2023 Informed: Ten cyber security trends for the year ahead
1: Geopolitics created by the war in Ukraine will upskill a host of bad actors
“The war brought a lot of hacking groups to the scene or made groups that already existed focus on politically-motivated attacks. Regardless of whether the war continues or ends, these groups will remain active. The people who gained offensive skills, and the groups that formed, will continue attacking politically motivated targets or transition into the cybercriminal underground for financial gain.”
Daniel dos Santos, head of security research, Vedere Labs
“The rate of growth in ransomware attacks is slowing slightly – but this will prove to be a false dawn. Currently, the most successful teams of cyber-criminals are being focused on attacking Ukraine’s critical infrastructure. The second that conflict is over, all the technology, tools and resources will be redeployed back into ransomware attacks – so organisations and nation states alike must not become complacent.”
Andy Harris, chief technology officer, Osirium
2: Public/private sector cooperation on cyber will strengthen
“Enhanced and streamlined government and industry partnerships should continue to be a priority for cybersecurity strategies in 2023, as threats can morph, especially with the emergence of technologies such as artificial intelligence, machine learning, 5G and eventually quantum computing.
“With large portions of technology and software owned and developed by the private sector but impacting governments and industries such as healthcare, they must partner on best practices and approaches to remediate risk and tackle how to defend against the growing cyber-attack surface. Frameworks and regulation alignment will become essential for collaboration between these entities to achieve meaningful and effective defence.”
Rebecca Harper, head of cyber security analysis, ISMS.online
3: Attacks on energy firms and critical infrastructure ramp up– with criminals focussing on weak points such as IoT and OT vulnerabilities
“As more focus is placed on building a more sustainable future, the motivations for energy-related cyber-attacks will likely increase across the entire threat landscape. At the low end of sophistication, we have already seen numerous scams related to energy bills, including fake emails or texts to steal individuals’ personal information. At the high end, the potential for state actors to disrupt energy networks looms large in certain regions.
“As companies across the globe look to green agendas and innovation in 2023 and beyond, new opportunities for threat actors will doubtless arise. Next year, we could see actors find other links between energy security and cyber security, such as espionage efforts into green technology or energy policy, along with environmental hacktivism.”
James Muir, Threat intelligence research lead, BAE Systems Digital Intelligence
“As Russia loses more ground in the invasion of Ukraine and pressure from the US and our allies continues to mount, we are likely to see cyberattacks increasingly used as a weapon. Cyber physical systems [robots, smart buildings, self-driving cars, for instance] and the networks they operate on are obviously attractive targets because of their criticality levels and potential for sabotage.”
Galina Antova, co-founder and chief business development officer at IoT cyber sec outfit Claroty
“2023 promises to be an integral year calling for increased operational technology and industrial control systems cybersecurity investments.
“However, governments, insurance providers and international markets are reticent about the significance of protecting critical infrastructure and building resilience across critical sectors and technologies.
“Unfortunately, 2023 may also be the year that adversaries demonstrate increased capabilities to modify OT and ICS systems in critical sectors. OT/ICS cybersecurity stakeholders, concerned with physical safety, environmental impacts, goods, services, resources provision, and micro and macroeconomics are in for an assiduous 2023.”
Danielle Jablanski, OT cybersecurity strategist, Nozomi Networks
“Now that cross-platform ransomware is the norm, several groups have shown the profitability of attacks leveraging IoT devices – such as Lorenz on VoIP; Conti on routers and DeadBolt on Network Attached Storage.
“Organisations now have increased protections on their IT networks and, as a result, the stage is set for an explosion of ransomware attacks using these devices for initial access or impact.
“Challenges with medical device security – long lifespans, difficulty in patching and customised software/firmware – which ramped up this year will remain. 2023 could also be the year where we see attacks not only spill over to medical devices but target them (potentially their insecure-by-design features as in OT), although it would require specific attacker motivation to purposefully target devices that could directly harm people.”
Daniel dos Santos, head of security research at Vedere Labs.
“New FIDO regulations that target IoT providers specifically will help tame the ‘wild west’ of IoT security. Currently people must choose between adding insecure IoT devices that have innate security holes to their networks, or to not use them at all.
