SC Media UK has collected predictions across a range of categories from cybersecurity experts. Here we give you the roundup…
What might 2023 bring in term of cyber?
Our experts found consensus on a few areas. First, boardroom metrics will become more important as senior execs demand transparency through quantified insights on the company’s security posture. Quarterly reports and PDFs are no longer sufficient given the intense scrutiny companies face over their security-related activities.
And second, our expert panel thinks the energy sector will be a prime target this year, with hackers applying economic pressure on local and national governments as the public worries about being able to keep their heating and lights on.
Increasing reliance on cloud vendors could expand companies’ attack surfaces, says Michael Adams, CISO, Zoom:
“With the flexibility offered by the cloud, more organizations are layering cloud technology into new places and enabling unique use cases with cloud technologies. However, in doing so, they’re also expanding their attack surfaces and will also need to come up with new strategies to deploy cloud security technologies and protection strategies. IT leaders will also need to have a strong process in place to evaluate these vendors and understand the technologies they use on the backend.”
Board members will demand timely and actionable security metrics, says Omer Singer, head of cybersecurity strategy, Snowflake:
“The rise of security data lakes in the cloud will make it much easier to generate near-real-time reports around critical security metrics. We’ve already seen increased interest at the executive level in this type of data, and in 2023 board members will demand transparency through quantified insights on the company’s security posture, areas of weakness, and rate of improvement. While standard in other departments, cybersecurity has been late to provide this kind of visibility.”
The looming energy crisis may become a subject of cyberattacks, says Jens Monrad, head of Mandiant Threat Intelligence EMEA:
“With the looming energy crisis in Europe, there is a high likelihood that cyber threat actors could shift their campaigns towards a critical component for most of Europe, regardless of their motivation. Critical infrastructure is always at risk of destructive cyberattacks by nations in conflict. Still, it might become even worse as many European governments and the EU are discussing how to best deal with the energy crisis caused by the war in Ukraine. Even worse, they might focus on critical infrastructure with ransomware campaigns focusing on disrupting energy and power supply.”
Supply chain security will gain increasing attention, says Tola Sargeant, managing director at TechMarketView:
“Relatively few businesses are taking steps to formally review the risks posed by their immediate suppliers and wider supply chain. With the number of suppliers organisations interact with now higher than ever, it is important to ensure that third party organisations, and any system or data connections with them, are secure and resilient against a range of cyber threats. UK organisations will increasingly place more importance on security as a determinant of doing business with suppliers and will need to invest more in technology solutions to review and monitor supplier security risks.”
2023 is going to be about the ‘three Rs’: regulation, regulation and relationships, says Jordan Schroeder, managing CISO at Barrier Networks:
We are likely to see the UK draft new regulation to hammer down on SBOMs (software bill of materials) in a GDPR-level style. This will be built on the American Executive Order from 2021 and the subsequent work by NIST to support it. What’s more,
some sectors, like industrial organisations, are going to work together to build on existing standards and regulation and make even more improvements to their security defences, as a sector.”
Developments within the cyber insurance market will have serious, knock-on effects, says James Muir, threat intelligence research lead, BAE Systems:
“In 2022, the rising threat of ransomware attacks led many insurers to raise premiums and reassess coverage. Going into 2023, Lloyd’s of London announced that its insurance policies will no longer cover losses from state-sponsored cyberattacks, effective from March. We can expect these dynamics to heavily impact organisations. Many will find themselves without appropriate coverage and be required to use emergency incident response services outside of their existing arrangements.”
Cyber career opportunities will grow, says Mark Hughes, president of security at DXC Technology:
“The numbers vary, but some estimates suggest that the cybersecurity industry globally is short of 3.4 million workers. With growing threats from advanced technologies, the number is only likely to increase. The cyber skills gap creates career opportunities for people of all ages and backgrounds. In the UK alone, there are currently over 1,100 cybersecurity opportunities for graduates listed on the careers portal GradCracker. But it’s not just graduates who can benefit. Many companies offer the chance for adults to retrain in cybersecurity – a popular option for veterans who are often well suited to be the boots on the ground in our frontline defence against cybercrime.”
International cyber collaboration will increase, says Steve Forbes, government cyber security expert at Nominet:
“Governments will continue to collaborate with allies on cyber, but we likely won’t see this happening in an offensive cyber security sense. Instead, major nations like the US and UK will continue to share intelligence and strategies on cyber threats. The success of the collaboration between these nations on threat intelligence will help to foster similar relationships through other allied nations. In 2023, we will also certainly see more attribution and the calling out of malicious cyber behaviour from governments going on the offensive against threat actors, and continued collaboration from law enforcement to arrest and take these cyber gangs down.”
Financial institutions will prioritise security investments, says Brett Beranek, general manager, security and biometrics, Nuance:
“Traditional authentication methods – such as PINs and passwords – are archaic and no longer fit for purpose. Passwords are being sold on the dark web, exploited for fraudulent activity and have even cost unfortunate individuals vast sums of money in terms of recovery if lost or stolen. In 2023, an increasing number of banks will turn to modern technologies – such as biometrics – to robustly safeguard customers.”
Vishing will fool the world with increasingly realistic deceptions, says Dr Niklas Hellemann, CEO at SoSafe:
“While currently viewed as mostly harmless fun, cybercriminals have quickly realized that deepfakes can be used for social engineering attacks as a prime opportunity to maximize profits. ‘Vishing’ (voice phishing) for example is already being used as a deepfake technology to successfully dupe employees into believing they’re speaking with members of their own organisations. As the quality of deepfake and vishing technology improves and they become even easier to create, cybercriminals are sure to conduct more believable and successful attacks in 2023.”
‘Scamdemic’ will continue in 2023, says Michal Salat, threat intelligence director, Avast:
“We’ve been living in a scamdemic for some time now, and there are no signs of a slow-down. Next year, we expect to see attacks playing with people’s economic and environmental concerns. Scams are not just flooding people’s inboxes in the form of phishing emails, but are bombarding people’s text messaging apps, and are keeping their phones ringing. One trend expected for 2023 is social media account takeovers leading to impersonation attacks on online friends.”
Every developer knows that it’s a bad idea to hardcode security credentials into source code. Yet it happens and when it does, the consequences can be dire. Until now, GitHub only made its secret scanning service available to paying enterprise users who paid for GitHub Advanced Security, but starting today, the Microsoft-owned company is making […]
The website for ODIN Intelligence, a company that provides technology and tools for law enforcement and police departments, was defaced on Sunday. The apparent hack comes days after Wired reported that an app developed by the company, SweepWizard, which allows police to manage and coordinate multi-agency raids, had a significant security vulnerability that exposed personal information of […]
etailed tactical plans for imminent police raids, confidential police reports with descriptions of alleged crimes and suspects, and a forensic extraction report detailing the contents of a suspect’s phone. These are some of the files in a huge cache of data taken from the internal servers of ODIN Intelligence, a tech company that provides apps and […]
Leave a Reply