Amid a growing attack surface, the skills shortage and the rise of unknown threats, accurate and rapid signals will be essential
Vectra AI, the provider of Security AI-driven hybrid cloud threat detection and response, has released its predictions for 2023, revealing the emerging trends that will shape cybersecurity next year.
Christian Borst, EMEA CTO at Vectra AI, commented, “Next year, organisations will face more unknown cyber threats targeting on-premises systems, cloud infrastructure, and SaaS applications. The skills shortage is worsening, too, causing analysts to become overloaded and burnt out. Combined, this creates a perfect storm, leaving organisations more vulnerable to a breach. Organisations must adopt an effective detection and response strategy that reduces the burden on analysts, prioritising the most high-risk alerts. This means using tools that can identify the suspicious behaviours that an adversary will exhibit as part of an unfolding attack, flagging up these signals so organisations can stop an attack before it becomes a breach.”
Christian Borst and Brian Neuhaus, CTO, Americas at Vectra AI have outlined a range of trends that they believe will have a big impact on the cybersecurity industry next year.
Supply chain attacks will continue, but hackers will look beyond the ‘usual suspects’ to cause havoc:
Attackers will continue to cause maximum disruption in the form of supply chain attacks. Still, instead of targeting key suppliers, they will look beyond the ‘usual suspects’ to gain access to networks. For instance, this could include legal or accounting firms. A holistic approach may help turn the tables on the matter: supply chain means partnership — partnership means collaboration and supporting each other. Only as a ‘mesh’ interconnected structure with consistent resiliency can companies thrive in the digital economy. This includes ensuring that they review the security policies of all those in the chain.
Organisations will use automation to recover from ransomware attacks:
Traditional restoration procedures following a ransomware attack are both costly and time-consuming for organisations; this is why in 2023, we will see organisations look to automation via infrastructure as code (IaC), to reduce downtime. Through IaC, organisations can develop scripts that enable key infrastructure to self-heal so they can automatically return to action. Ultimately rebuilding broken infrastructure from scratch is a far quicker process than restoring as a result of automation.
Increased analyst fatigue and resignation will see the tides turn away from protecting the castle walls to detection and response:
Attackers are continuing to breach the castle walls, creating fatigue and eventual resignations amongst cybersecurity professionals. Instead of working on preventing these attacks from happening and to prevent employee burnout, we will see a needed shift to focus on reducing the impact of an attack. This means building resilience within the organisation, covering people, processes and technology and focusing on early detection and sound response as opposed to protection & prevention.
Multi-Factor Authentication (MFA) will continue to be a prime target for attackers:
With identity attacks on the rise in 2023, attackers will continue to take advantage of vulnerable MFA methods. As companies continue to roll out MFA, attackers will continue to take advantage by flooding end users with requests to brute-force their way in or by skilled phishing campaigns. End users will be the ones directly targeted by attackers. This means that not just organisations but consumers will need to be more aware of the risks to their digital identities. Meanwhile, organisations must ensure they have tools in place to detect suspicious login activity and stop it in its tracks.
Attackers will begin to steal and keep encrypted data to decrypt in a post-quantum world:
Advances in quantum computing will force the hand of security leaders in 2023 to start thinking about this sensitive encrypted data in a post-quantum world. However, this approach will also grab the attention of attackers, and instead of bypassing encrypted data that was previously safeguarded, they will attempt to grab the data and keep it stored for sale or to be later decrypted. Defenders should not rest on the laurels of encryption and start to take note of what NIST is doing in post-quantum encryption this year for action in the coming years.
As the war for talent increases, security companies will need to develop creative ways to recruit and retain workers:
As an industry that is no stranger to burnout and stress, cybersecurity companies will have to ensure they can demonstrate they are an attractive outfit to work for. This is in order to fend off competition from tech companies that can often offer lucrative salaries and superior work-life balance. To achieve this, cybersecurity companies must adopt a more forward-thinking approach, including flexible working arrangements, performance incentives and health and wellness policies.
Private and Public sector will batten down the hatches against nation state cyberattacks:
Cyber warfare will remain a real threat in 2023, from a broader use of known TTPs to an unknown equity of zero days just waiting for the strategically right moment to deploy against one’s foes. Leaders of private and public sector organisations will start to really pay attention, investing more in the incident response and speed at which vulnerabilities are being handled in the coming year to limit the blast radius of such a cyber weapon. Posture, detection, and quick response will be paramount this coming year.
Software and IOT device labelling take a foothold:
Labels should state clear facts about the privacy and information security parameters of the product and organisation. One key piece of information on labels should be how long a company will support its software, because a physical device may outlast the time a product is supported.
“While the threat landscape might seem daunting, there are technologies out there to give organisations the decided advantage, but action has to be taken now. Regional SOCs need to introduce AI into their security mix — AI that eliminates the noise found in most of today’s IT environments,” Neuhaus added. “The right data, analysed the right way, will open the door to a new era of visibility and control for security teams. In this Attack Signal Intelligence framework, cyber actors’ TTPs [tactics, techniques, and procedures] become more obvious and make security professionals more effective threat hunters.”