2023 INSIGHTS FOR CISOs: DISRUPTION AND DESTRUCTION

Expect increased global attacks on businesses, stricter government regulations and more security consolidation

CISOs had to deal with a lot in 2022. Global attacks increased by 28% in the third quarter of 2022 compared to same period in 2021, and the average weekly attacks per organization worldwide reached over 1,130. As we look ahead to 2023, that trend shows no signs of slowing down with increases in ransomware exploits and state-mobilized hacktivism driven by international conflicts. At the same time, organizations’ security teams and CISOs will face growing pressure as the global cyber workforce gap of 3.4 million employees widens further, and governments introduce stricter cyber regulations to protect citizens against breaches.

In 2022, cyber criminals and state-linked threat actors continued to exploit organizations’ hybrid working practices as businesses shifted to decentralized workforces, and the increase in these attacks is showing no signs of slowing down as the Russia – Ukraine conflict continues to have a profound impact globally. Organizations need to consolidate and automate their security infrastructure to enable them to better monitor and manage their attack surfaces and prevent all types of threat with less complexity and less demand on staff resources.

BACK TO TOP

2023 Insights: What should CISOs be looking out for, and what does it mean for your organisation?

Hikes in destructive malware and impactful hacking exploits

  • No respite from ransomware: this was the leading threat to organizations in the first half of 2022, and the ransomware ecosystem will continue to evolve and grow with smaller, more agile criminal groups forming to evade law enforcement.
  • Compromising collaboration tools: while phishing attempts against business and personal email accounts are an everyday threat, in 2023 criminals will widen their aim to target business collaboration tools such as Slack, Teams, OneDrive and Google Drive with phishing exploits. These are a rich source of sensitive data given most organizations’ employees often continue to work remotely.
BACK TO TOP

Ransomware threat actors will continue to carry out double extortions – encrypting network and sending out the data – as big money comes from the data breach. But we will also start to see more attacks where extortion is only related to a data breach with no encryption taking place, meaning that whilst the data is stolen, it can still be used.

Maya Horowitz,
Vice President, Research, Check Point Software Technologies

Ransomware threat actors will continue to carry out double extortions – encrypting network and sending out the data – as big money comes from the data breach. But we will also start to see more attacks where extortion is only related to a data breach with no encryption taking place, meaning that whilst the data is stolen, it can still be used.

With the move to collaboration tools such as Slack and Teams over the pandemic period, there will be an increase of attacks using these platforms. Most attacks so far have been via email, but it could happen through any application or via services that use the same logins. There is a perception that Teams is impervious to attack, which means users are loose with sharing data and personal information, but this is not the case. Business Email compromise has resulted in $2.4B in losses, but in reality, perhaps it should be renamed business collaboration compromise.

Jeremy Fuchs,
Researcher/Analyst, Avanan (a Check Point Software Company)
BACK TO TOP

Hacktivism and deepfakes evolve with attacks on national organisations and government agencies

  • State-mobilized hacktivism: In the past year, hacktivism has evolved from social groups with fluid agendas (such as Anonymous) to state affiliated groups that are more organized, structured and sophisticated. Such groups have attacked targets in the US, Germany, Italy, Norway, Finland, Poland and Japan recently, and these ideological attacks will continue to grow in 2023.
  • Weaponizing deepfakes: In October 2022, a deepfake of U.S. President Joe Biden singing ‘Baby Shark’ instead of the national anthem was circulated widely. Was this a joke, or an attempt to influence the important U.S. mid-term elections? Deepfakes technology will be increasingly used to target and manipulate opinions, or to trick employees into giving up access credentials.

The lines between nation state actors, cybercriminals and hacktivists will continue to blur. We will see more hacktivists groups in support of nation-state narratives, and nation-state actors learning techniques from veteran cybercriminals. All of this makes it harder to attribute attacks to any one group, so organizations will have to build proper cyber protections against all types of threat actors.

Sergey Shykevich,
Threat Intelligence Group Manager, Check Point Software Technologies
BACK TO TOP

Cloud-based and IoT solutions – “Vulnerable by design” affects business attack vectors

  • Cloud gets more complicated: It is clear that the increased use of cloud based and IoT solutions has presented new challenges for security professionals. With less control and visibility over where data is stored and how it is accessed, it can be difficult to ensure that access to sensitive information is properly secured. This is especially true in industries like healthcare and manufacturing, where IoT-based sensors and devices are becoming more prevalent. Additionally, the use of devices such as cameras, printers, and smart TVs for video conferencing have introduced new vulnerabilities. Overall, it is important for organizations to take steps to ensure the security of their cloud based and IoT systems as they will continue to be central and trendier pieces of any IT environment, including implementing proper access controls and regularly monitoring for potential vulnerabilities.

Vulnerability exploitation is prevalent as attackers are exceptionally quick at finding holes in well-known products widely used by organizations. That is why it is important to patch, patch, patch and keep up with updates as a minimum, as these simple security measures are usually overlooked.

Muhammad Yahya Patel,
Global Cybersecurity Evangelist, Check Point Software Technologies
BACK TO TOP

I expect to see cloud transformation slow down due to cost and complexity, with many companies considering the action of bringing workloads back in-house, or at least to private data centers. This could help in reducing the overall threat surface.

