2023 threat predictions: Beware ‘economic uncertainty’ for the cybersecurity community
With the end of 2022 nearing, and cybersecurity researchers and vendors submitting their predictions for what might be in store for the industry in 2023, the phrase “economic uncertainty” was often invoked and may be the mantra security professionals say to themselves when making important decisions.
A struggling economy seemed to weigh heavily on the security pros who submitted predictions to SC Media, as many thought budget-conscious decisions will leave organizations less secure.
Click here to download the full 2022 Cybersecurity Year in Review Report from SC Media.
Many also suggested that government regulations for things such as breach reporting, data privacy and even software may be in the works in the next year or the near future.
And when it comes to protecting against threats, many said they still expect ransomware and supply chain attacks to continue, and may even increase in volume as new technology and services offered via suspicious sources lower the barrier to entry for cybercriminals.
Cybersecurity will not be immune to the recession, Rohyt Belani, CEO and co-founder at Cofense
In 2023, we will see fewer resources and tighter security budgets in corporate settings thanks to economic uncertainty, resulting in subpar security posture across organizations. Because of this, threat actors will capitalize on this asymmetry and evolve faster, creating the perfect storm for an amplified number of breaches across all vectors in 2023, especially using email as an attack vector.
When times are tough, test your products, PJ Kirner, CTO at Illumio:
With an economic downturn on the horizon, CISOs are making sure they are investing in the most effective tools to maximize cyber-ROI. As a result, we’re seeing CISOs more proactively test core cyber tools using red teams, breach simulations, and other internal tools. This has led to an increase in solution testing, with products that can deliver measurable results winning out over products that don’t live up to their own claims.
The current level of economic uncertainty will result in organizations placing more scrutiny on technology spend next year, says Vladi Sandler, CEO at Lightspin:
While investments in cloud products and services will not entirely dip, companies will aim to maximize their cybersecurity budget to get more functionality for less. This means we’ll see growth in platform offerings instead of point solutions.
Companies will need data to counteract economic uncertainty, says Satyen Sangani, CEO and co-founder at Alation:
Economic uncertainty will continue into 2023, and it will plague the private sector with long-lasting high-interest rates, expensive and illusive capital, and rising workforce costs. Leveraging the wealth of data at a company’s fingertips — once deemed a complex and daunting task — has emerged as modern enterprises’ strongest asset in the good times. In 2023, companies will also recognize the power of data in the bad times. Finding, understanding, and using reliable data will serve as a significant competitive advantage as companies navigate the challenging economic landscape. Those who ignore their data will struggle to thrive. Even startups will be held to a different standard amid challenging times. As the adoption of collaborative technology rapidly accelerates and organizations, regardless of size, recognize their data’s immense value, startups and large-scale organizations alike will need to upskill data literacy to become truly data-driven.
Cybersecurity budget conversations will focus on securing critical business assets, says Andrew Hollister, CISO at LogRhythm:
In tough economic times, an organization’s c-suite will be focused on cutting what they perceive as non-essential costs. It’s exceptionally important that when leadership thinks about cybersecurity budgets, they take the time to carefully analyze and understand what they are protecting from a business perspective.
As cyberattacks continue to rise, I anticipate more organizations will be doubling down on frontline prevention and detection technologies to stay secure and aiming to consolidate cybersecurity tools where possible.
Reduced Resources Lead to Reduced Complexity and Streamlined Implementations, says James Beecham and Chris Struttman of ALTR:
Smaller budgets and contracted teams mean there will be increased desire to decomplexify systems. The ability to do more with less is going to be the overarching trend for 2023. Simpler systems are easier to implement and take fewer people. If you can do two things with one system rather than having two separate systems, it’s more efficient for users, teams and companies. At the same time, teams will be looking at how to remove roadblocks in the way of projects — SaaS solutions that can be delivered without an army of consultants or solution integrators are ideal for these straightened circumstance.
Budget cuts, amid economic uncertainty, will leave companies vulnerable to cyberattacks, says Jadee Hanson, CIO and CISO at Code42:
Once rumblings of economic uncertainty begin, wary CFOs will begin searching for areas of superfluous spending to cut in order to keep their company ahead of the game. For the uninformed C-suite, cybersecurity spend is sometimes seen as an added expense rather than an essential business function that helps protect the company’s reputation and bottom line.
