In 2022, ransomware continued to reign king and became one of the most common and dangerous threats facing healthcare organisations and software supply chains.
By Greg Day, vice-president and EMEA field CISO at Cybereason
The war on Ukraine created heightened concern over zero-day threats wreaking havoc for organisations worldwide. The cyber gang Conti, with Russian-linked ties, managed to disrupt financial operations throughout Costa Rica, and it seems there is no end in sight to the hacking group Lapsus$, which has proven itself to be a formidable threat actor.
So, what’s next for cybersecurity in 2023? Here’s what I expect we’ll see in the year ahead:
- Increased cloud credential attacks, unless… The big shift to SaaS has fragmented more than a decade’s worth of work to simplify and consolidate corporate Identity and Access Management (IAM) systems. What’s more, many new SaaS applications don’t integrate with organisations’ existing single sign-on (SSO) solutions, yet organisations continue to accelerate adoption of new SaaS software, even without the security controls of SSO. Consequently, adversaries will increasingly focus on finding these weaker access points (new SaaS applications) to gain access to corporate and personal data, unless IT and Security departments manage to get IAM back under control.
- Deepfakes play a larger role in blended attacks. In recent years, we have seen the increased success of blended attacks that combine social engineering tactics with malicious links, for example. With end users becoming more aware of social engineering, we can expect more sophisticated attackers will increasingly turn to deepfakes to trick end users into clicking on malicious links, downloading infecting files, and the like. It won’t be long before deepfakes become yet another common and core element of the blended attacks being used in the cybercrime kill chain.
- The fifth generation of ransomware emerges. A recent report by Cybereason found that 73% of organisations suffered at least one ransomware attack in 2022, compared with just 55% in 2021. As the world reaches saturation of ransomware, adversaries will explore new methods to get money from the same victims. This will be the fifth generation of ransomware.
- Lawmakers refocus regulation. Regulation comes with a long list of pros, cons, and everything in between, as we learned in the most recent report from the Cyber Defenders Council. In the coming year, regulation in the EU will have more of an emphasis on ensuring businesses have truly identified and remediated breaches. This regulatory focus will close the gap between shutting the attack door in the immediate aftermath of an incident and understanding the attack’s impact. In the US, regulatory bodies like the SEC are taking a different approach, one that focuses on enhancing cyber risk reporting and board-level governance.
- Ransomware will test cloud storage access controls Cloud storage can give organisations a significant data protection advantage, along with more flexible recovery options. But as ransomware moves from the endpoint to target cloud-only spaces, it creates new risks for organisations, especially those that accelerated cloud adoption during the pandemic and lost sight of where sensitive data lives and who has access to it. This creates weaker credential management, leaving room for ransomware to infiltrate.
- Cyberattacks will be transferable between smart devices. The typical cyberattack moves from hacker to device, but 2023 may bring the first cyberattack that jumps between smart devices, including smart cars. We haven’t seen the in-smart environment replication just yet, but with the pace of innovation, a smart car attack could be riding shotgun to the vehicle next to you.
- The risk of a significant attack on critical national infrastructure rises. As both direct and indirect cyber warfare domains grow, so too does the potential for a substantial cyberattack, most likely in an area such as the energy space. I see this risk most presently in EMEA, but it’s certainly top of mind among cybersecurity and national defense experts globally.
- Burnout will impact cyber resilience. Security teams around the world have been working long hours from home, adapting their organisation’s security posture to support all the shifts in key business systems. In an industry that is still facing a massive skills shortage, we shouldn’t be surprised if burnout impacts security teams’ ability to maintain the round-the-clock coverage required to respond to a crisis in a timely fashion.
- Security leaders will need to develop new strategies for supply chain threats. The standard due diligence and security assessments that CSOs have performed on third parties is no longer adequate given the escalating frequency and impact of supply chain attacks. Regulations like the EU NIS Directive 2.0 and cyber insurance providers are forcing companies to conduct more frequent and dynamic assessments of their supply chain risk and to better control the access third parties have to their networks.