“In 2023, that is all set to change because these new standards will plug critical vulnerabilities for consumers and businesses alike, as they establish hard and fast rules around zero-trust architecture and non-standardised, phishing-secure passwords for IoT devices. Security and interoperability standards will trigger a leap forward for IoT”
Alex Laurie, senior vice president, Global Sales Engineering ForgeRock
4: 5G cyber hacks will grow as attack surface widens
“Predicting the direction of travel for the 5G threat landscape is not a straightforward task. The 5G standard itself offers significant security improvements compared to its predecessors like 4G and LTE.
“But the infrastructure required to implement full 5G rollout – with increased dependence on IT, as well as virtualisation and cloud infrastructure – could increase the attack surface and expose vulnerabilities.
“When looking at radio access networks (RAN), for example, security researchers have pointed to poorly configured virtualised environments in existing OpenRAN deployments, including numerous issues in Kubernetes configurations.
“On the core network side, as the rollout and implementation of new features becomes more complex, it is possible that we’ll see security misconfigurations that impact wider 5G networks.
“Adopters of 5G must pay greater attention to the risks surrounding 5G security, with specific high-threat use cases – such as military scenarios – having been discussed in whitepapers this year, including CCDCOE’s research report on Military Movement Risks From 5G Networks.”
James Muir, threat intelligence research lead, BAE Systems, Digital Intelligence
“As new technologies progress, new forms of attack will also emerge. The risk expands to the growing popularity of electric vehicles which will also be matched by increasing breaches and attacks in this space. Hackers are learning how to take control of vehicles and eavesdrop on conversations via microphones installed in EVs, while vehicle-charging points will also become increasingly vulnerable to attack.
“This risk expands to IoT (Internet of Things) in general, which businesses are relying on more and more – especially in the era of 5G. Despite regulation being introduced, it will take time to have an effect and for organisations to discover all their vulnerabilities. Weak IoT security could become a useful backdoor for threat actors to breach 5G networks or move laterally to internal servers.”
Scott Goodwin, COO and co-founder, DigitalXRAID
5: Cyber industry will continue to adapt as recession takes hold
“The market will need to help customers do more with less – less money, less staff, and less experience. There will be a need for autonomous data resiliency – in which the customers’ data is automatically secured and protected.”
Stephen Manley, CTO of SaaS-based data protection vendor Druva
“During recession, the cyber security market may have to deviate from its largely product-driven economy. With incoming CISOs having previously used a shakeup of security tools and services as an important lever when joining a new company, they may instead have to “mend and make do”.
“In such times of crisis, we can expect security product vendors to double down with wildly exaggerated marketing messaging. Organisations should learn from the lessons of recent years that such silver bullet solutions are a fallacy and instead invest in the knowledge and support needed to fully utilise their existing stack.”
Dan Green, head of enablement at cyber risk consultancy, JUMPSEC
“Supply chain security will dodge budget cuts in manufacturing and energy as the manufacturing sector continued to battle unpredictable supply chain disruptions this year, the industry made dramatic strides in managing third-party cyber risk.
“In fact, 64% of manufacturers say they had supply chain cyber risk on their radar this year and nearly half (44%) have established an integrated enterprise risk management program, the highest of any industry surveyed in 2022.
“That said, because of the reliance of thousands of vendors, the urgency and severity of supply chain-related cyber breaches in manufacturing will make it the most likely sector to receive budget increases for external resources in 2023.”
“For the utilities and energy sector, 99% of energy companies say they have been negatively impacted by at least one supply chain breach in the past year. The good news is the sector maintains the highest rate of any vertical to increase its yearly budget for supply chain cyber risk and 60% of energy companies are increasing their budget in this category on average to 60% over 12 months.”
Lorri Janssen-Anessi, director, external cyber assessments, BlueVoyant
6: SecOps and DevSecOps will become business critical in 2023 (if firms can embrace the cultural change that goes with it)
“The growth of APIs and application deployments means that in a software-driven world, security needs to be automated into application delivery processes using DevSecOps techniques. DevSecOps encourages developers to consider security principles and standards at the point they are creating the app, rather than afterwards.
