View all sessions on demand from Smart Security Summit this.
The past year has been an impactful year in the cyber threat landscape. Ransomware continues to dominate the conversation as organizations of all sizes and industries suffer disruption, often explicitly and openly.
The war in Ukraine provides clear examples of a government leveraging both its formal and informal cyber resources, with Russia using advanced infiltration groups, a larger cybercrime ecosystem, and a various misinformation. All of these entities conducted a wide range of malicious cyber activities from destructive attacks, to spying intrusions, to information operations.
More traditional threats also continue to impact organizations globally. Business email compromise remains one of the best financial compromises harm crime. Cybercriminals have discovered new ways to monetize their efforts while leveraging tried and true methods. Many government organizations have conducted wide-ranging operations to track individuals or steal intellectual property.
In addition to all these activities, some top-level intrusions have been carried out by low-level actors such as Lapsus$.
In a nutshell, 2022 offers virtually every type of malicious network event that can happen, as well as the highest number of intrusions ever.
So, what can we expect for cybersecurity in 2023? Here are the five predictions:
Cybersecurity 2023: Ransomware will shift main focus away from encryption
In 2022, we have seen a significant increase in ransomware events related to data theft combined with cryptographic events. While this isn’t new to 2022, attackers’ preference for diverse extortion options has become much clearer. This trend is likely to accelerate in 2023 along with an increasing focus on data destruction to include a new focus on data backup. These increases can lead to a corresponding decrease in coding events.
Why is this likely to happen? Three reasons are going on.
First, shared technology and best practices are improving ransomware victims’ ability to recover data without paying attackers for a decryptor. Related to this, many public discussions have revealed that paying for decryptors often leads to data loss or subsequent ransom demands, which is why the FBI recommended against ransom..
Second, cybercriminals have realized that the “hack and leak” component of the ransomware event provides a second or subsequent extortion option to monetize their efforts. This becomes more apparent as regulations and governance requirements become more pervasive.
Third, it takes more engineering work to create an effective encryption/decryption tool than stealing the data and then choosing a bunch of methods to corrupt the victim’s data. This could be a lower technical step for ransomware actors to steal data, offer to “resell” it, and if not, threaten to publicly disclose the data or sell it to other malicious actors. At the same time, data destruction can be extremely stressful for victims, which is beneficial for cybercriminals.
The most impactful intrusion vector will be the abuse of SSO
As more organizations move to a single sign-on (SSO) architecture — especially an effective way to manage hybrid environments — malicious actors are realizing that this is the best and most effective way to access the victim. In the past year, there have been many well-known intrusions that leverage malicious SSO with the abuse of multi-factor authentication (MFA), thus potentially accelerating this transition.
Malicious use of SSO can be difficult to detect and respond to without effective safeguards. These additional challenges for defenders create visibility gaps for malicious actors to avoid detection. While malicious use of SSO is unlikely, especially in combination with MFA, to be the highest-volume threat vector, it provides significant access and the potential to go undetected. across the enterprise. Based on these combined factors, the most impactful intrusions in 2023 will combine these actions.
Low-level actors will create high-level effects
The threat landscape continues to become more diverse and diverse year after year. These changes are providing more capabilities for entry-level threat actors. On the contrary, increased ability will make more significant impact on their goals.
In the past, malicious threat actors had to do almost all the technical work and monetize on their own. This technical standard, while not preventing all impacts, does place some restrictions on different threat actors. But that technical requirement is being largely replaced by an efficient “intrusive gig economy” where malicious tools, access, or services can be purchased.
This is combined with the growing list of offensive security tools that are highly likely to be used for malicious purposes. Finally, 2022 has provided significant media coverage for low-level actors making a big impact on mature organizations. These combined factors are likely to produce more impactful intrusions in 2023 from threat actors with lower technical skill levels than in any previous year.
Malicious actors learn to penetrate the cloud providing cybersecurity detection opportunities
As organizations continue to migrate more of their operations to the cloud and SaaS applications, malicious actors must follow this transition. Simply put, the intrusion would have to happen when the victim runs the operation and hosts their architecture. These transitions put a significant strain on IT staff and often interfere with or lack visibility. That’s bad news.
The good news is that threat actors have to make the same transition and stumble across the cloud-based aspects of their work. This presents several opportunities for effective detection based on potential errors in their tools and methods, a lack of understanding of cloud/SaaS fundamentals, or challenges in the environment. combine.
New regulations will highlight the online poverty line
network poverty line is the threshold that divides all organizations into two distinct categories: Those that can implement essential cybersecurity measures and those that cannot meet those same measures. This concept was first coined by Wendy NatherHead of CISO consulting at Cisco and is often used when discussing an organization’s budget, security architecture, and capabilities.
As new government regulations and policies are rolled out across the globe, the number of requirements for every organization is growing at a rate that requires significant resources and capabilities. As an example, the new United States Strengthens America’s power Cybersecurity Act signed in 2022 creating reporting requirements and coordinating with government organizations. As another example, Gartner’s estimate that by the end of 2024, more than 75% of the global population will be subject to some form of digital privacy regulation.
While these regulatory efforts will certainly produce positive results, a large number of organizations will have difficulty implementing, complying with, or even understanding similar cybersecurity efforts. This will certainly increase the gap between organizations above and below the online poverty line rather than reducing the gap. This same growing gap is likely to translate to cyber insurance and related fields as well.
As this year of predictions shows, 2023 is sure to be an action-packed year in terms of cybersecurity just like 2022. Fasten your seat belts.
Steven Stone is the head of Rubrik Zero Labs at evaluation board.
DataDecision makers
Welcome to the VentureBeat community!
DataDecisionMakers is a place where professionals, including technical people who work with data, can share data-related insights and innovations.
If you want to read about cutting-edge ideas and updates, best practices, and the future of data and data technology, join us at DataDecisionMakers.
You can even consider contribute an article your own!
