough understanding of its flaws and the most effective ways to exploit them. In 2023, we’ll see bad actors attack vulnerabilities in low-hanging open-source vendors with the intention of compromising the global supply chain that utilizes third-party code.
Brad Hibbert, COO & CSO at Prevalent, Inc.
— The old “Annual and Manual” approach to third-party risk managment (TPRM) will become an exception rather than the norm. Given the continual onslaught of third-party vendor and supplier-originated security incidents (for example, the ransomware attack at Kojima Industries that stopped production at Toyota), organizations are trying to better predict disruptions and mitigate them when they do happen. Organizations have to be more proactive, continuous, and agile in assessing their third-party vendor and supplier resilience, ditching manual methods once and for all. TPRM can’t be an annual, manual check-the-box exercise.
This isn’t all of the predictions. Look for Part 2, also on ITWorldCanada.com.