2023 Cybersecurity Predictions

 

 

 

 

 

Tom: Let’s start the conversation here. The Russia-Ukraine war is going to continue to fuel increased warfare in cyberspace against NATO nations, and one of the side effects will be more instances of critical infrastructure ransomware. Doug, Ron, care to flesh out that prediction?

Doug: I think we all look at the overall trends that are happening in the marketplace and certainly we see new threats coming out on a regular basis. We see increases in the macro level that impacts businesses as well. I think what may get lost in those larger numbers is that some of the key players in the marketplace reduced their attack frequency at the beginning of the year, and it was associated with what you just mentioned, associated with the key aspect that there’s a supply chain between Russia and Ukraine. While we’re all very sympathetic to Ukraine and what’s happening there, the reality is they have always been a high vector of attack, and so when you break that supply chain from a historical perspective of those who produce ransomware and those who use ransomware in the marketplace, you have an interruption. If you look at ransomware specifically, it has dropped off significantly. The claim rates in the insurance space have dropped steadily since December of last year, about when by chance the conflict began. Ultimately, we’re starting to see some of those groups regroup on each side of the border. Now, what that means is possibly an increase in ransomware continuing to happen over the next six to 12 months because now people on each side of that conflict have regrouped to both use, create, and ultimately launch ransomware attacks within their own political views. The only other thing I would add to that is, from a political views perspective, when you think about how the world will evolve from here is what influences will NATO and the U.S. have on Ukraine that could potentially also influence Ukraine’s activities within its own borders as well.

Ron: I’ll add I think the scariest part of this scenario is what we don’t know, and what I mean by that is what’s going on, what resources are in hand, what new exploits have been sort of harvested and either used or are even ready for use. You know, with state-based resources on both sides being spent to develop these tactics and techniques and exploits, it eventually acknowledges that those techniques are going to get released into the wild, into civilian space, and I think it’s going to wreak havoc on unprepared companies. You know, we’ve got rich targets in retail and healthcare. It just becomes something that we’re baking heavily into our threat intelligence gathering to keep us and them apprised, but I think that there’s some fallout that’s yet to even happen.

 

 

 

 

Tom: Prediction number three is about hacktivism. The rise in hacktivism will continue full force as political tensions in varied opinions of the meaning of free speech rage on. Ron, please explain.

Ron: I feel really strongly about this one, and here’s where I would start. Let’s look at from 2020 to 2021, we already had a 100% increase in these essentially attack-for-a-cause types of scenarios. So that’s really hacktivism. But if you think about the world we live in now, it’s never been more polarized and politically charged than it is now. And that’s creating a split, it’s creating a divide, it’s creating a “win at all costs, I’m going to cancel you, I’m going to shut you down, I don’t like what you say, I’m going to stop you, and guess what, you have a big space on the internet and cyberspace, I’m going to attack that, and I’m going to shut you down there.” I mean, if you think about even among social media platforms with the recent acquisition that Elon Musk made of Twitter, there are certainly a lot of people on the other side of what he stands for that don’t appreciate that and may try to generate denial-of-service attacks against someone like Twitter. And if you think about this too, this is a warning too that we have to be careful about how we portray it because there could be scenarios where because of the political charge, and we’ve got healthcare entities for instance, let’s just take them, who may take a stance. We do provide abortions, we don’t provide abortions, we do provide trans care, we don’t provide trans care. Now, the message here is not to say, which side are you on? It’s to say, be prepared because no matter what side you’re on there might be an opposition that looks to take you down and compel social change. We’ve got ransomware for hire. What’s to stop a bad actor group from saying, hey, we’ll take them down and help your cause for a fee. Again, the message isn’t just to capitulate or say we’re going to change our social values, it’s just that you need to be prepared, particularly in incident response and how you’re going to deal with this. That way, you’re ahead of the game. Hacktivism, yeah, I do think that we’re going to see — we’re already seeing 200% plus here in ‘22 — we’re going to see more and more of that.

 

 

 

 

Tom: Dustin, I want to bring you into the conversation for our fifth prediction, which is that the wave of new federal best practices and guidelines that we saw throughout 2022 will continue aggressively into 2023.

Dustin: The goal with regulatory compliance and best practices is to reduce the bad things that are happening. And we’ve seen this over the past decade, how things have evolved. We’ll continue seeing that as other industries and organizations are getting attacked more frequently. What worries me is when we don’t see consistency from framework to framework, so just like organizations get audit fatigue, compliance fatigue is also a real thing. So hopefully, we see some consistency from framework best practices and these new ones from the SEC (Securities and Exchange Commission) or Department of Labor that are coming out, following those existing best practices with an end goal in mind, which again is to drive to better cybersecurity practices. Then, also with the the new push for breach reporting, something that’s interesting is having that information available is one thing but doing something about it is something else, so hopefully the frameworks and the best practices that we see will continue to evolve to not only report more frequently but also take actions to reduce those incidents that do happen.

