Blog
Predictions 2023, Part 1: What will the new year bring for the InfoSec Community?
By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, CSSLP, SSCP
In recent years, we have seen the threat landscape become increasingly complex as threat actors use sophisticated techniques to exploit vulnerabilities of weak passwords, missing patches and antiquated software, thus gaining access to corporate networks.
With attacks rising within industrial control systems (ICS), operating technologies (OT) and the internet of things (IoT), we are seeing the development of new terminologies emerge (e.g., patch lag or security resilience), and the list goes on.
In 2023, we can expect to see the following:
- Staffing shortages because of the increased need to thwart cyberattacks and, as a result, burnout will continue to plague the industry.
- An increase in attacks, including ransomware, bot attacks, expanded attacks on IoT, ICS and OT, and an upward growth in cloud-based attacks and cloud infrastructure
- A rise of deepfakes through e-mail, video and messaging platforms with a particular spike in deep fake phishing and wiperware.
- More challenges associated with cyber insurance as more awareness of cyber incidents’ reputational and financial risks come to light.
- New data privacy regulations and legislation will be implemented worldwide to protect consumers’ information.
Cybersecurity Staff Shortages
Staff shortages have affected the industry for several years, and the 2022 (ISC)² Workforce Study reveals a global cybersecurity workforce gap of 3.4 million professionals. We estimate that the workforce gap will likely increase in 2023.
As cyber threats continue to increase and technologies become more complex, skills will need to evolve to handle the onslaught. This continued need for staff training can impact or leave gaps in resources. Additionally, as the complexity changes, burnout related to long hours and stress will affect staff. Additional stress will be caused by the lack of training, overtime work, the frequency of cyber incidents and the potential for job insecurity.
Cybersecurity professionals continue to be challenged by a never-ending onslaught of attacks and are constantly trying to mitigate cybersecurity risks. As economic conditions worsen, we estimate that training budgets will be amongst the first to be cut, thereby impacting the skills gap.
We are seeing many new training and education opportunities come to market to offset the staffing shortages, but they are insufficient to meet the needs of the cybersecurity workforce. IBM is aiming to train 500,000 individuals from India in cybersecurity skills over the next five years. In August, (ISC)² pledged to provide one million free Certified in Cybersecurity courses and exams for those looking to enter the profession.
In 2023, unfortunately, we will see an increase in those who state they have the necessary skillset but may not have the cybersecurity experience needed for a role. Entry-level certifications, like the Certified in Cybersecurity, provide individuals with the foundational knowledge and expertise, which will be even more critical for finding a cybersecurity job.
OT Infrastructure
Open-source systems (software) will continue to be a target of cyberattacks, as many of these systems are built on legacy software which is outdated and seldomly patched. Even when these systems are updated, ICS or OT will continue to be susceptible to attacks as there are challenges associated with patch management and insufficient security training.
It is anticipated that, like in previous years, these systems will not be well protected, and little will be done to secure them. As tensions rise with the Russian/Ukrainian war or in China, the threat to these systems increases dramatically.
To protect these systems, we recommend (but are not limited to) the following:
- Increasing the visibility of these assets (have an inventory).
- Implementing (where possible) mitigating controls (think firewalls between networks).
- Building resiliency plans.
Ransomware
In the last several years, ransomware attacks have made headlines, and we can only anticipate that this trend will continue into 2023. In fact, in 2022, more than 200 U.S. institutions were affected by ransomware. Specifically, the “State of Ransomware in the U.S.” report revealed 105 local governments; 44 universities and colleges; 45 school districts; and 25 healthcare providers operating 290 hospitals navigated ransomware attacks in 2022.
As ransomware gangs have shifted tactics and operations in the past year, we anticipate that in 2023 we will see a continued shift around types of attacks and those targeted in new markets and regions.
To better protect organizations from ransomware attacks in 2023, we recommend the following to enhance security:
- Create backups and secure them offsite.
- Test backups regularly and your ability to restore from the backups).
- Provide security awareness education and information to staff regarding the risks. Educate staff on many of the methods used to steal data.
- Ensure that security software is current and the latest security patches have been applied.
- Implement multi-factor authentication
- When possible, encrypt confidential or sensitive data.
Fake Ransomware (Wiperware)
In late 2022, we began seeing attacks that purport to be ransomware; they contain a ransom request by creating a README.txt file that includes a bitcoin wallet address, a contact e-mail address and an ID. Unfortunately, it is not ransomware but wiperware. Wiperware (a Trojan) typically does not attack or affect system files (.exe, .dll, .lnk, .sys, or .msi or files in the C:Windows directory), but instead, the attack is focused on databases or user documents. Once the malware modifies a file, it cannot be recovered (ever) as the data has been overwritten or corrupted. Typically, the intent of this Trojan is not financially motivated but is used to destroy data. These attacks can be politically motivated, as seen in the Ukrainian/Russian conflict.
In 2023, there will also be an increase in phishing attempts as these attacks are used to distribute both wiperware and ransomware.
We’ll continue to discuss data privacy, supply chain, cybersecurity insurance, as well as other 2023 predictions in the next blog post.