1. The Death of Point Solutions Is Coming – Unification is the Future
Today’s CISOs and other decision-makers place a strong emphasis on centralized architectures that provide prevention, detection, and mitigation under a single roof in order to increase visibility and efficiency.
With outdated point solutions created in a time when the cyber security landscape didn’t present as many threats and a talent shortage, organizations will keep turning to centralized solutions to meet the high demands of the IT threat landscape.
2. The Focus on Automation and Visibility Tools Will Increase
Automation is here to stay. The causes are numerous and really quite easy to grasp. Security systems generate almost infinite amounts of data, which no team could handle in real-time and react to in a timely manner. The cyber threatscape simply evolves too fast. There is a severe shortage of skilled cybersecurity professionals (and even those currently in the market are exposed to one of the most dangerous risks in the industry – human error). Moreover, hackers are using automation too!
To move from reactive to proactive security and regain control over one’s environment and schedule, analytics, intelligence, and automation are essential. In the corporate IT environment, security automation can identify potential threats, assess the event to determine whether it is real or fake, and then contain and eliminate the threat. Without human assistance, automated security tools complete these actions in a matter of seconds.
Cybersecurity automation minimizes security teams’ alert fatigue by examining alerts, identifying threats, and reducing the effects of attacks.
3. A Radical Change is Coming! How You Visualize Threats and Action
With this addition to the lineup, Heimdal is creating a new category in the cybersecurity market by providing a new approach to Security Orchestration, Automation and Response (SOAR), and Security Information and Event Management (SIEM) technology and engineering.
Heimdal’s Threat-hunting & Action Center was developed in response to an ever-changing threat environment where IT teams’ time and resources were being stretched thin across a huge spectrum of priorities.
The platform solves the need for a plethora of solutions that end up creating a slow and inefficient environment by combining everything into a single unified, integrated, and AI-driven solution that will forever change the way you think about cybersecurity.
4. MSPs are the Prime Supply-Chain Target for a Multi-tiered Attack Surface
In line with last year’s prediction, we also predict a heavy increase in supply chain attacks in 2023. Attacks on the software supply chain take place when a malicious actor gains access to an MSP or a software vendor’s network and compromises the software before the vendor distributes it to customers. The sharp rise in software supply chain attacks is partly due to the accelerated business climate, which has resulted in less time for MSPs to react and rapid software release cycles from vendors, leaving developers with less time to identify and address security flaws.
With the rapid increase in IT outsourcing, MSPs in particular are a ripe target for cybercriminals.
This leads, naturally, to a multi-tiered attack surface, that can severely compromise customer data and IT systems. Attacks on the software supply chain increased by more than 300% in 2021 compared to 2020, and I predict that they will increase even more in 2023.
The fact that NIST has released a thorough guide on how institutions can defend themselves against supply chain attacks and compromise and the numerous 2022 news (see details about US newspapers, Oktapus, Comm100 Live Chat application) regarding supply chain attacks are clear signs of how serious this threat is.
5. Consumers Get Entangled in the Web of Ransomware
Cybercriminals will successfully compromise internet-based software delivery services, such as Steam, Halo, Blizzard or others, to deliver a hypercomplex ransomware attack through system rights provided by the services. Supply chain attacks will therefore no longer be just B2B-based, but expand the attack sphere into the consumer space for a mass-based exploit-to-ransomware payout attack.
6. Attackers Will Get Bolder and Will Spend More to Complete Their Strategic Objectives
Cybersecurity criminals have plenty of time and plenty of resources to complete their attacks and therefore they will surgically target big institutions to find a way through their defenses.
Attacks of this caliber will typically run into tens of thousands of dollars per month, as cybercriminals use resources in less developed countries, or could be state-backed from North Korea, Russia, China, Iran or similar. They will need to be numerous because even for orchestrated attacks, success is never guaranteed, but when the reward is in the tens of millions of dollars, the cost becomes insignificant.
7. Strategic Focus on Infrastructure across Europe and the US
Transport, energy, and other examples of critical infrastructure are becoming more complex and dependent on networks of interconnected devices. Therefore, unsurprisingly, a major concern today is the critical infrastructure’s susceptibility to technical failures and cyberattacks. Recent occurrences like the war between Russia and Ukraine have only fueled these fears.
State and non-state actors now have more technical know-how, motivations, and financial resources than ever before to destabilize a nation’s vital infrastructure. An attack on vital infrastructure in one region of a nation can have a significant negative impact on many others – the most recent cyberattack on DSB demonstrated exactly how an online threat on a third-party IT service provider can cause serious disruption in the real world.
I believe we will see many cybercriminals adopting this route in 2023.
8. Espionage and Information Operations Will Rise
Information operations and cyber espionage will likely increase. Iran, China, and Russia, the usual actors in information operations, will probably continue to promote narratives that best serve their objectives.
Additionally, they will highlight the idea that the United States failed to honor its obligations to international organizations and nations.
We can already see that the Russian invasion of Ukraine is partially supported by a cyber strategy that entails at least three separate, occasionally coordinated processes: destructive cyberattacks inside Ukraine, network penetration and espionage in other states, and cyber-influence operations aimed at people all over the world.
9. Deepfakes will become increasingly dangerous
Deepfake technology manipulates existing or brand-new audio and video content using artificial intelligence techniques. Although it can be used for legitimate purposes — satire and gaming, for example —, it can also, just like everything else, be misused by malicious actors for malicious purposes.
Deepfakes are used to fabricate a story that seems to come from reliable sources. The two main threats are against civil society (disseminating false information to influence public opinion in a particular direction) and against people or businesses so that malicious actors can make a profit.
The path to a dystopian future will be guaranteed if people will no longer be able to distinguish between truth and lies.
Deepfakes pose a significant cybersecurity threat to businesses because they could make phishing and BEC attacks more successful, make identity fraud much simpler, and significantly reduce share value by twisting brand reputation.