These organizations may try to cut spending by decreasing their investment in cybersecurity tools or talent — effectively lowering their company’s ability to properly detect or prevent data breaches and opening them up to potentially disastrous outcomes. This should especially be of concern amid persistent ransomware attacks, and 2023 is expected to be another challenging year. Companies that maintain efficient cybersecurity resources will fare much better in the long run than those who make widespread cuts.
Decision-makers will embrace risk to strengthen security, says Ryan Sydlik, senior security engineer at Telos Corporation:
Though risk inherently brings a negative connotation, understanding what risks are facing your organization can actually turn into one of your strongest assets. In 2023, security teams will place a stronger emphasis on understanding their risks and weaknesses. In doing so, they will likely find that risk acceptance of unpatched vulnerabilities has been far too lenient and sometimes overlooked. With this new, deeper understanding, leadership will be empowered to prioritize using standardization and automation to control and manage attack surfaces, and to identify and remediate missing patches that could otherwise bring serious security implications.
During a time of economic downturn, organizations will go back to security basics, says Sadik Al-Abdulla, CPO of Onapsis:
Given the current period of economic uncertainty, organizations will continue cutting their budgets and putting their dollars into resources that are most critical to their business. While strengthening their cybersecurity programs will be a priority in the coming year, organizations will begin rethinking the types of tools they are investing in. In 2023, we’ll see organizations lean more toward fundamental security technologies to protect their business assets. For instance, business-critical application security tools, such as vulnerability management platforms specifically designed for enterprise resource planning (ERP) applications, will help defend valuable data that enables an organization to successfully operate.
The pendulum for data budgets will swing from innovation to ROI and value organizations, says Satyen Sangani, CEO and co-founder at Alation:
Over the past few years, companies in the data intelligence industry have delivered immeasurable innovation through platforms that help organizations prioritize data-driven decision-making. In 2023, the pendulum will swing from innovation to value as these organizations navigate economic uncertainty. Data-driven organizations will remain willing to invest in innovative technologies and platforms that effectively move the business forward. However, they will be more reluctant to make bets on early stage startups. Companies in the data intelligence industry will be held to a higher standard and focus on delivering ROI and clear value — rather than speculative benefits.
The attack surface will expand as organizations consolidate IT and transition to cloud technologies to save resources, says Jonathan Reiber, vice president of cybersecurity strategy and policy at AttackIQ:
Continued economic uncertainty will lead organizations to be more judicious with spending, and companies will look for proven technologies and ways to maximize return on investment. Technologies that can save money and increase efficiency will continue to be appealing to corporations that are facing budget reductions.
There will be an acceleration toward cloud-based technologies as organizations seek to eliminate underperforming legacy systems. During cloud transitions, the attack surface will expand in some areas as legacy systems remain open during and after, leaving organizations exposed. At the same time, the move towards the cloud will allow companies to have increased consolidation and better security in some cases if organizations are intentional and experience fewer personnel expenditures.
Increasing pressure to maximize value of existing security stacks, says Leonid Belkind, cofounder and CTO of Torq:
The current economic climate dictates all enterprises become more efficient in their spending. As a result, IT and security leaders will look for ways to derive maximum value from their existing tech stack, rather than adding more point solutions to it. Security automation unifies existing security investments and harnesses their potential, enabling organizations to get more bang for the buck from them.
In the next 5 years, every organization with 100 employees or more will be spending at the bare minimum 10% of their operating budget on digital security tools, says Marcin Klecynski, CEO of Malwarebytes:
The cybersecurity industry is historically resilient in tough economic times. On the cusp of a recession, this time won’t be any different. Recession or not, businesses are facing unprecedented volume and sophistication of threats. The potential losses from cybersecurity threats aren’t going to go down, either, with damage from cyberattacks expected to reach $10.5 billion annually by 2025. Amid that backdrop, a recent survey of CIOs revealed that two-thirds plan to increase cyber spending in 2023.
Cybercriminals don’t retreat in the face of economic trouble — if anything, they up the ante. As businesses try to keep pace, in 2023 we’ll see significant growth in the endpoint protection market as a whole.
Regulations for software development are coming, says Tom Kellermann, CISM, senior vice president of cyber strategy at Contrast Security:
Software supply chains have been under siege as cybercriminals attack software development, integration and delivery infrastructure. Given the sophistication of recent software supply chain cyberattacks, ensuring software integrity is paramount to protecting systems’ from systemic cyberattacks in 2023. Due to the unprecedented cybercrime wave regulators will become more active. We will see more regulation from the SEC, FTC and from CISA that require enhanced reporting and more transparent software supply chain security. Companies will be forced to be transparent about their security practices in the new year as continuous monitoring will expand into development.
