Pages

27 December 2022

The Top 23 Security Predictions for 2023 (Part 1)

Dan Lohrmann

President Ronald Reagan once said, “The future doesn’t belong to the fainthearted; it belongs to the brave.”

So what will come next in our world of cybersecurity as we head into 2023? What will be hot, and what will not?

That’s what this annual security prediction roundup will cover, from the perspective of the top cybersecurity industry companies, thought leaders, tech executives and journalists. Every year I catalog and rank the best reports in the cyber industry to see who has made a top New Year’s security prediction list and checked it twice.


This year there are so many good predictions that we’ve split the list into two parts. Look for part 2 to post next Friday, Dec. 30, but first, let’s start with the top 12.

HOW CAN YOU BENEFIT FROM SECURITY PREDICTIONS?

Back in 2016, I wrote, “Americans love baseball, hotdogs, apple pie and predictions. In fact, if we really like something a lot, and especially if we have a growing interest in some new area of life, it’s not long before we start thinking about what the future holds within that area.”

And just as in the last few years, there are more cybersecurity predictions for next year than ever before — cybersecurity now touches virtually every area of life.

The best security prediction reports do much more than just make educated guesses at what might happen in the next year or two. The top 23 security predictions for 2023 examine the vendors who study global security incident trends, analyze what’s working and what’s not, examine new cyber solution alternatives, and use science and data to gaze into the future and make forecasts.

Here are just a few ways that we can benefit from reading the details in security prediction reports:

Gain industry knowledge, understand overall trends and expand your horizons beyond one stovepipe or topic.
Use the free advice, direction, insights and annual reports provided by many.
Use predictions as an opportunity to educate others.
No doubt, some people will say things like, “Nothing will change — 2023 will be just like 2022, only worse.” But the reality is that everything is changing rapidly. The public and private sectors must adapt faster now more than ever before to evolving cyber threats and new digital risks. This report can help with that education.

RECAPPING 2022’S PREDICITONS

Before we look at 2023, many readers may want to know what was predicted for 2022. Here were some of the top cyber prediction themes from last year’s report, “The Top 22 Security Predictions for 2022”:

Cyber threats in space.
A heavy emphasis on operational technology (OT) cybersecurity — vulnerabilities, threats and impacts.
A strong emphasis on cryptocurrencies and crypto wallet security attacks. As bitcoin and other cryptocurrencies rose in 2021, now the bad actors want your bitcoins even more.
More application security vulnerabilities — especially when code is widely used, such as the Log4j vulnerabilities.
Issues created by a lack of talent and vacancies in public- and private-sector organizations — as the talent war gets worse.
Renewed emphasis (but in new ways) on AI, autonomous vehicles, drones and other new technologies being hacked.
Note that security industry vendor acquisitions have changed many of the familiar names, such as the activities with FireEye, McAfee Enterprise and Mandiant.
Disagreements in 2022:
The majority of reports thought ransomware would get worse, but some disagreed and said the bad actors would lay low in 2022 to spend the money they gained in 2021 and avoid nation-state and law enforcement detection.
Where ransomware was predicted to get worse, several reports suggest some will skip the encryption and just demand payment for the release of the stolen data.
A few reports said 2022 would be a turning point — where the good guys turn the corner with government help to dramatically improve cybersecurity. They claimed executive boards now “got it.” These reports were still in the minority though, and most said more damaging data breaches were coming in 2022 than ever before.
While most of the themes on the first list were accurate, ransomware clearly got worse overall, not better. Also, there was no big “turning point” regarding cyber threats diminishing or having less damage.

The big miss by everyone last year was the impact that the war between Russia and Ukraine would have on the global cybersecurity situation. Almost like the COVID-19 pandemic changed the world, the war in Ukraine dominated cybersecurity this past year in various ways, as you can read about in my annual cyber review for 2022.