Deryck Mitchelson,
Field CISO EMEA, Check Point Software Technologies

Governments step up measures to protect citizens and organizations

  • New laws around data breaches: the breach at Australian telco Optus has driven the country’s government to introduce new data breach regulations to protect customers against subsequent fraud, with new laws introduced lifting maximum penalties for serious or repeated breaches from the current A$2.22million to the greater of A$50 million. Similar measures by the British Government were introduced with a new mandatory reporting obligation on MSPs (Managed Service Providers) to disclose cyber incidents or be fined £17 million for non-compliance. In Australia, the government is also considering imposing a ban on ransoms to cybercriminals leading other national governments to possibly follow this example in 2023, in addition to existing measures such as GDPR.
  • New national cybercrime task forces: More governments will follow Singapore’s example of setting up inter-agency task forces to counter ransomware and cybercrime, bringing businesses, state departments and law enforcement together to combat the growing threat to commerce and consumers. These efforts are partially a result of questions over whether the cyber-insurance sector can be relied upon as a safety net for cyber incidents. The EU has also strengthened its cybersecurity and resilience with its new directive, NIS2. NIS2 will set the baseline for risk management and reporting across all sectors including energy, health and critical infrastructure.
  • Mandating security and privacy by design: The automotive industry has already moved to introduce measures to protect the data of vehicle owners. This example will be followed in other areas of consumer goods that store and process data, holding manufacturers accountable for vulnerabilities in their products.
BACK TO TOP

To prevent highly sensitive data from falling into the wrong hands, CISOs must focus on understanding where the organizations’ crown jewels are stored, including within 3rd party systems. CISOs should take into consideration who and what has access to their data, think APIs, and prioritize Zero Trust implementation. This means enforcing the principle of least privilege so that users and systems are granted the bare minimum access to resources, to do their job.

Ashwin Ram,
Cybersecurity Evangelist, Check Point Software Technologies

Attacks on critical infrastructure will continue to increase with threat actors becoming more shameless, though they will be more difficult to conduct and require special tools. Key sectors such as energy, telecommunications and healthcare are targeted because they have so much to lose, and are more likely to pay. Though attacks on the education sector is random, attacks will continue because of how the networks are built.

Maya Horowitz,
Vice President, Research, Check Point Software Technologies
BACK TO TOP

Zero-day vulnerabilities in supply chain and software code can be exploited, destroying day-to-day business operations

  • Zero-day vulnerabilities continue to plague businesses: While these vulnerabilities are typically discovered and patched by white hat hackers before they are made public, they can be easily exploited once they are found. This has not happened yet, as most threat actors are more interested in exploiting vulnerabilities that are easier to access. The proxy logon vulnerability, which was discovered last year, is still the most exploited vulnerability simply because it is effective. However, if a threat actor were to find and exploit a zero-day vulnerability before it was patched, the damage could be devastating and destructive. Until recently, there have not been many threat actors with the motivation to take down as many networks as possible, but the current climate of chaos and changing motivations may lead to more attempts to exploit such zero-day vulnerabilities. Patching and keeping software up to date is a critical mission.

Supply Chain Attacks and breaches will continue accelerating over the next year. Most companies do not do a good enough job with managing the risk of the components they are using and do not have visibility into their SBOM nor a complete strategy, much less an understanding of where the gaps are.

Pete Nicoletti,
Field CISO, Americas, Check Point Software Technologies
BACK TO TOP

CONSOLIDATION AS A SOLUTION TO EVOLVING CORPORATE CYBER CHALLENGES

  • Cutting complexity to reduce risks: Organizations have more complex, distributed networks and cloud deployments than ever before because of the pandemic. With so many elements to consider, security teams need to consolidate their IT and security infrastructures to improve their defenses and reduce their workload to help them stay ahead of threats. The statistics speak for themselves, where over two-thirds of CISOs stated that working with fewer vendors’ solutions would increase their company’s security. Security teams need to consolidate their IT and security infrastructures to improve their defenses and reduce their workload to help them stay ahead of threats.

The industry as a whole has made great strides in decreasing the number of solutions to reduce the complexity. Historically companies were using 15-17 solutions. Now CISOs are trying to cut down the number of solutions to reduce complexity, leading the industry to turn to consolidation as an answer. We suggest a management dashboard that allows security professionals to reduce the level of complexity when dealing with security issues.

Jonathan ‘Jony’ Fischbein,
CISO, Check Point Software Technologies
BACK TO TOP

Consolidation will become a “real” priority in 2023, especially as businesses look to remove cost, heightened with the much talked about recession, and more importantly, complexity from entire digital and security stack.

Deryck Mitchelson,
Field CISO EMEA, Check Point Software Technologies

Organizations need to consider the new ‘work from home’ realm and how to address security challenges from the hybrid and remote workforce as they may not have as strong a security posture as the organizations they belong to. With these workers leveraging the network, preventing such attacks through these new vector needs to be considered. Consolidating the entire cybersecurity posture would be a step in the right direction.

Antoinette Hodes,
Solutions Architect & Evangelist, EMEA, Check Point Software Technologies
BACK TO TOP