Government regulations are about to balloon, says Christopher Prewitt, CTO at Inversion6:
Even with the new understanding between the U.S. and the EU, there will continue to be changes in international privacy requirements. Meanwhile, new security regulations will surely come from the SEC. We’re also likely to see more executive orders, more Congressional committee meetings and a lot more talking overall from politicians in the coming year.
And yet, for all their growth in number and complexity, most of these regulations will probably lack real teeth. We haven’t seen any real shakeups since the birth of the “accept all cookies” button. This is unlikely to change in 2023.
Automation to become a key asset for governance and compliance, says John Wills, CTO at Alation:
Much is made of the importance of organizing and utilizing data for innovation, but another critical reason organizations need to have a strong grasp of their data is reporting and compliance. While global organizations have been grappling with the patchwork of different data rules and regulations for some time, many organizations, particularly here in the U.S., haven’t had to take on these challenges just yet. This is beginning to change as many states are considering stronger privacy regulations and the U.S. Congress is working through the American Data Privacy and Protection Act (ADPPA). As the ramifications of these changes become clearer, organizations preparing for more stringent record-keeping and reporting will turn to AI-driven systems to help automate and streamline these processes.
There will be a stronger government push toward security by default, says Aleksandr Yampolskiy, CEO and founder of SecurityScorecard:
According to Gartner, digital immune systems that deliver resilience and mitigate security and operational risks will be a key strategic technology trend in 2023. We’ve already seen considerable mentions of security by default practices in the past several months within CISA’s Strategic Plan for 2023 — 2025 and the White House’s Guidance on enhancing software supply chain security. In 2023, we’re going to see increased guidance and legislation surrounding secure development practices that include specific metrics and timelines for federal agencies. As technology companies seek government contracts in the coming year, it will be increasingly crucial that they collaborate with the public sector and look at these government regulations as a baseline to build foundationally secure software.
As the conversations around technology vs. privacy continue in 2023, Congress will be forced to agree on a national privacy framework, says Veronica Torres, worldwide privacy and regulatory counsel at Jumio:
We’ve seen considerable momentum surrounding data privacy in the U.S. over the past few years, as consumers and watchdogs continue flagging concerns over the innumerable amount of data technology companies are collecting and storing about them. While state-level regulations have been a great starting point in protecting consumers, they have also brought a number of challenges, such as compliance issues for businesses operating in different states.
It’s only a matter of time before the U.S. comes to an agreement on a federal bill that creates a national standard for how consumers’ data should be handled and safeguarded. The American Data Privacy and Protection Act has already been making its way through Congress, and it’s highly likely we’ll see some version of this bill passing in 2023. Once a federal framework is established, tech companies will be required to implement additional measures that prioritize the privacy of their users.
There will be a reckoning among IoT manufacturers as customers demand the strengthening of product security, says Ryan Slaney, threat researcher at SecurityScorecard:
Connected devices have been historically known for their poor security posture. From vulnerabilities within baby monitors to critical bugs in home security systems, it’s just a matter of time before a malicious actor takes full control of a user’s smart home device.
To protect the privacy and security of consumers and their homes, the U.S. government has confirmed plans for a cyber labeling program, set to launch in the spring of 2023. The initiative will help consumers make informed cybersecurity decisions about their IoT devices with easily recognized labels. With new regulations placing increased scrutiny on IoT device manufacturers in 2023, they will be compelled to significantly enhance security across their products.
Directly targeting connected medical devices for healthcare disruption, says Daniel dos Santos, head of security research, Forescout:
The insecure-by-design features in many connected medical devices are increasingly tempting targets for threat actors who want to disrupt operations at healthcare facilities. In 2023, we expect healthcare cyberattacks to not only spill over to medical devices – as was the case for several ransomware incidents in the past few years – but even start to target them directly, though this would require attacker motivation to purposefully target devices that could directly harm people. We highly recommend medical device manufacturers strengthen their internal development and testing lifecycles to make sure that vulnerabilities are discovered and addressed early on, before they are found by other parties.