Doug: We’ve seen a little bit of a lull with CMMC (Cybersecurity Maturity Model Certification) this year because there were some policy changes and political changes that occurred there. I think from anybody that we’ve talked to, both on CMMC as well as the government side, I suspect that that’ll come back extremely strong in 2023, so the pause that we saw in 2022 is likely to come back with a vengeance in 2023.

 

 

 

 

Tom: The Eighth prediction: Mobile device attacks will increase exponentially. Dustin, this is yours.

Dustin: I think the mobile device focus is the path of least resistance for the attacker. It’s what everybody has on them, organizations are focused on connectivity and access for their end users, and so it’s one of those where phishing is easier when everybody always has their email in their pocket or focusing on an SMS (text) message for somebody to follow a link. It’s not necessarily about just exploiting an organization’s assets, it’s exploiting that end-user device to see what other access can be gained from it from user ID, password, or other connectivity. Also organizations with the adoption of bringing your own device is not slowing down, and so end users where the end-user control isn’t as maximized as maybe an owned device, it is a path where an attacker sees an opportunity.

 

 

 

 

Tom: Our 10th prediction is about zero trust. Zero trust security model will continue to gain momentum, but actual implementation and execution particularly in healthcare is going to lag. Dustin, you’re going to explain.

Dustin: The idea of zero trust has been around for over a decade. Absolutely love it in theory, but it’s like anything from implementing security controls; it takes time and money, re-architecting networks, and then user adoption. Multifactor authentication, same type of thing where it’s a great security solution, but how many organizations don’t actually have it implemented, who don’t actually have it implemented on email for example? So you look at zero trust, and spreading that out through an organization’s network is not going to be easy to actually implement. Healthcare — especially if you slow down patient care based on the iterative authentication steps and then reduced access based on segmentation — that’s something that’s not going to be widely adopted right off the bat. And while it’s a great idea and it’ll really help from a security and incident spread reduction standpoint, the actual ability for an organization to put it in place and still continue to run their business as they want is going to be very, very difficult.

 

 

 

 

Tom: We’ve talked about MDR quite a bit throughout this conversation as part of our 11th and last prediction. Prediction is: There will be a reckoning in the managed detection and response market separating true MDR service providers from those drafting off marketing hype and offering only elements of threat detection and response. Ron, this is for you, but Doug I want to give you a chance to weigh in as well before we wrap up here.

Ron: We’ve got this solution as MDR as Gartner has labeled it, and you know there are a lot of times where, hey, there’s a market and somebody put the sale in my yard saying I sell this. I think that people have jumped on this to be relevant in the marketplace, various MSPs (managed service providers) and MSSPs (managed security service providers). The true essence of managed detection and response really embodies several different looks, multiple feeds into a correlated platform that can be not only monitored but also an added element of preventand then dynamic detach, which implies a level of hunting, and of course the “R” part of it, the response. What happens if there is something? You can’t just bat it over the fence anymore. We have to make sure that we’re working with the customer from the incident’s start to the recovery.

Doug: Yeah, I think to Ron’s point, we all aspire for security to be fully automated, doesn’t need people, you don’t need to think about it, it doesn’t create friction in the system. That’s not the reality that we live in, and realistically, as I tell my kids who hopefully are going into cybersecurity, they probably don’t have to worry about their career for the rest of their lives either. That’s an unfortunate situation and awareness, but the reality is we’ve all seen new technologies come into the marketplace. They provide better levels of protection. There’s no doubt about it, EDR is evolved to be better than AV in some cases, not all cases, but at the end of the day, you’ve got to have a good visibility across EDR, across network, across logs, across APIs (application programming interface), and that’s going to provide protection across premise, SaaS (software as a service), cloud, mobile, everything that we’ve talked about here. And to Ron’s point, most people believe that inherently, as you buy these new technologies, they just work and they just provide extra protection and extra blocking, and that’s not the reality that we even see in the more advanced EDR space, which is why MDR providers are out there now, is to take all of that noise that still needs to to be analyzed at a human level, turn that into actionable events or take action on behalf of the client, be able to respond to data, make sure that ultimately the responses are appropriate. But we see over and over again where the industry launches a new product — back in my day was like IPS, then it became EDR, then it became lots of things that were just gonna magically block everything bad — and what we see today is a higher volume of things that you still need to deal with more than ever before, and that’s not because these technologies didn’t get better. It’s simply because they still need to be managed, they need to be adjusted to the customer environment, new threats come out every moment, and that just doesn’t magically happen yet in the world. AI and machine learning and all those things are absolutely improving but far from magic yet today.