Cybersecurity Predictions For 2023
As 2022 comes to an end, there will be much trepidation going into the New Year where cyber attacks are likely to become faster and more destructive. Our CEO, Rob Demain, shares his thoughts on what to expect for 2023.
Increase in insider attacks
The looming recession and financial hardship will mean motives will increase. Attackers will continue to purchase access (typical user accounts and passwords/identities) so that they have initial access. This will be aimed at corporate IT to compromise a business and access the supply chain.
Attackers will move even quicker
The pace at which attackers can move has been accelerating in recent years and is getting faster – in some cases, in little over an hour. Attackers moving at this alarmingly fast rate will know that they are likely to hit organisations defences and generate alerts, but they don’t care because they know that the likelihood is no one is looking at the alerts, or at least not looking at them quick enough and not responding properly. As evidenced in the recent ICO fine of Interserve, more cases are undoubtedly going to emerge where businesses are not keeping up and fail to identify alerts in time.
Heightened focus on Operational Technology (OT) as the target
This is where the money is especially, but not exclusively within CNI environments. Attackers will use the IT to get to the OT due to lack of air gaps and convergence of IT and OT. Attackers will exploit IT and use that access to educate themselves on how the OT is designed and accessed and use this knowledge to their advantage. This movement is made easier by digitisation of OT and the lack of truly air gapped systems. Attackers will compromise IT simply as a foothold to OT and sell this access on.
There will be at least one major new cyber related regulation from government on industry. Governments are under pressure to react to cyber-attacks that impact citizens. One key weapon they have is to pass new legislation which will require organisations to take more action to secure citizen and national data. This will go beyond the traditional CNI sector due to the impact hacks are having on citizens such as the medi bank cyber-attack in Australia and optus.
More destructive attacks
There will be more destructive attacks where the goal is to eradicate and not ransom. Making systems ‘unbootable’, making recovery very hard by aiming to destroy information systems as low down the OSI model as possible. These are the new nation state attacks and will follow large scale attacker surveillance, discovery and exfiltration. The aim of these attacks on the victim is to cause the most expensive and time-consuming restore procedures, destroy critical data, or just to make key systems inoperable for long periods of time. These attacks will originate from nation states and spread into critical supply chains of major CNI organisations.
We have underestimated Russia’s cyber capability
There is a wide view that Russian cyber activity leading up to and during their invasion of Ukraine indicated that they aren’t the cyber power we once thought. Patterns and evidence will emerge in 2023 that shows this wasn’t the case, instead Russia was directing its cyber efforts elsewhere, with non-military goals (financial and political).