CyberheistNews Vol 12 #52 | December 28th, 2022
To start off I’m repeating the tradition of my same New Year’s wish as a newsletter editor since 1996: “A world without war, crime and insanity, where honest people can flourish, prosper and reach greater heights”.
At the end of the year I spend a few days reading all the IT security pundit’s 2023 predictions and synthesize them with my own perspective. The Crystal Ball editorial is the shortest of the year and takes the longest to write, but it’s fun.
President Ronald Reagan once said, “The future doesn’t belong to the fainthearted; it belongs to the brave.” Sci-fi writer William Gibson added a few decades later: “The future is already here, it’s just unevenly distributed.” So, what will come next in our world of cybersecurity as we head into 2023?
The industry as a whole covered the following topics: This year will bring significant shifts to the world of cybersecurity. We could very well see a barrage of nation-state cyberattacks inspired by Ukraine’s hybrid hot- and cyberwar, an increase in MFA attacks, innovative strikes against drones and space vehicles, and skyrocketing social engineering attacking social media with deepfakes.
As the reach of hacktivism continues to expand, organizations are being compelled to look beyond endpoint solutions and invest in new “umbrella” platforms like XDR, Managed XDR and HDR that can help them manage increasing Infosec complexities. Furthermore, ransomware is expected to remain a major threat as malicious actors experiment with new, even more damaging forms. We must be especially vigilant when it comes to emerging technologies such as self-driving automobiles, humanoid robots or the Metaverse that highly likely will provide cyber criminals with new attack surfaces. It is sure to be an eventful 2023.
As usual, I’m donning my asbestos undies, so you can safely flame my poor behind after reading the new 2023 predictions. Good riddance of ‘annus horribilis’ 2022 which was the year of permacrisis.
- A shift in focus to create a culture of security and resilience versus compliance and breach-prevention, as identity and authentication attacks will remain a constant threat.
- Dramatic rise of purely destructive attacks by APTs, as techniques of cyberwar will come to commercial cybercrime.
- Shapeshifting ransomware business models will become a bigger avenue for data theft and blackmail, EU possibly overtaking US as most-targeted.
- MFA adoption fuels a surge in social engineering, BEC and weaponized deepfakes will take new forms, social engineers set their sights on ICS systems.
- A Foundational Model for Adversarial AI will make it in the mainstream. Have you played with GPTChat? The coming GPT-4 will be a killer.
- Mobile Workplace Trends (gaming, LinkedIn, WhatsApp, Signal, Snapchat) create ever larger attack surfaces enabling lateral penetrations.
- Innovative Crime-as-a-Service players make major inroads.
- Cyber Insurers verticalize their already increased security requirements, both premiums and outright rejections skyrocket.
- Macro-economic pressures and the coming 2023 Recession expose weaknesses and increase systemic infosec risk.
- The fragility of crypto infosec will cause the mother of all breaches, undermining it as a whole, and spur central banks to roll out digital currencies. Search for CBDC and shiver.
In “The Big Lessons From History”, financial writer Morgan Housel sums it up succinctly: “Risk is what you don’t see,” and “The riskiest stuff is always what you don’t see coming.” All the more reason to keep your eyes peeled and send monthly simulated phishing tests to keep your users on their toes!