Cybersecurity 2023: Recession Opens Opportunities for Criminals, Demands Response
“Millionaires are made during a recession.” This adage will prove true for many cybercriminals in 2023. Economic difficulties will drive instability and innovation in the cybersecurity industry. There will be winners and losers. Here are our predictions for cybersecurity in 2023.
Economic Crisis Drives Cybercriminal Creativity
As economies flag, more people will turn to cybercrime as a source of income. This will drive further diversification and creativity in the cybercrime industry. Cybercriminals will find new vectors and attack new targets including smaller businesses. Organizations that delay defense projects will be at greater risk.
API-Interconnectivity to Be Leveraged in a Multi-Million Dollar Cyberattack
The world is increasingly interconnected, and APIs are the ties that bind us. Each of those connections introduces a new risk and a new avenue of attack. Cybercriminals will leverage these interfaces to deliver payloads in an unprecedented supply chain attack.
A Major Critical Infrastructure Attack Will Disrupt Vital Services
The Colonial Pipeline attack of 2021 was an hors d’oeuvre compared to what threat actors could serve up. Despite a concerted federal effort to shore up critical infrastructure’s cyber preparedness, we are past due for ‘the Big One.’ Expect a cyber attack to disrupt your access to water, electricity, gas, or the internet in 2023.
Courts Are in Cybercriminals’ Sights
Federal courts are vulnerable and therefore primed to cause chaos. A (cyber)criminal striking back against the courts will delete records and throw the criminal justice system into disarray. While they may do so for the sake of chaos itself, it’s more likely that they would do it for the ransom.
Ransomware Syndicates Will Avoid Prosecution
Despite efforts to get back at ransomware gangs—such as in the case of the Australian government targeting the perpetrators of the Medibank breach—we predict that precisely zero ransomware syndicates will face legal consequences. Many ransomware gangs operate from countries with sympathetic governments, are nearly impossible to track down, and easily dismantle operations only to return under a new name. Politicians won’t prioritize the issue of cybercrime for fear of becoming targets.
Visibility and Analytics Become the Twin Anchors of Cybersecurity Operations
Organizations will become aware that without visibility into their networks, they are lost at sea. NG-SIEMS and XDR will prove to be too slow and cumbersome to detect intrusions at speed and don’t provide all the centralized data and cross-referencing that investigating teams need when an intrusion has been detected. Unified network visibility will prove critical if they don’t want to be dead in the water.
The Empowerment of the Cybersecurity Operator
The industry will finally address pervasive operator burnout. This will require placing the information that operators need at their fingertips, getting the entire stack on the same page, using automation where applicable, and filtering out false positives. The empowered operator will also enjoy a greater say in the tools they want to employ in their architecture.
EDR Limitations Become Evident as Evasion Becomes Standard
EDR evasion will no longer be a ‘sophisticated technique’ but rather a standard cyberattack practice. EDR adoption will stagnate as the technology fails to deliver on its promises. The telemetry provided by EDR is proving to be too limited and segregated, especially when compared to what can be gathered from the network as a whole. Vendors who have simply added an ‘X’ to their EDR solution to rename it as ‘XDR’ will be exposed.
Zero Trust Becomes Standard
Zero Trust is a long-accepted security strategy with backing from analysts and adoption at enterprise level. We’ve already seen initiatives on a government level to speed up the adoption of Zero Trust at a small business level. 2023 will see this adoption become commonplace. Previous projections show that the Zero Trust market will grow to $79 billion by 2027; we foresee it eclipsing the $100 billion mark.
Phishing Evolves to Remain Top
Threat actors are always targeting ‘the human element’ and phishing will remain the most effective way to gain initial access. Current variations of phishing include smishing, spear phishing, and whaling. The next generation of phishing will be more personalized and better at converting through machine learning augmentations: natural language processing, deepfakes, and data mining.