2023 SECURITY PREDICTION TOP THEMES

This year, the cybersecurity industry predicts:

More cyber insurance issues and assorted (big) changes coming. Many won’t qualify.
More nation-state cyber attacks based on lessons learned from the Ukraine war.
Growing trouble with multifactor authentication (MFA) attacks.
New attacks against space vehicles and drones.
Social media attacks surge, including the use of targeted deepfakes.
Use of public cloud computing and digital transformations grows, along with cyber threats.
More critical infrastructure attacks that impact society.
Hacktivism grows into new areas and becomes a bigger problem.
Enterprises veering away from endpoint solutions and moving towards platforms to reduce complexity.
Ransomware will be back in new, more dangerous, blended forms.
More attacks against non-traditional technology, from cars to toys to smart cities.
Reminder: This ranking covers organizational reports and not just individual predictions. Most reports offer six to 10 predictions, and the top reports group their predictions and themes into categories. Also, the research and details behind each security prediction offer vital context. I urge readers to visit these companies’ websites, read their full prediction reports and see the details on each item. My goal is to point you in the right direction for more details and solution specifics.


THE TOP 23 SECURITY PREDICTIONS REPORTS FOR 2023 FROM SECURITY INDUSTRY COMPANIES

1) Trend Micro once again takes the top prize with their outstanding report entitled FUTURE / TENSE: TREND MICROSECURITY PREDICTIONS FOR 2023.

Trend Micro leads with:

Shapeshifting ransomware business models will become a bigger avenue for data theft and blackmail.
Inconsistent application of cloud technology will hurt enterprises as adoption of new tools increases.
The enterprise perimeter will expand into the home as users become more comfortable in a hybrid work environment.
Social engineering is an evergreen threat — BEC and deepfakes will take new forms.
The hype surrounding digital novelties like NFTs and the metaverse will keep waning, but the blockchain technology on which they’re built is going to be where the real action is.
Attackers will further capitalize on vulnerabilities and intrude through overlooked attack surfaces like open-source software.
Industrial entities will top off their tech stack, but struggle to keep up with staff shortages and vertical regulations.
Enterprises will veer away from the point-solution approach to cybersecurity.
Each of Trend Micro’s points are backed up with a page or more of details, so I recommend reading their report. One thing that sets this report apart is the extensive number of references at the end, which are worth reading.



2) WatchGuard Technologies once again was a close second to Trend Micro, with Watchguard’s 2023 Cybersecurity Predictions.

Here are their top six, with many more details at their custom prediction website:
Insurers Verticalize Their Already Increased Security Requirements
Cybersecurity Evaluation and Validation Becomes a Top Factor in Selecting Vendors and Partners
The First Big Metaverse Hack Affects a Business Through New Productivity Use Cases
MFA Adoption Fuels Surge in Social Engineering
A Novel Robotaxi Hack Will Result in a Dazed and Confused AI Car
AI Coding Tools Introduce Basic Vulnerabilities to New Developers’ Projects
I am always impressed with Watchguard’s creativity and fun videos (two are shown here). As pointed out on their prediction webinar website: “This year, Corey and Marc square-off in a Predictions Challenge, offering different takes on potential hacks and attacks in these categories. Whose predictions will come true … only time will tell!”

3) Kaspersky — Once again Kaspersky offers an abundance of security and privacy predictions for the new year; and once again, their forecasts and predictions are harder to find than many of their competitors. I rank Kaspersky so high on this list due to the huge amount of research and excellent material that is well-researched and timely. They also offer many siloed reports on different topics and in different regions around the world. Finally, they also grade themselves by looking back at what they predicted in the previous year and describe if it happened or not (and how).

Here are a few Kaspersky prediction examples for 2023:

The rise of destructive attacks
Mail servers become priority targets
The next WannaCry
APT targeting turns toward satellite technologies, producers and operators
Hack-and-leak is the new black (and bleak)
More APT groups will move from CobaltStrike to other alternatives
SIGINT-delivered malware
Drone hacking!
Other excellent Kaspersky lists:
Top prediction: Kaspersky experts predict a shift in advanced persistent threat (APT) activity against industrial organizations and OT systems in new industries and locations. The real economy sectors such as agriculture, logistics and transport, the alternative energy sector and the energy sector as a whole, high-tech, pharmaceuticals and medical equipment producers are likely to see more attacks next year. Moreover, traditional targets, such as the military industrial complex, and the government sector will also remain.

Top prediction: Internet balkanization will lead to more diverse (and localized) behavior tracking market and checks on cross-border data transfer.

4) Mandiant — Mandiant was acquired by Google this past year, but they did not scale back their annual security predictions forecast for 2023. There are plenty of excellent Mandiant resources available, if you look in the right places.

