By Diwakar Dayal, Managing Director & Country Manager for SentinelOne, India & SAARC
2022 was a sobering year for us all. Riding on the back of the COVID pandemic of the previous two years, we entered a new reality with war returning to Europe in a way not seen since 1945. And yet along with tanks, missiles, and the targeting of civilians and civilian infrastructure came a new battlefront: cyber warfare with wipers being used to hit targets inside and outside the physical battleground.
Meanwhile, new attack surfaces came to the fore, as cybercriminals began to understand how to exploit identity for access and cloud workloads for assets, privilege escalation, and lateral movement.
It’s not been all bad. Evolving security technologies like XDR are helping organisations to fill the gaps in visibility, join the dots in defense, and hunt for hidden threats in the enterprise. Law enforcement has been capturing and incarcerating more cybercriminals than ever before, while also closing the doors on some of the darknet’s worst illicit markets.
As we look forward to another year in the trenches of cybersecurity, here are a few key trends we expect to witness in 2023.
Driving Painful Lessons Home
2022 has been a year of painful lessons precisely because the most intense threats weren’t technically advanced or mind-bending feats of cyber wizardry. Instead, they were mundane, pragmatic, and wildly successful. This year was largely populated by asymmetrical threat actors– hacktivists of all stripes, youthful petty criminals, and an increasingly fragmented ransomware ecosystem.
The ransomware ecosystem continues to shift, experiment, and fracture. In 2023, our tracking will have to become more granular – moving away from the notion of monolithic ransomware cartels to acknowledge the prevalence of smaller affiliate groups (often engaged with multiple RaaS brands).
The cybersecurity industry enjoys cutting its teeth on advanced threats and sophisticated techniques that challenge the collective brain trust to find new solutions. But 2022 has forced us to pay attention to the state of disrepair of our networked fabric. Without a sizable, conscientious collective effort, we should brace ourselves for 2023 which drives those painful lessons well beyond our tolerance.
Consolidation, But Not At All Costs
The sheer number of cyber-security products covering different surfaces and use cases means that customers are looking to consolidate when and where possible.
As much as we expect consolidation, customers will always end up using more than one vendor. We’re already seeing security teams demand more integration and more value from the collaborations between vendors. Gone are the days when a “technological alliance” could mean little more than a shared video. In 2023 this will range from a demand for integration across more types of use cases and standardization of data models to a very legitimate expectation that every new vendor will not only provide value on its own but also help extract more value from the existing products in the security stack.
No One Gets to Opt-Out of Cybersecurity in 2023
If there is one thing that we learned from 2022, it is that no one is immune from cyber threats. We’ve seen many breaches in 2022 – Lapsus$ alone breached Okta, Nvidia, Samsung, Ubisoft, T-Mobile, Microsoft, and Uber. It’s hard to believe that behind these breaches, there were no well-sponsored nation-states or global cybercrime syndicates but (allegedly) a group of young hackers who met online and collaborated, not even financially motivated.
This creates a new paradigm to think about. I am not a fan of zero trust, as it is tough for organisations to implement and leaves cracks for adversaries to exploit, but trusting no one makes more sense when you look at 2022.
With less security budget, efficiency-driven products will strive. The cost will become the main consideration for cybersecurity programs.
Attacks Will Be Bigger, Louder, Faster
The attacks we’ve seen in 2022 are more significant than those we witnessed in 2021. This is not just a trend; the reasons remain: Vulnerable products (led by Microsoft as an operating system provider and a security vendor), the means of communication, and the speed it takes a zero-day to become an exploit.
More organizations will be breached, more critical infrastructure will be impacted, and the cybercrime economy will continue to thrive. We will be entering a Golden Era of Social Engineering. With social networks, multi-tasking, and the evolution of devices around us, it just makes sense for adversaries to keep investing in social engineering. Phishing is a problem that is not solved and will continue to be a leading factor in compromising identities.
Disruptors or non-traditional threat actors will continue to exploit the traditional cybersecurity establishment. Advances in computing power and AI will transform the effectiveness of social engineering, fraud, and active measures (information/influence operations). As governments try to get a handle on asymmetric threats, new ways of attacking the global problem will have to be used.
Deep Fakes Will Enhance Social Engineering
As we get better at defending the endpoints, threat actors will need to up their game in order to penetrate harder targets. Social engineering remains a popular vector of attack, especially as workforces continue to remain decentralized and remote. Increases in computing power and availability of AI/ML engines will accelerate the effectiveness and authenticity of social engineering attacks through audio and video.
Furthermore, in 2023, expect to see threat actors target macOS more successfully with cross-platform malware and expend more effort on finding windows of opportunity to compromise unpatched Macs with known bugs. More supply chain attacks on developers and shared repositories are also likely to feature in 2023. Deploying a native Mac security solution is the default first step to combating the increased attention of threat actors on high-interest targets like developers and senior management in 2023. Enterprises that defer upgrades and minor updates need to pay particular attention to risk assessment and their overall macOS security posture.
Conclusion
Threat actors have become collaborative enough and malicious software and techniques are available enough to bring us to a point where attackers are now platform and technology agnostic. Where there is a weakness, there is a way!
And yet, while 2023 will undoubtedly hold surprises none of us could predict, it’s a fair bet that organisations that cover their bases, kill off the low-hanging fruit, and implement coverage across the cloud, identity brace ourselves, and the endpoint will be safer than those that do not. The future is opaque to us all, but in cybersecurity, we can’t afford to trust luck.