- Expect More Privacy and Regulatory Requirements
According to Gartner, Inc., 65% of the world’s population will have personal data covered under modern privacy regulations, up from 10% in 2020, by 2023.” Five major states will have new comprehensive data privacy laws in the U.S. alone in 2023. Additionally, nearly 40 U.S. states introduced or considered more than 250 bills dealing with cybersecurity in 2022. A federal reporting requirement issued in March 2022 mandates that critical infrastructure organizations report cyber incidents and ransomware payments. The SEC also proposed new cybersecurity disclosure requirements for public organizations that obligate them to disclose the cybersecurity expertise of board members and report cybersecurity practices periodically.
Also, with new and upcoming laws/regulations, increasing scrutiny by authorities, and alarming headlines over recent years, consumers are becoming more aware of what organizations do with their data and how they respect consumers’ privacy and choices.
Consumers will begin to demand transparency surrounding their data security and privacy programs, eventually deciding which company is doing the most to protect their personal information.
Suppose organizations don’t have a strong grasp of how consumers’ data is processed. In that case, they will struggle to protect or enhance consumer trust and eventually risk harming their corporate brand.
- Increased Adoption of Zero-Trust Network Access (ZTNA)
Zero-Trust is shifting from a new concept to a best practice. Remote working will continue to trend. Virtual private networks cannot meet scalability demands, and the technology can be prone to cyberattacks and vulnerabilities. On the other hand, zero trust is a multitiered approach that is both scalable and highly secure. Zero-trust strategy is based on the concept of “never trust, always verify,” which means that just because users can be identified and authenticated, they must not be granted blanket access to all resources. In a zero-trust environment, users are continuously validated, reassessed, and reauthorized using multiple authentication methods.
Organizations with a zero-trust approach saved nearly $1 million in average breach costs compared to those without zero-trust deployed. Now that it’s finally more than just a buzzword, security teams will accelerate zero-trust adoption plans in 2023 and make several missteps along the way. Without a deep understanding of trust relationships, implementations will fail. We already see security teams building “less trust” rather than “no trust” architectures, which opens the door to security gaps that adversaries may take advantage of in 2023.
- Threat Detection and Response Tools to Be Replaced by Modern Cloud-Based Solutions
Gartner predicts that the demand for cloud-based detection and response solutions like EDR and MDR will significantly increase in the coming years.
Cyberattacks aren’t a question of “if”; they’re a question of “when.” Organizations can stop an attack or reduce its impact by identifying unusual activity across their entire ecosystem of users, applications, and infrastructure. Threat detection and response tools like endpoint detection and response (EDR), extended detection and response (XDR), and managed detection and response (MDR) can analyze historical data using artificial intelligence and machine learning algorithms to spot unusual patterns as well as leverage threat intelligence and advanced file analysis to detect and block advanced threats that are designed to evade traditional defenses.
New tools have been released, and new features with more advanced capabilities. Some highlights to Rapid7 MDR, SentinelOne EDR, Chronicle, a Google company based on the acquired platform Siemplify and more.
- Risk Management Will Have a Key Role in Cyber Security Organizations
To be successful, organizations will need to add more focus on Risk Management. Especially internal Risk Assessments and Third-Party Risk Management.
Many adversaries are circumventing sophisticated defenses that large enterprises deploy by hacking smaller supply chain organizations that might have access to the same information but do not have an equal level of protection. Organizations have long used third-party applications to improve productivity, but such tools can have several vulnerabilities that attackers can exploit to gain access to victim environments.
Gartner predicts that by 2025, 45% of organizations will experience attacks on their software supply chains, which will be three times as many as in 2021. Boards and CEOs are demanding security improvements in their supply chains. We expect increased demand for tools, services, and vendor questionnaires to help catalog and monitor cyber risks in third parties and suppliers.
Cyber insurance premiums are rising, making it increasingly difficult for companies to afford or obtain coverage. To negotiate insurance premiums and better risk coverage, businesses must present evidence across a broad spectrum of security areas to prove compliance with leading cybersecurity standards and best practices. Organizations will begin to conduct enterprise risk assessments that highlight the maturity level of their cybersecurity program and proactively address any underwriting concerns. When buying cyber insurance, risk assessments can serve as guidance—defining priorities and identifying acceptable risks and those that need to be transferred to insurers. Risk assessments can help determine decisions around insurance gaps, limits, and coverage.
The threat landscape will undoubtedly continue to evolve in 2023, probably at the same pace as what we’re seeing currently—if not more. Organizations must stay vigilant, never compromise, and leverage security expertise for advice and guidance if needed.