As every home becomes a smart home and more personal data lives on the cloud, the attack surface will expand no matter how “secure” people feel, says Tyler Moffitt, senior security analyst at OpenText Security Solutions:
There’s a “Black Swan event” coming as consumers and businesses alike adopt new technologies to make their lives smarter and more convenient, in turn, sharing and storing more of their data in the cloud. Being connected to the internet 24/7 will make everyone who uses smart devices more vulnerable in the coming years. I believe a critical event this year, or merely increasing attacks, will signal a wake-up call to consumers and businesses to think more critically about how smart technology use hinders their security and privacy.
The reliance on crowd-sourced threat intelligence will increase significantly says Tonia Dudley, vice president and CISO at Cofense:
As threat actors continue to share what works on their side in terms of attack vectors and tactics, security leaders and cybersecurity organizations will increase their communication with each other in 2023 on what is working best to defend against threat actors. This crowd-sourced threat intelligence will allow organizations to learn how to better defend themselves.
Data privacy will move to the forefront in concert with consumer protection, cybersecurity, data portability, and technology ethics requirements, says Eve Maler, CTO at ForgeRock:
Privacy has been a big topic of conversation in 2022 beyond just keeping data out of the hands of cybercriminals. Privacy now ties into many other adjacent areas, including Zero Trust security, antitrust concerns, usage of services provided by “Big Tech,” and more. As the conversation around privacy progresses beyond a focus on security infrastructure and best practices for preventing data breaches, regulations are working to catch up.
The commercialization of hacking tools on the dark web will increase cybercrime, says Lucia Milica, resident CISO at Proofpoint:
Over the last few years, we have seen hacking tool kits for executing ransomware become a commodity on the criminal underground. Ransomware-as-a-service has bloomed into a lucrative dark web economy, leading to the proliferation of ransomware attacks. New dark web tools make ransomware attacks possible with little to no technical sophistication, opening the door to cybercrime to anyone with a Tor browser and a little time on their hands.
As dark web commerce continues to boom, we expect a fresh wave of attacks made possible by this commercialization. We expect more tools for smishing attacks and mobile device takeovers —complicating our ability to stop these threat actors, even though they are less technically savvy.
During a time of economic downturn, cyberattacks will flourish, says Kevin Kirkwood, deputy CISO at LogRythm:
When it comes to malicious attackers, organizations need to be acutely aware that we’re not talking about machines or software programs being at the other end of this, we’re talking about creative human beings who are motivated and will do whatever it takes to achieve their goal of receiving more money. As organizations balance international turning points with Russia’s war in Ukraine while scaling down operations, threats will inevitably continue to evolve as cybercriminals take this chance to up their attack game during the recession. Therefore, it’s crucial that all organizations are proactive with their security strategies and adopt endpoint technologies and other security solutions that provide preemptive capabilities.
Credential attacks abusing OAuth will go beyond just phishing attacks, says Jenko Hwong, Principal Engineer, Netskope Threat Labs:
Attackers continue to see the benefits that come from abusing OAuth in attacks, whether that’s the ability to bypass MFA, permanent access, and taking advantage of lagging security controls. But in 2023 they will move beyond just phishing and begin to include brute-force attacks, token theft, and SSO attacks. As a result, organizations should start to become more proactive and aware of the risk posed by the surprising number of third-party cloud apps in their environments that have implicit access paths to sensitive data, as a result of dynamic access granted to end-users via OAuth. We will likely see vendors start to respond with basic detection and preventative controls but continue to lag behind attacker techniques.
Attackers will seek out the next Log4j vulnerability and will likely become successful, says Adik Al-Abdulla, CPO of Onapsis:
The impact of the Log4j flaw has been widespread and far-reaching, with countless organizations still reeling from its massive ripple effect. Log4j has underscored the level of difficulty in patching vulnerabilities within commonly used libraries, as almost every vendor within the software supply chain has been responsible for fixing it. Attackers have become well aware of this and have continued taking advantage of unpatched Log4j vulnerabilities. Just a few weeks ago, we saw North Korean nation-state threat actors exploiting Log4shell to hack energy providers and conduct espionage campaigns.
In 2023, we’ll not only continue to see the breadth of Log4j’s exposure increase, but we’ll also see threat actors focusing more on exploiting open-source libraries. To mitigate the impact of a vulnerability as critical as Log4shell, organizations must adopt a risk-based vulnerability management program that can help them prioritize patching the vulnerabilities that are most at-risk.
