How will cybersecurity develop as 2023 unfolds and what are likely to be the main trends for the year ahead, both in terms of the threat landscape and the types of technologies and processes tat businesses will need to develop to defends themselves?
To gain an insight, Digital Journal spoke with experts at LogRythm. From these conversations, there is a worrying emergent trends: Cyberattacks will flourish in a period of economic downturn.
There is also likely to be some changing tactics in terms of what cybersecurity criminals get up to. For example, ransomware operators are set to replace data encrypting with corruption.
The first expert up is Kevin Kirkwood, Deputy CISO. Kirkwood begins by identifying the main business target: “Supply chain attacks will continue to be one of the biggest threats to enterprises using open-source software.”
It follows, says Kirkwood: “Organizations should be on high alert for supply chain attacks if they use open-source software. In recent years, hackers have become more strategic when it comes to exploiting open-source software and code. 2023 will be no different. Bad actors examine the code and its components to obtain a thorough understanding of its flaws and the most effective ways to exploit them.”
To stay ahead, Kirkwood recommends adopting a broader basis of thinking: “Most folks think of ‘supply chain attacks’ as an attack on the physical pipeline that will keep folks from being able to produce physical products. Software supply chain attacks are similar in nature to the physical world. Developers use libraries, executable code and code snippets to complete their software products. If those elements are compromised and malicious code is inserted into those elements, the end product that the developer has produced becomes a vehicle for threat actors to compromise the product and potentially gain entry to the system that houses the software.”
These vulnerabilities feed into recommendations for business activities: “In 2023, we’ll see bad actors attack vulnerabilities in low-hanging open-source vendors with the intention of compromising the global supply chain that utilizes third-party code. Attackers will infect the open-source repositories and chromium stores with malicious code and will wait for developers and other end users to come along and pick up the new sources and plugins. Without a robust scanning program and a ‘curated zone’ for source code and plugins, companies will continue to be at risk.”
Kirkwood is also concerned about the current economic situation, noting that during a time of economic downturn, cyberattacks will flourish. He finds: “When it comes to malicious attackers, organizations need to be acutely aware that we’re not talking about machines or software programs being at the other end of this, we’re talking about creative human beings who are motivated and will do whatever it takes to achieve their goal of receiving more money.”
Kirkwood adds “As organizations balance international turning points with Russia’s war in Ukraine while scaling down operations, threats will inevitably continue to evolve as cybercriminals take this chance to up their attack game during the recession. Therefore, it’s crucial that all organizations are proactive with their security strategies and adopt endpoint technologies and other security solutions that provide preemptive capabilities.”
The second expert is Andrew Hollister, CISO. Hollister is concerned that ransomware operators will stop encrypting in favor of corrupting files. As he explains: “Ransomware has been an attack vector in continual development over the years and is perhaps the one common threat that keeps all CISOs awake at night. In 2023, we’ll see ransomware attacks focusing on corrupting data rather than encrypting it.”
Expanding on these risks, Hollister finds: “Data corruption is faster than full encryption and the code is immensely easier to write since you don’t need to deal with complex public-private key handling as well as delivering complex decryption code to reverse the damage once the victim pays up. Since almost all ransomware operators already engage in double extortion, meaning they exfiltrate the data before encrypting it, the option of corrupting the data rather than going to the effort of encryption has many attractions. If the data is corrupted and the organization has no backup, it puts the ransomware operators in a stronger position because then the organization must either pay up or lose the data. Therefore, the importance of backing up critical business data has never been higher.”
Hollister also predicts a trend to be taking place with IT. Here, cybersecurity budget conversations will focus on securing critical business assets.
Looking at the drivers for this, Hollister finds: “In tough economic times, an organization’s c-suite will be focused on cutting what they perceive as non-essential costs. It’s exceptionally important that when leadership thinks about cybersecurity budgets, they take the time to carefully analyze and understand what they are protecting from a business perspective.”
This leads Hollister to his final recommendation: “As cyberattacks continue to rise, I anticipate more organizations will be doubling down on frontline prevention and detection technologies to stay secure and aiming to consolidate cybersecurity tools where possible.”
