2023 Cybersecurity Predictions
Remote working is dead. Long live hybrid working!
As we move into 2023, organizations increasingly recognize the need for hybrid working models. With this shift, security teams need to consider the implications of having a workforce that alternates between being physically present and working remotely.
First, VPNs and remote access will become a larger target for cyberattacks. Businesses need to ensure they’re properly implementing strong authentication mechanisms and access control policies.
The user remains to be the weak point in your defense. Moreover, because people are physically isolated from their colleagues, they become easier targets for social engineering attacks.
With fewer distinctions between work and personal devices, businesses must increasingly focus on user behavior. It is becoming more and more crucial to ensure that employees follow best practices when accessing sensitive data or communicating with colleagues. This includes implementing training programs, conducting regular security assessments, and using multi-factor authentication to keep accounts secure.
To mitigate risks, organizations must make sure their cyber defenses are adapted to cover both environments. Yet, for many organizations, questions on how to securely manage a hybrid workforce remain open:
- How are users using and consuming business data?
- Where is that data being stored? Is it encrypted?
- What networks are they using their devices on, and what other devices might also be on the same network? For example, many IoT devices won't have the secure coding that other endpoints do.
- With users owning an increasing number of devices, do all of the devices meet the security and compliance requirements of the business?
- If a device is lost, can we confirm that all company data on that device is secure?
The rise of MFA spamming attacks
In 2022, we have seen a substantial increase in the number of breached and leaked passwords. Our database of unique breached passwords has nearly doubled in size from 2.7 billion to 4 billion in 2022. Stolen credentials are, unfortunately, still a highly profitable commodity on the underground market. When used in conjunction with poor MFA choices, this creates a major security vulnerability.
Attacks relying on MFA fatigue also seem to be increasing. MFA Spamming (spamming users with authentication requests) is becoming increasingly common, with attacks like the one on Uber using this method to gain remote access.
We expect a rise in these types of attacks in 2023, ranging from simple to sophisticated. Picking the right MFA solution will be more important than ever.
Cybersecurity asset and attack surface management
Asset management, or the ability to keep track of all vulnerable assets and their exposure to risks, is a key security issue for 2023.
For years, organizations believed that the CMDB was the most reliable source of truth. However, this could not be further from reality. With the rise of cloud computing, it's now possible for Internet-accessible resources to be set up within minutes by departments such as Marketing or Development. This infrastructure expands outside the usual IT security processes, making it difficult to track and secure them. As a result, CMDBs are often incomplete, inaccurate, and difficult to manage, leading to increased risk exposure.
Poor asset management practices dramatically increase the attack surface and the chances that threat actors can find their way in. More often than not, the best way for attackers to break into a system is by finding assets that nobody knew existed. This can be anything from servers that were supposed to be shut down, laptops with outdated software, applications missing patches or open ports, or user accounts secured with weak passwords.
In light of the complex and ever-changing nature of IT environments, a more sophisticated approach to asset management is needed – one that considers all assets, from legacy systems to cloud services and apps to IoT devices. Cybersecurity teams will have to find ways to scan for new assets and threats in real-time, and map out the impact of these threats on their networks.
Serverless security issues on the rise
The growth of serverless workloads will increase the attack surface as serverless applications consume data from various event sources. These sources can use complex message structures and potentially introduce security risks if not properly validated.
Additionally, serverless architectures often depend on APIs and services from vendors that may not have the same security processes in place as your organization. This can create further issues if a vulnerable third-party application is connected to your serverless architecture.
As serverless computing progresses from the realm of cloud security to the domain of application security, organizations need to be aware of the potential security risks.
The economic downturn fuels sophisticated fraud
With people's disposable incomes shrinking and inflation rising, the economic downturn provides the perfect opportunity for organized crime groups and malicious actors to increase their fraud activity.
From simple scams to much more sophisticated ransomware extortion schemes, fraud is becoming an increasingly pressing problem. Criminals constantly develop new ways to defraud the public, most likely to cover the skyrocketing costs of bitcoin farms (which require a lot of electricity and resources).