Over the next year, nearly all digital organizations will experience a cloud data breach, says Amanda Grady, vice president and general manager of platform foundations at ServiceNow:
As enterprises increasingly migrate applications to the cloud, security concerns about the data those workloads store and process will only increase. CISOs and other security professionals looking to manage this risk must implement stricter controls to understand where their sensitive data is, where it comes from, and who has access to it. AI will play a pivotal role in helping them discover sensitive data and take critical action like managing access, data anonymization and encryption.
A public cloud provider’s environment will be used to island hop and launch ransomware attacks against its customers, says Tom Kellerman, CISM and senior vice president of cyber strategy at Contrast Security:
We will see a large public cloud provider be infiltrated and used as an island-hopping platform to launch attacks against their clients. Cybercriminals and spies will continue to escalate their conspiracies by compromising public cloud infrastructure.
Zero trust will crystallize and be adopted more broadly, says Anusha Iyer, president, CTO and co-founder at Corsha:
There’s a phrase I hear a lot lately that I love: “Shift Left Shield Right.” This to me gets the heart of getting Application Security strategies right. For 2023, I predict/hope AppSec will turn into a willing and empathetic collaboration between security teams and development teams to take a multi-dimensional approach to securing application ecosystems across today’s complex hybrid environments through cloud, on-premise system, browser, mobile, and more.
Forget New Year’s, your cookies will be too irresistible, says Lavi Lazarovitz, senior director of security research at CyberArk:
The good news is most organizations no longer view multi-factor authentication (MFA) as a “nice to have” for their business applications, meaning most users must input both a username/password combo and complete a secondary authentication challenge before establishing a web session. The bad news is attackers are getting more sophisticated in snagging session cookies — which establish access to these third-party applications — to bypass both primary authentication and MFA and hijack accounts. As organizations continue to adopt more SaaS applications and consolidate them on the browser, session cookies will become even more critical and more vulnerable. With Genesis Store and other marketplaces specializing in stolen session cookies growing in popularity, threat actors will seek ways to further automate and scale these session hijacking attacks to boost profitability next year.
Organizations realize the proliferation of data is a security problem, says Ravi Ithal, CTO and co-founder at Normalyze:
Every organization, regardless of the size, keeps their data in at least 2-3 cloud environments. The more the organization scales, the more proliferated its data becomes, making it harder to protect the data, keep it secure, and keep tabs on who has access to what. CISOs will turn to Data Security Posture Management (DSPM), or the ability to learn where sensitive data is anywhere in your cloud environment, who can access these data, and their security posture and deploy these solutions to start a new era of data security.
The supply chain will be increasingly weaponized, exploiting our trust in third-party vendors and suppliers, says Lucia Milica, resident CISO at Proofpoint:
SolarWinds and Log4j may have been wake-up calls, but we are still a long way from having adequate tools to protect against those kinds of digital supply chain vulnerabilities. A World Economic Forum survey found that nearly 40% of organizations experienced negative effects from cybersecurity incidents within their supply chain. Almost all expressed concerns about the resilience of small and medium enterprises within their ecosystem.
We predict these concerns will mount in 2023, with our trust in third-party partners and suppliers becoming one of the primary attack channels. APIs are of particular concern because threat actors know we have become heavily reliant on them. What makes things worse is that many organizations lack solid practices for securely integrating and managing APIs, making the threat actors’ job that much easier. We expect more tension in supply chain relationships overall as organisations try to escalate their vendors’ due diligence processes for better understanding the risks, while suppliers scramble to manage the overwhelming focus on their processes.
Smishing (SMS phishing) attacks will overshadow email phishing attacks, says Sinan Eren, vice president of zero trust security at Barracuda:
With the heightened awareness of email phishing, cybercriminals are realizing that users are now more likely to click links within SMS messages that mimic the communications and websites of major organizations — aka smishing. In 2023, smishing attacks will become more prominent than email phishing attacks due to the popularity of smartphones and cybercriminals’ sophisticated spoofing techniques. Smishing will be top-of-mind among security leaders and the C-suite next year and will drive awareness training initiatives across internal and external stakeholders.
End-users are the top cybersecurity threat in 2023, says Chip Gibbons, CISO at Thrive:
Business Email Compromise (BEC) will continue to be a top attack method from cyberattackers and the easiest way into an organization. With the increase in zero-day attacks, people are going to be looking at reducing their externally available footprint. Multi-factor authentication (MFA) will be ubiquitous, and nothing should be externally available without it.
