IT Security in 2023: Times of uncertainty, 9 forecast scenarios
by Tina Siering
All forecasts for the coming year indicate that the threat situation will remain high and continue to worsen in 2023. The overriding goal should therefore be to strengthen resilience in IT security as good as possible and in the long term under the given framework conditions. The following individual topics are intended to help prepare for the fight against cybercrime.
Topic 1: APIs as a major risk for security managers
Application Programming Interfaces (APIs) are indispensable for the exchange of data and represent an important driver for digital innovations. Not least due to the growing prevalence of SaaS applications, the use of APIs has increased sharply in recent years. The interfaces are therefore increasingly becoming the focus of cybercriminals. It is therefore of great importance for security teams to have a comprehensive overview of the entire potential attack surface. This includes all APIs in the environment, including documented and undocumented (shadow) APIs, as well as unused or obsolete APIs that have not been disabled. We expect a further increase in security incidents targeting APIs in 2023. This is because, despite the known risks, APIs are still inadequately protected in many cases - according to a recent report by the security experts at Salt Security, more than a third of all companies even have no API security strategy at all.
Topic 2: Data extortion and the rise of data leak marketplaces
The technique of data extortion will presumably surpass the well-known data encryption via ransomware. As a result of increased data theft and extortion, new criminal marketplaces will emerge dedicated solely to marketing and selling the stolen data. Cybercriminals will be enabled to repeatedly target businesses and organizations via tactics such as double or triple extortion. Ransomware-as-a-Service (RaaS) vendors are likely to focus on software update methods for exfiltrating and publishing data on "leak sites."
Topic 3: Zero-Day Vulnerabilities: Race against time continues to increase
Attackers are developing increasingly sophisticated TTPs (tactics, techniques and procedures) that explicitly target zero-day vulnerabilities. The number of zero-day exploits has increased dramatically in recent years, while at the same time the time between vulnerabilities becoming known and being actively exploited by cybercriminals has become shorter and shorter. In numerous cases, hackers exploit disclosed vulnerabilities in near real-time. The growing number of zero-day threats demonstrates the urgency of proactive threat-hunting solutions that are able to immediately detect and report compromises in the network and systems.
Topic 4: Cyber insurance companies will impose stricter conditions
More and more companies are turning to specialized cyber insurance to cover financial risks. However, the number and amount of insurance claims have grown exponentially in recent years - forcing insurance companies to re-evaluate risks and reduce coverage accordingly. As a result, many companies looking to renew or purchase insurance for the first time are finding it difficult to find a policy with suitable, powerful terms. The increasing demand for cyber insurance and the simultaneous reduction in coverage has led to a highly competitive market where it is difficult to find the right insurance for a company's specific needs. This trend will become even more pronounced in 2023. The CEO of Swiss insurance company Zurich, Mario Greco, goes even further and fears that companies in certain economic sectors in particular will no longer be able to insure damage caused by cyber attacks in the future.
Topic 5: Credential theft instead of phishing.
Password theft forms the basis for massive cyberattacks with serious repercussions. For the theft, hackers increasingly rely on convenient and easy-to-use tools such as Racoonstealer or Vidar, which are already preconfigured and cheaply available on the dark net. Stolen credentials are already being traded in underground forums - providing a cheap, time-saving alternative to more complex phishing attacks. In the coming year, we can expect to see an increase in credential theft through pre-packaged tools - and an equal increase in the number of stolen credentials available for purchase on the dark net.
Topic 6: The IT skills shortage will continue to worsen
The shortage of IT specialists is unfortunately a problem that has been known for many years. According to a recent study by Bitkom, Germany alone currently lacks 137,000 IT experts. The cybersecurity staffing gap in Germany in 2022 has even increased by 52.8% compared to the previous year, according to a study by (ISC)2. The situation will worsen in 2023 to the extent that there are likely to be serious attacks directly attributable to the shortage of cyber security experts, as well as overworked and understaffed IT security teams. To mitigate this risk, it is important to train new talent for many career fields in IT security, and provide new tools and additional resources to ease the burden. A managed detection and response solution, such as Allgeier secion's Active Cyber Defense (ACD) service, with 24/7 monitoring and outsourced SOC team can help organizations with immediate detection for timely response to prevent successful cyberattacks.
Topic 7: Threat from state actors
The war in Ukraine and the resulting limited availability of energy resources may make companies and organizations targets of intelligence gathering operations. CRITIS companies are already at risk from cyber sabotage during transnational conflicts, and now this risk is increased. On several occasions, we read that European utilities should prepare for state-sponsored Russian attacks, because the Kremlin may try to pressure countries that have imposed sanctions on Russia with this. For example, they could be attacked with ransomware to disrupt power supplies. German companies from the critical infrastructure sector are obliged under the IT Security Act 2.0 to prove from 01.05.2023 that the required measures for an integration of systems for attack detection are implemented. 2023 will thus bring one thing in particular: An upgrade of existing security measures. Above all, the use of solutions for attack detection (e.g., as part of a managed detection and response service) should be more absent in the coming year, and not just in CRITIS companies. In this tense situation, however, there is no way around suitable IT security measures, even for small and medium-sized companies.
Topic 8: Investment in Managed Detection and Response (MDR)
Whether a corporation or a medium-sized business, the past year shows that still too few organizations and companies are adequately equipped to respond effectively to current cyber threats. The number and professionalism of successfully executed cyberattacks is continuously increasing. The proliferation of IoT networks and "remote workers" (as a new work standard) increase the number of endpoints to be secured. One approach to mitigate these risks is to deploy a managed detection and response (MDR) service. In order to detect a successful cyber attack early, it is critical to respond to security incidents in a timely and targeted manner. Monitoring of network traffic is provided by an external SOC team when using an MDR service. On the basis of a monthly service fee, the security analysts conduct active threat hunting with the aim of detecting, investigating and containing security incidents at network level.
Topic 9: Deepfakes are getting better and better
In 2023, there's one thing you can no longer trust on the Internet: the authenticity of photographs or video recordings. Deepfakes, the AI-based manipulation of human faces or voices, will reach a whole new level in the coming years. What can still be quite amusing in the entertainment sector - we recommend a look at the remake of "Matrix" - can become a real danger in the wrong hands. A video in which Ukrainian President Selenskyj allegedly calls for the surrender of his armed forces in March 2022 was a Deepfake. Regardless of intent, deepfakes are becoming increasingly difficult to detect and consequently pose a major security risk, and not just as a "weapon" for social engineers. By 2023, deepfakes could be so authentic that it's only a matter of time before attackers can create lifelike digital avatars of someone. When that happens, it will be incredibly difficult for users to identify the difference without analyzing the source data.
An ever-increasing threat landscape, barely predictable uncertainty factors, and a highly equipped and very professional cybercrime industry will pose major challenges to many organizations and companies worldwide in 2023. No company is safe from these attacks, as hackers are increasingly targeting not only large corporations but also small and medium-sized enterprises, which lack their own IT security teams. Intelligent cyber defense measures, such as solutions for proactive threat hunting by means of effective early attack detection, should have a high priority in the IT security planning of every company - in order to permanently strengthen cyber defense and to detect threats of all kinds as early as possible.