- Cybersecurity Outsourcing Will Become More Common
Cybersecurity has become far too complex for organizations to manage on their own. Most organizations are neither cybersecurity experts nor have the skills or resources to manage a full-fledged security operations center (SOC). Security teams are overwhelmed, and a major skills shortage for cybersecurity talent makes it difficult to recruit and retain security experts. For these reasons, many organizations will be forced to think creatively. They could decide to outsource their day-to-day security operations to an experienced consulting firm or leverage the leadership services of a virtual CISO.
- Hacking Attacks and Incidents Will Continue to Growth
With crypto losses emanating from hacking incidents spiking by a whopping 695% between Q1 2021 and 2022, many experts believe that hacking-related losses will keep growing all through 2023, impacting investors and several digital asset platforms in equal measure.
Over 2023, the industry will continue to witness much exploitation in relation to both centralized exchanges and decentralized apps. Wherever there is money, there will be people trying to get after the money.
With the possibility of a global recession, we expect to see ransomware attacks spike in 2023. However, larger organizations in regions heavily impacted during the ransomware boom are the most prepared for this wave after investing time and money in fighting back.
- More Incidents Focusing on Critical Infrastructure
Certain sectors or countries have always been at greater risk of state-sponsored attacks. However, 2023 may be the year that risk against critical infrastructure sectors, government, and high-tech companies escalates — especially if a nation-state sees outside interference.
ICS/SCADA systems are essential to the daily operations of industrial manufacturers. Due to their importance, these systems have, over time, shifted to be a top target for attackers.
Yet while the tactics and techniques required to social engineer ICS systems differ from those needed to social engineer IT, the impact can be even more detrimental — going so far as the possible loss of life.
Social engineers are already beginning to advance their techniques and tactics to gain access to these vulnerable systems more successfully. We anticipate this to accelerate — with even more success — in the year ahead.
- The Use of New Tools and Technologies Will Increase the Complexity of the Attacks
More attacks against non-traditional technology, from cars to toys to smart cities, and the use of deepfakes, AI, and other technologies and tools on newer attacks.
Almost as fast as the cybersecurity industry releases new security tools, adversaries evolve their techniques to circumvent them. This year will be no different. We expect to see cybercriminals set their sights more specifically on MFA and EDR technologies. With some attackers having succeeded at circumventing non-phishing-resistant MFA this past year — and more organizations relying on it than ever before — this technology will grow as a top target next year. Similarly, adversaries have been honing EDR evasion techniques. We expect to see a massive spike in the number of EDR evasion tools for sale on the dark web.
Weaponizing deepfakes: in October 2022, a deepfake of U.S. President Joe Biden singing ‘Baby Shark’ instead of the national anthem was circulated widely. Was this a joke or an attempt to influence the important U.S. mid-term elections? Deepfakes technology will be increasingly used to target and manipulate opinions or to trick employees into giving up access credentials.
- Automation Will Be Indispensable for Proper Protection
With data being more dispersed than ever, protecting the “castle” is no longer a successful strategy — we now have too much surface area to cover. We’ll see more automated protection, so defenders can focus more on detecting adversaries earlier and responding more effectively.
Large numbers of security processes can be automated, mainly due to the increased adoption of new security automation standards, application programming interfaces (APIs) connecting computer programs, and cloud systems. Automation is helping to reduce or eliminate the most burdensome and often repetitive operational tasks, allowing IT teams to spend more time on strategic security initiatives. That’s critical, given the persistent security skills gap. Indeed, with the ongoing threat from nation-states, ransomware gangs, and other rogue actors, enterprises need cybersecurity help anywhere they can.
- Continue Growth on Credential Stealing
Cybercriminals will continue to leverage large caches of leaked/stolen credentials to devastating effect. Many consumers and businesses are gradually migrating to password managers, passwordless, and hardware identity tokens. However, most people continue to reuse credentials or variations between environments, systems, or sites. Next year, we’ll see attacks against legacy second-factor authentication, such as SMS, continue, as will attacks against push-based multi-factor authentication solutions. Phishing and other attacks designed to capture authentication tokens will also rise.
Credential theft is still a problem. Even after years of warnings, changing password requirements, and multiple forms of authentication, password stealing remains a top attack method cyber criminals use.
The latest report from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks. 59% of organizations aren’t revoking credentials that are no longer needed, meaning passwords can go unattended and dormant like a sitting duck (like what happened with Colonial Pipeline). And Verizon’s Data Breach Investigations Report cites that stolen credentials caused nearly 50% of all data breaches.
The stats don’t lie. Cybercriminals are advancing, there’s no doubt, but if there’s an option to take the path of least resistance, they’ll take it. Too often, that means compromising passwords and exploiting vulnerable access points.
Happy 2023 and Happy Hacking!