Governments, challenged for liquidity, are forced to take stronger measures against fraud. This means more regulatory scrutiny and less leniency for organizations that don't comply with security regulations.
As cybercrime becomes more prevalent, the general public is now more informed on how to protect themselves from becoming victims of fraud. This rise in public awareness forces criminals, like ransomware groups, to devise even more elaborate ways to trick people, making it increasingly difficult to stay ahead of the game.
Cyber Risk Quantification
We see the rise of CRQ as the culmination of three interrelated trends:
- Operational: With an increase in alerts and risks, security teams are struggling to prioritize their work efficiently. To protect the business, it's essential that they focus on high-risk tasks first.
- Strategic: Vulnerabilities have a significant financial impact on companies and are now taken seriously by people in leadership positions, from C-level to board of directors. Having a tool that can demonstrate risk profile without going into highly-technical details is critical.
- Foresight: The rise of cyber assurance, which cannot work without risk quantification.
Risk management is often thought of as being slow, bureaucratic, and based on yearly cycles. However, the landscape is changing rapidly, with new threats emerging all the time. In order to be prepared for the future, security teams need better tools, deeper intelligence and performant risk assessments--ideally assisted by AI.
Threat intelligence evolution
The ISO standards for information security had their first large overhaul in almost a decade. As most of us know, risk management is at the core of these standards, but there are also other aspects, such as structured improvement and clear organization roles and responsibilities.
The section discussing the controls organizations are encouraged to pick from in order to manage their risks has had a major overhaul. Amongst the most important updates is the introduction of threat intelligence.
The reason threat intelligence is playing an ever-increasing role is that the cyber threat landscape has changed and matured over time, with security teams facing an ongoing battle against highly-skilled and evolving opponents.
To beat the bad guys, we need to outsmart them. We use anti-malware software and IDS/IPS systems to detect their tools and activities. But that's not enough.
To stay ahead of the game, we must understand how they think and operate. That starts with how we structure our work, train our staff, prioritize other controls, etc. What other controls do we prioritize, and what do we need to be able to detect and be extra vigilant about?
Vulnerability management professionals know that there will always be a shortage of skilled workers in the security field. As such, we will come to rely heavily on extelligence - intelligence from sources external to our own groups, to inform our work.
So, in 2023, threat intelligence will become more important than ever. We must have the right people with the right skills to get the most out of advanced tools.
Bottomline: cyber hygiene and the importance of prioritization
In 2023, the security community must pay more attention to cyber hygiene. Cyber hygiene is the practice of regularly and consistently following basic security best practices. Although cyber hygiene is often seen as mundane, it remains one of the most effective ways to protect against common threats – and reduce the swelling cost of your cybersecurity insurance premium.
Given the current state of global and geo-political affairs, we anticipate a significant increase in attacks from various sources. These could include individuals, terror groups, militant activists, and state-sponsored actors targeting businesses such as financial institutions or hacktivists targeting high-carbon generators like energy and airline companies.
To stay ahead, organizations must focus on cyber threat intelligence gathering and attack surface management to reduce their risk profile. Working smarter and being more efficient will continue to be important, and those who struggle in these areas will be at a significant disadvantage. Furthermore, our decision-making process of what tasks take priority should be based on risk factors, and the efficiency of mitigating said risks.
The current crop of named vulnerabilities isn't going anywhere soon. Cyber defenders need to get used to sifting through them and figuring out which ones are actually a priority.
Learning which things need to be prioritized can be useful. However, it's easy to exaggerate the importance of certain things or overlook others (e.g., unnamed vulnerabilities) entirely. But it's also important to remember that nameless vulnerabilities can be just as (if not more) dangerous.
See how Outpost24 can prepare you for 2023 with a complete view of your attack surface and threats targeting your organization. Speak to our experts today.
Our 2023 cybersecurity predictions are from a panel of Outpost24 experts;
- John Stock, Product Manager, Outpost24
- Martin Jartelius, CISO, Outpost24
- Sergio Loureiro, Director of Product Management, Outpost24
- Darren James, Head of IT, Specops Software, an Outpost24 company