Mobile workplace trends will create new blind spots for enterprises, says Patrick Harr, CEO at SlashNext:
Personal communication channels (gaming, LinkedIn, WhatsApp, Signal, Snapchat, etc.) will play a much bigger role in the attack paths that bad actors engineer to target businesses. Once an individual user is compromised, the bad guys can move laterally to get to the business. And because email has at least some protections in place today, cybercriminals are turning more attention to these other communications channels instead and seeing much higher success rates.
The biggest gaps in security postures come from the personal data of employees in the newly hybrid workforce. These blind spots are becoming more readily apparent as organizations adopt new channels for personal messaging, communications, and collaboration. Attackers are targeting employees through less protected personal communication channels, like WhatsApp, Signal, Gmail, Facebook Messenger to perpetrate an attack. Then it just becomes a matter of penetrating laterally through the organization from their external foothold.
Identity is the new endpoint, says to A.N. Ananth, the CSO at Netsurion:
With the dissolving of the “perimeter” which was convenient to distinguish inside v/s outside in yesteryear, you are who you authenticate as. Remote access is the rule not the exception. Attackers have noticed and work hard to compromise users. If this is accomplished, then it becomes an insider attack, so much harder to detect. Methods such as enforcing MFA, especially for high value admin accounts or studying user behavior (UEBA)and flagging out-of-ordinary or first-time-seen actions are (an operationally complex and expensive) way out. These require meaningful data collection, machine learning and an active 24/7 SOC. Are these detections part of your XDR service providers’ repertoire?
Automated malicious probers on the loose Omer Yaron, head of research at Enso Security:
The use of automated malicious probers to exploit misconfigurations in the cloud is a trend we recognized in 2021, and one which will continue to be relevant in the year(s) to come. As cloud computing keeps scaling and becoming the go-to environment for businesses of all sizes that now rely on cloud providers, attackers will leverage the inescapable reality of misconfigurations that are more difficult to detect in the cloud and use automation to scan big cloud providers for easily exploitable misconfigurations, at scale. While improving efficiency, productivity and business processes across the board, cloud environments require entirely different security strategies than traditional, on-prem environments do. Application security leaders will be required to focus on self-probing tools and cloud security tools in order to ensure that they will be the first to detect any misconfigurations before attackers do.
Threat actors will shift away from ransomware and opt for more discreet methods to monetize, says JP Perez-Etchegoyen, CTO at Onapsis:
Ransomware has historically been the primary method of monetizing for threat actors. However, research has revealed a decrease in both ransomware attacks and ransomware payments this past year, suggesting that cybercriminals are evolving their strategies. Rather than blatantly threatening organizations, threat actors will begin leveraging more discreet techniques to make a profit. Threat groups like Elephant Beetle have proven that cybercriminals can enter business-critical applications and remain undetected for months, even years, while silently siphoning off tens of millions of dollars.
While ransomware will still be a prominent cyber threat in the coming year, we will see more malicious groups directly targeting ERP applications. Organizations must develop cybersecurity protocols specifically around their business applications to ensure their most critical resources and valuable data are secure.
Ransomware gangs will become smaller and smarter, says Fleming Shi, CTO at Barracuda:
Throughout 2022, the major ransomware gangs— LockBit, Conti, and Lapus$ — were behind blockbuster attacks, keeping them in the headlines. But in 2023, with the ransomware-as-a-service business model taking off and the recent build leak of LockBit 3.0, a new generation of smaller and smarter gangs will steal their limelight. During the year, organizations will experience an increased frequency of ransomware attacks with new tactics, and those that aren’t prepared will make headlines that devastate their business and reputation.
Hackers-for-hire skyrocket amid a global recession, says John Dwyer, head of research at IBM Security X-Force:
The cybercrime-as-a-service ecosystem may balloon in the year ahead as operators offer new tools that dramatically lower the barrier of entry for less experienced/technical cybercriminals. With a global recession looming, hackers-for-hire may emerge in search of quick and easy pay. And with geopolitical tensions at an all-time high, and a challenging winter ahead, we expect the biggest rise to be across Europe.
