Expect increased global attacks on businesses, stricter government regulations and more security consolidation

CISOs had to deal with a lot in 2022. Global attacks increased by 28% in the third quarter of 2022 compared to same period in 2021, and the average weekly attacks per organization worldwide reached over 1,130. As we look ahead to 2023, that trend shows no signs of slowing down with increases in ransomware exploits and state-mobilized hacktivism driven by international conflicts. At the same time, organizations’ security teams and CISOs will face growing pressure as the global cyber workforce gap of 3.4 million employees widens further, and governments introduce stricter cyber regulations to protect citizens against breaches.

In 2022, cyber criminals and state-linked threat actors continued to exploit organizations’ hybrid working practices as businesses shifted to decentralized workforces, and the increase in these attacks is showing no signs of slowing down as the Russia – Ukraine conflict continues to have a profound impact globally. Organizations need to consolidate and automate their security infrastructure to enable them to better monitor and manage their attack surfaces and prevent all types of threat with less complexity and less demand on staff resources.

Hikes in destructive malware and impactful hacking exploits

• No respite from ransomware: this was the leading threat to organizations in the first half of 2022, and the ransomware ecosystem will continue to evolve and grow with smaller, more agile criminal groups forming to evade law enforcement.
• Compromising collaboration tools: while phishing attempts against business and personal email accounts are an everyday threat, in 2023 criminals will widen their aim to target business collaboration tools such as Slack, Teams, OneDrive and Google Drive with phishing exploits. These are a rich source of sensitive data given most organizations’ employees often continue to work remotely.

• State-mobilized hacktivism: In the past year, hacktivism has evolved from social groups with fluid agendas (such as Anonymous) to state affiliated groups that are more organized, structured and sophisticated. Such groups have attacked targets in the US, Germany, Italy, Norway, Finland, Poland and Japan recently, and these ideological attacks will continue to grow in 2023.
• Weaponizing deepfakes: In October 2022, a deepfake of U.S. President Joe Biden singing ‘Baby Shark’ instead of the national anthem was circulated widely. Was this a joke, or an attempt to influence the important U.S. mid-term elections? Deepfakes technology will be increasingly used to target and manipulate opinions, or to trick employees into giving up access credentials.

Cloud-based and IoT solutions – “Vulnerable by design” affects business attack vectors

• Cloud gets more complicated: It is clear that the increased use of cloud based and IoT solutions has presented new challenges for security professionals. With less control and visibility over where data is stored and how it is accessed, it can be difficult to ensure that access to sensitive information is properly secured. This is especially true in industries like healthcare and manufacturing, where IoT-based sensors and devices are becoming more prevalent. Additionally, the use of devices such as cameras, printers, and smart TVs for video conferencing have introduced new vulnerabilities. Overall, it is important for organizations to take steps to ensure the security of their cloud based and IoT systems as they will continue to be central and trendier pieces of any IT environment, including implementing proper access controls and regularly monitoring for potential vulnerabilities.

Governments step up measures to protect citizens and organizations

• New laws around data breaches: the breach at Australian telco Optus has driven the country’s government to introduce new data breach regulations to protect customers against subsequent fraud, with new laws introduced lifting maximum penalties for serious or repeated breaches from the current A$2.22million to the greater of A$50 million. Similar measures by the British Government were introduced with a new mandatory reporting obligation on MSPs (Managed Service Providers) to disclose cyber incidents or be fined £17 million for non-compliance. In Australia, the government is also considering imposing a ban on ransoms to cybercriminals leading other national governments to possibly follow this example in 2023, in addition to existing measures such as GDPR.
• New national cybercrime task forces: More governments will follow Singapore’s example of setting up inter-agency task forces to counter ransomware and cybercrime, bringing businesses, state departments and law enforcement together to combat the growing threat to commerce and consumers. These efforts are partially a result of questions over whether the cyber-insurance sector can be relied upon as a safety net for cyber incidents. The EU has also strengthened its cybersecurity and resilience with its new directive, NIS2. NIS2 will set the baseline for risk management and reporting across all sectors including energy, health and critical infrastructure.
• Mandating security and privacy by design: The automotive industry has already moved to introduce measures to protect the data of vehicle owners. This example will be followed in other areas of consumer goods that store and process data, holding manufacturers accountable for vulnerabilities in their products.

Zero-day vulnerabilities in supply chain and software code can be exploited, destroying day-to-day business operations

• Zero-day vulnerabilities continue to plague businesses: While these vulnerabilities are typically discovered and patched by white hat hackers before they are made public, they can be easily exploited once they are found. This has not happened yet, as most threat actors are more interested in exploiting vulnerabilities that are easier to access. The proxy logon vulnerability, which was discovered last year, is still the most exploited vulnerability simply because it is effective. However, if a threat actor were to find and exploit a zero-day vulnerability before it was patched, the damage could be devastating and destructive. Until recently, there have not been many threat actors with the motivation to take down as many networks as possible, but the current climate of chaos and changing motivations may lead to more attempts to exploit such zero-day vulnerabilities. Patching and keeping software up to date is a critical mission.

CONSOLIDATION AS A SOLUTION TO EVOLVING CORPORATE CYBER CHALLENGES

• Cutting complexity to reduce risks: Organizations have more complex, distributed networks and cloud deployments than ever before because of the pandemic. With so many elements to consider, security teams need to consolidate their IT and security infrastructures to improve their defenses and reduce their workload to help them stay ahead of threats. The statistics speak for themselves, where over two-thirds of CISOs stated that working with fewer vendors’ solutions would increase their company’s security. Security teams need to consolidate their IT and security infrastructures to improve their defenses and reduce their workload to help them stay ahead of threats.