“DevOps and DevSecOps are culture changes, not policy mandates. Organisations that shape the culture to produce the expected outputs will fare better in the upcoming cybersecurity challenges.”
Sammy Migues, principal scientist, Synopsys Software Integrity Group
“I see AIOps SecOps and DevSecOps becoming critical in 2023 to help protect against attack. However, despite their best efforts many businesses will still be attacked so having the right business continuity practices in place and cyber insurance will be critical to survival.”
Nick Westall, CTO of cyber security consultancy, CSI
7: Mobile malware intensifies
“2022 saw mobile malware come to the centre of industry threat discussions. The threat is unique in the various forms it takes. Malware-laden Android apps, exploits for out-of-date mobile operating systems and dubious VPNs can all be used to compromise a mobile device.
“Mobile malware will remain a threat in 2023 and it’s a concern for the increasing number of businesses using mobile devices to authenticate identity and grant access into workplaces, commercial real estate, residential buildings and more. Expect to see more mobile credential apps taking advantage of built-OS capabilities, like biometric identification, that can’t be bypassed even if a device is compromised by malware.”
Jeff Nielsen, CTO of access control software and hardware firm Brivo
8: Uber’s CISO conviction will impact employment law around issue of liability following hacks
“For the first time, in the fallout of the Uber cyberattack, we saw a CISO served with a custodial sentence. The question of personal liability and where responsibility and accountability start and end – as well as how businesses and individual stakeholders will protect themselves – will gain prominence next year. This is likely to be reflected in a shift in employment law, to potentially address the grey areas surrounding this emerging issue.”
Rick Jones, CEO and co-founder, DigitalXRAID
9: Paying ransomware gangs will become increasingly problematic
“We’re likely to see continued pressure against the payment of ransoms, which will build on developments from this past year, most obviously the war in Ukraine, which added a new ethical dimension to the debate on the appropriateness of enriching cybercriminals with Russian connections.
“Alongside this, the Information Commissioner’s Office put paid to the notion that paying a ransom is seen positively from a data protection perspective, while the insurance sector adopted a more circumspect approach to the writing of ransomware risks through the publication of new war exclusion clauses.
“Combining these developments with the inherent risk of ransomware attacks morphing to wiper program attacks, 2023 will need to usher in new approaches to cyber security, because the ‘get out of jail’ card that is represented by the payment of a ransom might not be a long-term option.”
Stewart Room, head of technology, Media and Communications, DWF Law
10: Cyber Insurance strategies will shift for both insurers and enterprise
“In 2022, the rising threat of ransomware attacks led many insurers to raise premiums and reassess coverage. Going into 2023, Lloyd’s of London announced that its insurance policies will no longer cover losses from state-sponsored cyber-attacks, effective from March. We can expect these dynamics to heavily impact organisations. Many will find themselves without appropriate coverage and be required to use emergency incident response services outside of their existing arrangements.”
James Muir, threat intelligence research lead, BAE Systems.
“Cyber Insurers will define coverage lines with more precision and enforcement as cyber incidents – especially business email compromises – occur more frequently, and as ransomware attacks are beginning to surge again, providers will continue to tighten standards required to obtain or maintain coverage and increase premiums.”
Vincent D’Agostino, head of digital forensics and incident response, BlueVoyant
“Cyber insurance will get more expensive, and more difficult to acquire, with increasingly heavy requirements on clients to take all necessary and reasonable precautions before they can buy it. Insurers are also less likely to pay out – and the more claims there are, the more they’ll push back.
“As a result, more organisations may decide not to take out insurance at all, instead focusing on ploughing resources into protection. If this happens, we can expect to see insurance companies partnering with big consulting firms to offer joined up services. Rule number one: insurance always wins!”
Andy Harris, chief technology officer of Osirium
“For organisations to reduce their insurance premiums in 2023, they’ll need to demonstrate their security first culture – regular staff training initiatives, a range of security tools and expert support to detect and mitigate threats. Insurers are simply not prepared for the risk transference in the new era of ransomware. Their high premiums may be what drives greater better compliance in the coming years.”
Rick Jones, CEO and co-founder, DigitalXRAID
*For support on ransomware attacks, read our special report
Subscribe to our Editor's weekly newsletter