One trend for cybersecurity in 2023 that won’t come as a huge surprise is that cybercriminals will continue to prosper. This year is likely to follow a familiar formula of previously successful cyber-attacks. In fact, our recent launch event at Brooklands highlighted the sheer volume of attacks that continue to target known vulnerabilities.
Alongside these paths of least resistance, new and more-sophisticated threats also loom. So, 2023 is business as usual for cybercriminals. This uncomfortable truth underlines why even the most conservative estimates put revenues from cybercrime at $5 trillion by 2025.
In this article, we highlight SIRE’s top six cybersecurity patterns and priorities for the year ahead – the ‘favourites’ of ransomware, email and human error. Plus, it focuses on emerging threats of mobile and hybrid working, supply chains and cloud services. All of which underline how simplifying cybersecurity strategy will be vital for turning threat awareness into concrete action in 2023.
1. Ransomware returns… yet again
Ransomware has been ever-present since the infamous WannaCry outbreak in 2017. This malware denies users and organisations access to business-critical files. By encrypting them and demanding a ransom payment for the decryption key, many choose to pay up. Sadly, it’s often the easiest, quickest and cheapest way to regain access to files and recover services that have been effectively shut down.
As long as ransomware continues to be profitable for attackers, they will be a leading cyberthreat in 2023. In 2022, ransomware gangs were busy targeting the education sector, forcing health services offline, and even hitting enterprise cloud service providers (Cisco) and a prominent cybersecurity vendor (Entrust Corp.). These attacks will continue to inflict major real-world impacts – from business closures to public service disruption, and from the loss of sensitive data to delayed medical care.
The sophistication, frequency and range of ransomware attacks is set to increase, so organisations should focus their efforts on the use of resilient data repositories and infrastructure. Using artificial intelligence (AI) and machine learning (ML) will also be critical for automating responses to malicious encryption. And multifactor authentication will help shore up defences while limiting the worst potential impacts of ransomware at the earliest opportunity.
2. Your inbox: still an easy way in
According to the most recent data from the FBI’s Internet Crime Complaint Center, losses from business email compromise (BEC) exceed $2.4 billion. Commonly, these are emails that appear to be from a reputable source, such as a company CEO, employee or vendor. They usually encourage the recipient to transfer payments as soon as possible and use manipulative social engineering techniques to induce their victims to comply immediately. Some are obviously fake, but many are incredibly clever and manipulative.
One such attack is the payroll diversion scam. Scammers posing as employees will email the payroll department to update their direct deposit account information. Some emails appear real and have a compelling backstory to add credence. A year ago, fraudsters would often mimic corporate officials, but in 2023 every employee is at risk of being impersonated.
To combat BEC, organisations should be investing in a solution that can detect and block malicious traffic before it reaches a corporate network or business email accounts. This also calls for more cyber hygiene and more-stringent access and security controls that prevent data breaches, email phishing and account takeover by malicious actors.
3. You’re only as secure as human error
Email phishing proves that we’re only human. On a bad day, anyone can let their guard down.
Yet again, human error is expected to be a significant factor in cybersecurity threats in 2023. According to World Economic Forum research, 95% of cybersecurity issues can be traced back to human error by 2022. Verizon’s 2022 Data Breaches Investigations Report also states that 1 in 4 data breaches can be directly attributed to human error.
So, every organisation must continue to educate people on the importance of cybersecurity and how human error can lead to security breaches. Delivering effective cyber-awareness training will help reduce the risk of a security incident occurring due to negligence or carelessness. When it comes to ensuring the safety and security of an organisation’s digital assets and customer data, awareness training must be relentless and proactive to provide a valuable return on investment.
4. Tackling cybersecurity with cybercriminals’ tools
Enter the machines… cybercriminals will increasingly use AI and ML in 2023 for more sophisticated attacks. For example, next-gen language models such as OpenAI’s GPT-3 can produce phishing content that outperforms manually created versions. Adding the threat of AI-powered cybercrime will only increase the risks of human error and email scams.
The good news is cybersecurity professionals are also wielding AI and ML. This levels the battlefield – only automation can address the vast network surface area and the variety and volume of endpoints. They’re also vital for safeguarding the shifting sea of vulnerability due to mobile platforms and hybrid working which rely on high-speed access to large data sets. That’s simply too much ground to cover for humans alone.
So, in 2023 cybersecurity teams will be embracing the same AI and ML capabilities that their attackers are using. Specifically, tools that detect and fix non-compliant systems, optimise workflows and patch technology stacks in real time. In addition, AI and ML can help make data repositories and infrastructure more resilient by automating detection and responses to malicious encryption.
5. Don’t be the weakest link
Supply chain cybercrime is set to grow fast in 2023. This is where cybercriminals exploit trusted relationships between an organisation and third parties like partners, vendors and software providers. One compromised organisation at a time, you’re only as strong as the weakest link in your supply chain. Access inside one organisation can lead to multiple attacks, especially where others have poor security postures.
When this type of ‘backdoor code’ hit the headlines in 2020 at the software firm SolarWinds, it was then discovered that more than 18,000 organisations had been subsequently impacted. This pattern of supply chain attacks and how they can quickly amplify reach and impact of a single attack will continue to mark them out as significant and costly threats in 2023.
Key defences are to minimise access to sensitive data, and limit the use of employee-owned and unknown ‘shadow IT’ devices on the network. Many are implementing a zero-trust architecture where all activities are assumed to be malicious by default. This shifts the focus toward users, assets and resources to mitigate the risks from decentralised data. Other emerging protections in 2023 include honeytokens. These are fake resources posing as sensitive data that alert the organisation being targeted when attackers interact with these decoys.
6. Deliver cloud services with confidence
While cloud security has vastly improved, the fact that cloud computing is now the heart of every modern business is a viable foot-in-the-door for attackers. For example, cloud infrastructure was a way-in for the OMIGOD attack. This vulnerability exploited Microsoft’s Open Management Infrastructure and Azure virtual machines which put 65% of Azure customers at risk before it was patched.
In the cloud, organisations are increasingly responsible for safely storing and managing data. This creates monumental challenges around the visibility and control of technology platforms, especially in multicloud environments and across data lakes which integrate digital information and assets. In the cloud, there are inherent risks to collecting more data, centralising, storing and providing access to a wider range of people and third parties.
Cloud services and applications will continue to be targets. That’s why embedding security into the design of software is increasingly vital. A secure software development life cycle (SSDLC) puts security and technology risk teams in close collaboration with developers at every stage of production. This also goes hand in hand with a continuous application security approach that monitors the entire application attack surface in live, web-facing environments.
Moving from awareness to action
Attackers will continue to exploit tried-and-tested attacks while exploiting the vulnerabilities that new technologies introduce. SIRE is already helping clients to simplify cybersecurity strategy in ways that help them quickly identify, investigate, and mitigate potential threats.
For 2023 and beyond, that means understanding the cybersecurity complexities within your organisation and adopting a clear plan on how to respond to security incidents. Alongside our expertise, we can also help you harness the latest AI and ML tools to integrate security architecture, automate threat prevention and accelerate your response to cyberthreats across your IT environment.