Ransomware operators will stop encrypting in favor of corrupting files, says Andrew Hollister, CISO at LogRythm:
We’ll see ransomware attacks focusing on corrupting data rather than encrypting it. Data corruption is faster than full encryption and the code is immensely easier to write since you don’t need to deal with complex public-private key handling as well as delivering complex decryption code to reverse the damage once the victim pays up. Since almost all ransomware operators already engage in double extortion, meaning they exfiltrate the data before encrypting it, the option of corrupting the data rather than going to the effort of encryption has many attractions. If the data is corrupted and the organization has no backup, it puts the ransomware operators in a stronger position because then the organization must either pay up or lose the data. Therefore, the importance of backing up critical business data has never been higher.
State sponsored attack groups will quietly infiltrate, says Avihay Cohen, CTO and co-founder of Seraphic Security:
While unsophisticated threat actors are on the rise, sophisticated threat actors like advanced persistent threat (APT) groups are still busy at work. APT groups will continue to leverage their complex tactics to remain undetected in networks but will place a renewed emphasis on the critical infrastructure and public sector verticals.
Hackers’ end game is physical damage, says Scott Register, vice president of security solutions at Keysight Technologies:
Hackers may have traditionally abided by a quasi-code of ethics to limit physical destruction, but those days are long gone. Expect 2023 to see more targeted OT attacks designed to disable or destroy system availability with the end goal of harming people. For example, ransomware attacks against life-saving equipment in the healthcare sector will become fair game.
Malicious cyberattacks go beyond ransomware to focus on disrupting economies, says Asaf Kochan, co-founder at Sentra:
We’re entering 2023 during a period of tremendous global tension and economic uncertainty. If the past few years have been defined by ransomware attacks from organized hacking groups, we are now entering an era in which an increasing number of threats will come from state- sponsored actors seeking to disarm global economies. This poses a direct threat to specific sectors, including energy, shipping, financial services and chip manufacturing. These attacks won’t stop at stealing IP or asking for ransom. Instead, they will focus on proper disruption — compromising or shutting down critical operations on a national scale.
Cyberattacks against the public sector will increase, says Darren Guccione, CEO and co-founder at Keeper Security:
As the recent Los Angeles Unified School District (LAUSD) ransomware attack demonstrated, public sector organizations are prime targets for cyberattacks, as their essential nature, broad reach and often insufficient protection make them attractive targets for cybercriminals. This will only intensify in the year ahead. The stakes are high for public sector organizations, as confidential, sensitive data is at risk if these organizations do not maintain good cyber hygiene.
In 2023, we will see greater attack frequency against public sector entities, including educational institutions, the federal government, and at the state, local and municipal levels. As the risk heightens, education and government leaders must prioritize adopting solutions and implementing processes to protect against these growing threats.
Attacks on ICS/OT will result in human costs, says Edward Liebig, global director of cyber-ecosystem at Hexagon Asset Lifecycle Intelligence:
We all know that attacks on critical infrastructure have real-world implications. Whether it’s contaminated water supplies or minimal access to fuel, we’ve seen the costs these cyber attacks have firsthand. While hackers’ activities will likely still be money-driven, we can expect to see human cost become more of a play in the following year. Asset visibility continues to be an issue for operators, which means securing, segmenting and hardening defenses becomes a guessing game of what’s important and what’s not. If IT and OT security convergence continues to be stunted and, thus, visibility remains poor, attacks that have been close calls in the past (such as the poisoning of the water supply from a Florida plant in 2021) will eventually have human costs.
Cyber insurance will become more expensive despite covering less, says Aidan Kehoe, senior vice president at Barracuda:
Going into 2023, the capacity of cyber insurance will continue shrinking as a result of increased demand and expected losses. This will cause premiums to skyrocket and unfortunately, many organizations will not be able to afford the exact policies they held last year. Additionally, the gray areas created by the anonymity of cyberattacks and the recent cyber insurance mandates excluding war and non-war, state backed cyber-attacks will drive litigation and investigations around coverage next year. To compensate for gaps in coverage and liability, organizations will be forced to purchase additional cybersecurity solutions.
There will be a redefinition of the cyber insurance industry, says Cody Cornell, co-founder and chief strategy officer at Swimlane:
For the last decade, organizations that paid premiums were able to bail themselves out when a disaster struck. But as cyber insurance premiums continue to rise amid the proliferation of ransomware, insurance companies are struggling to manage the cost and premium relationship. In 2023, we will see a new evolution of cyber insurance emerge with specific coverage criteria tied to cyber hygiene. Cybersecurity teams will be required to demonstrate the efficacy of their strategy, and organizations that fail to maintain proper safeguards will be excluded from coverage when an attack occurs.