CISOs had to deal with a lot in 2022. Global attacks increased by 28% in the third quarter of 2022 compared to same period in 2021, and the average weekly attacks per organization worldwide reached over 1,130. As we look ahead to 2023, that trend shows no signs of slowing down with increases in ransomware exploits and state-mobilized hacktivism driven by international conflicts. At the same time, organizations’ security teams and CISOs will face growing pressure as the global cyber workforce gap of 3.4 million employees widens further, and governments introduce stricter cyber regulations to protect citizens against breaches.
In 2022, cyber criminals and state-linked threat actors continued to exploit organizations’ hybrid working practices as businesses shifted to decentralized workforces, and the increase in these attacks is showing no signs of slowing down as the Russia – Ukraine conflict continues to have a profound impact globally. Organizations need to consolidate and automate their security infrastructure to enable them to better monitor and manage their attack surfaces and prevent all types of threat with less complexity and less demand on staff resources.
Ransomware threat actors will continue to carry out double extortions – encrypting network and sending out the data – as big money comes from the data breach. But we will also start to see more attacks where extortion is only related to a data breach with no encryption taking place, meaning that whilst the data is stolen, it can still be used.
Ransomware threat actors will continue to carry out double extortions – encrypting network and sending out the data – as big money comes from the data breach. But we will also start to see more attacks where extortion is only related to a data breach with no encryption taking place, meaning that whilst the data is stolen, it can still be used.
With the move to collaboration tools such as Slack and Teams over the pandemic period, there will be an increase of attacks using these platforms. Most attacks so far have been via email, but it could happen through any application or via services that use the same logins. There is a perception that Teams is impervious to attack, which means users are loose with sharing data and personal information, but this is not the case. Business Email compromise has resulted in $2.4B in losses, but in reality, perhaps it should be renamed business collaboration compromise.
The lines between nation state actors, cybercriminals and hacktivists will continue to blur. We will see more hacktivists groups in support of nation-state narratives, and nation-state actors learning techniques from veteran cybercriminals. All of this makes it harder to attribute attacks to any one group, so organizations will have to build proper cyber protections against all types of threat actors.
Vulnerability exploitation is prevalent as attackers are exceptionally quick at finding holes in well-known products widely used by organizations. That is why it is important to patch, patch, patch and keep up with updates as a minimum, as these simple security measures are usually overlooked.
I expect to see cloud transformation slow down due to cost and complexity, with many companies considering the action of bringing workloads back in-house, or at least to private data centers. This could help in reducing the overall threat surface.
To prevent highly sensitive data from falling into the wrong hands, CISOs must focus on understanding where the organizations’ crown jewels are stored, including within 3rd party systems. CISOs should take into consideration who and what has access to their data, think APIs, and prioritize Zero Trust implementation. This means enforcing the principle of least privilege so that users and systems are granted the bare minimum access to resources, to do their job.
Attacks on critical infrastructure will continue to increase with threat actors becoming more shameless, though they will be more difficult to conduct and require special tools. Key sectors such as energy, telecommunications and healthcare are targeted because they have so much to lose, and are more likely to pay. Though attacks on the education sector is random, attacks will continue because of how the networks are built.
Supply Chain Attacks and breaches will continue accelerating over the next year. Most companies do not do a good enough job with managing the risk of the components they are using and do not have visibility into their SBOM nor a complete strategy, much less an understanding of where the gaps are.
The industry as a whole has made great strides in decreasing the number of solutions to reduce the complexity. Historically companies were using 15-17 solutions. Now CISOs are trying to cut down the number of solutions to reduce complexity, leading the industry to turn to consolidation as an answer. We suggest a management dashboard that allows security professionals to reduce the level of complexity when dealing with security issues.
Consolidation will become a “real” priority in 2023, especially as businesses look to remove cost, heightened with the much talked about recession, and more importantly, complexity from entire digital and security stack.
Organizations need to consider the new ‘work from home’ realm and how to address security challenges from the hybrid and remote workforce as they may not have as strong a security posture as the organizations they belong to. With these workers leveraging the network, preventing such attacks through these new vector needs to be considered. Consolidating the entire cybersecurity posture would be a step in the right direction.