Start here to download their Mandiant report for free, which covers topics such as:
More attacks by actors not associated with nation states or organized groups, and that are motivated more by bragging rights than actual financial gain.
More extortion attacks, and the possibility that Europe will overtake the United States as most targeted by ransomware.
Destructive attacks, information operations and other cyber aggression from The Big Four: Russia, China, Iran and North Korea.


If you don’t want to register, but have a (free) BrightTALK account, you can view their Mandiant Cyber Security Forecast 2023 here.

This blog also lays out some of the key Mandiant takeaways from the specific Mandiant forecast items. Here are a few:

Ransomware-as-a-service providers will modernize their software targeted on exfiltration and “leak sites” as the recent trend shows organizations considered mitigating brand names more compelled to pay ransom than to regain access to encrypted data.
As political motivations and nation-states leverage information operation (IO), more third-party organizations will spring up to provide IO services.
Enterprises will shift to password-less authentication as corporate credential theft by cyber criminals has continued to be on the rise.
TAs have shifted to stealing user’s identities as more critical than gaining access to endpoints.
Attackers are following offensive and defensive security research releases to gain more knowledge to execute attacks.
The growing risks of cyber attacks are making it difficult for organizations to be cyber-insured as cyber insurance firms are re-evaluating their risk appetites.
Finally, there are some good takeaways from the Mandiant 2023 forecast report found here. One of them is: “An increase in malicious cyber activity associated with the war in Ukraine and a tendency for Russian hackers to co-opt third party front groups for plausible deniability.”

5) Fortinet continues to improve their cybersecurity prediction report each year, and this year is the best so far. Their “Cyber Threat Predictions for 2023: An Annual Perspective by FortiGuard Labs” in PDF format offers many excellent great insights with references and an analysis of what they predicted last year.

Fortinet Prediction Highlights:

New Crime-as-a-Service Offerings
Money Laundering Gets a Boost from Automation
Virtual Cities Welcome a New Wave of Cybercrime
Wipeout (Wiper Malware will surge)
The Wild West of Web3
Cue the Q-Day Preparations (Quantum Computing threats)
For those who prefer a blog format, visit this Fortinet “Threat Predictions for 2023” website, which includes a YouTube video. Here are two threats highlighted at this Fortinet website:

“The Explosive Growth of CaaS: Given cybercriminals' success with RaaS, we predict that a growing number of additional attack vectors will be made available as a service through the dark web. In addition to the sale of ransomware and other Malware-as-a-Service offerings, we'll also start to see new a-la-carte criminal solutions.

“Money Laundering Meets Machine Learning: We also expect that money laundering will get a boost from automation. Setting up money mule recruitment campaigns has historically been a time-consuming process. We anticipate that cybercriminals will start using machine learning (ML) for recruitment targeting, helping them to identify potential mules better while reducing the time it takes to find these recruits. Over the longer term, we expect that Money Laundering-as-a-Service (LaaS) is also on the horizon, which could quickly become part of the growing CaaS portfolio.”

6) Splunk — Once again, Splunk offers several excellent prediction reports in areas ranging from an executive report to a security report to an ITOps report to a public-sector report in their Predictions 2023: Strategies for Turbulent Times.

The downside of their (free) reports is that you must provide detailed contact information on your company/role in order to download Splunk reports. I really like all of the Splunk reports though, which include multipage writeups on each prediction. I rarely recommend this action, but downloading these Splunk reports (and giving up your contact information to their sales team) is probably worth it in this case.

Here are some Splunk security prediction 2023 highlights:
As ITOps and security tools and data converge, CISOs will take on more responsibility for broad cyber resilience.
Ransomware ain’t going anywhere, but straight-up extortion is also “hot.” And the smartest/biggest ransom bandits won’t take crypto.
The Cybercrime-as-a-Service economy will accelerate the volume and effectiveness of cyberattacks.
The techniques of cyberwar will come to commercial cybercrime. Quickly. And critical infrastructure will be weaponized to disrupt political discourse.
Enterprise misinformation attacks are going to ramp up into a really big problem.
Supply chain attacks will continue, with underfunded and under resourced open source a key vulnerability. SBOMs will soon be a mandatory remediation tool.
Two solutions to the talent crisis: Automation, and diversity of background via a focus on talent (not tech skills). Both are coming.
You can also visit this Splunk website (without registering) to see this blog: 2023 Predictions: Resilience in the Face of Uncertainty. Here are the highlights:

Leaders Focus on Emerging Tech and Trends
Greater Threats — and Greater Security Solutions
Digital Transformation Stays a Priority
Public Sector Leads in Addressing Supply Chain Risks
A Unified Vision for Resilience
Ransomware attacks rebound, but not for all
Hackers-for-hire skyrocket amid a global recession
Social engineers set their sights on ICS systems
Adversaries sidestep new cybersecurity technologies
Zero trust got 99 (implementation) problems
Specialists double back to generalists to secure the cloud in 2023
Also, see IBM’s (X-Force’s) Threat Intelligence Index 2022.

