Cybersecurity is a catch-up game. Barely a week goes past without news of another successful breach against a well-known organisation - and most of these companies have large budgets and the best security tools money can buy. 2022 has been a tumultuous year, with ransomware, supply chain attacks, and more plaguing entities in every sector.
The question is, what can we expect in 2023?
For one, I think we can expect the role of the CISO to become even more complex and demanding as they face increasingly sophisticated adversaries and complex threats. CISOs will need to be able to wear a wide range of hats and have a solid understanding of not only technology but the business too.
Next, I believe that securing our increasingly connected, yet distributed world will take centre stage. Too many IoT devices have been deployed over the years, without much thought to security. If any, it has often been tacked on as an afterthought. However, as the number of connected devices surges, the attack surface for the networks and ecosystems to which they connect, grows too, fuelling exponentially more security, data, and privacy risks.
In addition, in 2023, customers will want more transparency and more control of their data. In an increasingly stringent regulatory environment, customers expect this control and know that businesses face heavy penalties for falling foul of new data regulations. Therefore, we can expect a sense of urgency for businesses to enable trust, and truly embrace data privacy and compliance as more than just a ‘tick-box’ exercise.
Also in 2023, I believe we can see an enhanced focus on ‘resilience’, and that this is set to be a major buzzword next year and into the future. As entities grow increasingly digital and connected around the globe, the attack surface expands, and the frequency and impact of cyber attacks grow. This will see forward-thinking companies looking for new techniques and solutions to grow their resilience and develop situational awareness of new and advanced threats in order to improve their ability to respond.
Ransomware will also remain a main problem now and into the foreseeable future. However, when we talk about infiltrating systems, the focus is increasingly shifting from traditional malware to exploiting vulnerabilities from the growing number of zero-days. Moreover, we can expect to see attack strategies continue to shift from merely encrypting business data to placing more focus on exfiltrating that data. There are a few ways threat actors can profit from this stolen data, but the most common are extortion, where an attacker will steal a company’s data and then demand a sum to not leak it, and another, is selling stone directly through dark net forums.
Furthermore, interconnected geopolitical challenges will continue to dominate the threat landscape next year. During the course of 2021, we have witnessed an unstable geopolitical situation drive a rise in nation-state actors. Russia and its neighbours are viewed as the worst and most aggressive offenders, due to Russia’s ongoing invasion of Ukraine. Unfortunately, too often a blind eye is turned to malicious cyber activity in these nations, where law enforcement structures lack focus on tackling cybercrime.
In addition, no longer are attacks solely financially based, hacktivism is on the rise, which has led to a growth in the number of attacks, which may not be as professional or well-funded as financially-motivated groups of attackers, but still force companies to spend significant resources on their reflection and analysis, which leads to overloading them with work and reducing their efficiency.
And supply chain attacks are not going anywhere either. Complex supply chain security risks will continue to rear their heads, as businesses in every industry depend more and more on each other to do business. Supply chains have become crucial to survival, and cyber crooks know this and will continue to target the weakest links in the supply chain to gain a foothold in their target organisations.
Unsurprisingly, the cyber security skills shortage will continue to be a real problem for the industry, and that fresh talent will be hard to find, and experienced talent, harder to hold on to. As cyberattacks grow in frequency and sophistication, there will be increased pressure from regulators, boards, and workforces to keep a lid on cyber risks, and a mad scramble for talent will ensue.
For the past two years, we’ve dealt with the almost overnight move to the cloud, and cloud security will remain an issue for some time yet. As cloud deployments mature and an increasing amount of data, workloads, and business functions are hosted in these environments, there will be more pressure to avoid expensive mistakes that can see massive fines being levied against those who fall foul of regulations. This in turn, will see a rise in ‘secure-by-design’ processes, to ensure that new technologies do not come hand-in-hand with as many risks.
Moreover, attacks against operational technology (OT) environments in the energy, manufacturing, and other sectors, will step up a notch in 2023. More and more, we see threat actors looking to weaponise these environments to wreak havoc, as they are notoriously hard to secure. This is due in part to these systems not being originally designed to be connected, and in part to the locations in which they are situated. The overlap between IT and OT environments is also muddying the waters, and companies will need to start looking at ways to automate more and increase visibility into OT environments.
My final prediction for 2023, is that disinformation will remain a major threat to our lives, and to democracy. We live in an era where we cannot trust anything we see or hear. Deepfakes and even shallowfakes are able to replicate tone of voice, and even videos that create highly targeted phishing or social-engineered attacks that have far higher rates of success. technology has led to the rise of deep fakes. The public and private sectors need to recognise how dire this problem is and work together to fight this scourge. Unfortunately, technology is always a double-edged sword, and although artificial intelligence and machine learning have many benefits, they are dangerous weapons in the wrong hands.
Sign up for itrainsec courses to learn more:
Ransomware remains a main problem now and into the foreseeable future. IDC survey finds that more than one third of organizations worldwide have experienced a ransomware attack or breach. At the same time Gartner analysts declare that nearly 95% of ransomware attacks are preventable.
We train companies and individuals to understand and prevent this devastating threat that is constantly growing.
According to Accenture, up to 40% of cybersecurity attacks are now occurring indirectly through the supply chain. Supply chain attacks may not yet be as common as traditional attack vectors, but their complexity and impact is significantly higher. SolarWinds still dominates the headlines, and more ongoing attacks like this one will undoubtedly emerge in the near future.
So what can we do to spot and stop supply chain attacks? Familiarise yourself with a proven set of essential procedures, tools and technologies, contract requirements and general awareness proven to minimize risk:
Kubernetes is a non-secure by default container-orchestration system which is becoming the industry need-to-know platform for any professional working with cloud applications and containers. This 2-days course provides practical real world techniques to assess the security posture of Kubernetes clusters and how to protect them.
By the end of the course participants will have the knowledge and resources to fortify Kubernetes clusters with confidence. All code, slides, tools and configuration along with auxiliary scripts will be provided.