8) AT&T offers this list of 10 Cybersecurity Predictions for 2023. The list is more high-level than others, but adds good content to industry trends to watch in 2023. Here are the top five predictions listed:

Critical infrastructure and public sector will continue to become attractive targets.
OT attack patterns will become more prevalent.
Privacy will start getting more attention within the US.
Culture of resilience and safety versus compliance and prevention of breaches.
Strengthening of fundamentals: vulnerability and patch management, risk reduction, and Managed Extended Detection and Response (MXDR).
9) Check Point Software scaled down their 2023 security predictions this year and issued this in November: Check Point Software’s Cybersecurity Predictions for 2023: Expect More Global Attacks, Government Regulation, and Consolidation

Top items:
— Hikes in malware and hacking exploits
No respite from ransomware
Compromising collaboration tools
— Hacktivism and deepfakes evolve
State-mobilized hacktivism
Weaponizing deepfakes
— Governments step up measures to protect citizens
New laws around data breaches
New national cybercrime task forces
Mandating security and privacy by design
— Consolidation matters
Cutting complexity to reduce risks
10) Gartner — No doubt, Garter has an amazing research department and is perhaps best known for their professional prediction reports with percentages of probability. They also charge for most of what they write (or say), and they only give away a small fraction of their security prediction material each year, mainly as samples. This fact always drops them back to the second tier of free new year reports.

Nevertheless, Gartner offers these free insights into our future (more details and predictions at the Krontech.com website):
By the end of 2023, modern data privacy laws will cover the personal information of 75 percent of the world's population.
By 2024, organizations that adopt a cybersecurity network architecture will be able to reduce the financial costs of security incidents by an average of 90 percent.
By 2024, 30 percent of enterprises will deploy a cloud-based secure web gateway (SWG), cloud access security brokers (CASB), zero trust network access (ZTNA) and firewall as a service (FWaaS), sourced from the same vendor.
By 2025, 60 percent of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships.
Here are some more predictions from Gartner’s press release:
By 2025, 80 percent of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.
Through 2025, 30 percent of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021.
By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties.

Here are their top items:
The impact of ransomware on a global scale (read the full prediction)
Could adversarial AI reach a tipping point?
Developments in the cyber insurance market
Upskilling in cybersecurity
Responsible cyber power
Threats to 5G and energy networks
12) Proofpoint offers this piece: Cybersecurity Predictions for a Turbulent 2023

Here are their top two predictions listed (with some details):

“1. Global pressures will exacerbate systemic risk, as the economic downturn and physical conflicts create ripple effects through the entire ecosystem: Our increasingly complex, interconnected digital ecosystem exacerbates existing concerns and raises new fears about systemic risk, where weaknesses in any component threaten the strength of the whole. Proofpoint’s recent Cybersecurity: The 2022 Board Perspective report disclosed that 75% of boards believe they clearly understand systemic risk within their organizations. Even so, the fluctuating global turmoil makes it very difficult to grasp the full extent of the threats to our ecosystems. Consequently, systemic risk will demand constant attention.

“2. The commercialization of hacking tools on the dark web increase cybercrime: Over the last few years, we have seen hacking tool kits for executing ransomware become a commodity on the criminal underground. Ransomware-as-a-service has bloomed into a lucrative dark web economy, leading to the proliferation of ransomware attacks. New dark web tools make ransomware attacks possible with little to no technical sophistication, opening the door to cybercrime to anyone with a Tor browser and a little time on their hands.”

Look for part 2 of my annual predictions next Friday, Dec. 30. It will include Nos. 13-23, plus some bonus reports that take us from 24-30, and even some additional cyber forecasts from startups and others in the “honorable mention” category.

No comments:

Post a Comment