Coming into 2023, organisations looking to improve their cyber security maturity already have a number of challenges to contend with. An evolving threat landscape, increasing pressure on cyber security budgets and a growing cyber skills gap are just some of the obstacles that have persisted into the new year.
To overcome these challenges, organisations need to direct their investment in the right areas, build new capabilities and focus the efforts of their cyber security teams on the threats which are most relevant to their organisaton. However, with 69% of cyber security decision-makers agreeing that “new and innovative measures of cyber attack are significantly outpacing their cyber security strategy”, it’s clear that not all organisations are able to keep pace.
1. Cyber Crime Will Displace Conventional Crime on the Global Stage
In 2023, organisations are likely well aware of the threat posed by cyber criminals in Russia and China. Hacking groups from these regions – particularly ‘ransomware gangs’ – are often front of mind for cyber security decision makers in many sectors. This year, independent threat actors from these regions are expected to ramp up their activities and are even predicted to begin co-operating to achieve their goals. Cyber crime is also likely to become more common in other regions, particularly in Latin America where hacker groups such as Lapsus$ have been performing increasingly brazen targeted attacks against government organisations.
"Traditionally overlooked by security teams outside of the region, large criminal groups across Latin America will keep shifting away from traditional methods of illegally generating cash and towards cyber crime. Even criminals without technical IT backgrounds can carry out the most devastating cyber attacks to extort economic advantage via ‘as-a-service’ models, creating a means of making quick dirty money for a fraction of the effort."
2. The Proliferation of Tools Will Open Up New Security Vulnerabilities
"Rather than consolidate on an automated toolkit, many organisations will miss the opportunity to maximise their budgets and continue to invest in a greater number of individual tools, which could cause them problems in 2023, particularly as one size increasingly does not fit all. Simultaneously, the rise of ransomware-as-a-service is making cyber attacks cheaper, quicker, and less skill-intensive to execute. Organisations should now re-evaluate their budgets and focus on more robust and proactive approaches, including detection and response, to strengthen their security posture in the face of rising cyber threats."
3. Criminals Will Exploit the Cost-of-Living Crisis to Target Insiders
As the current recession and cost of living crisis persist thoughout this year, we can expect the insider threat landscape to mature in 2023. Cyber criminals are aware of the financial challenges that many individuals face and see vulnerable employees as an opportunity to gain sensitive information or direct access to systems at their target organisation. In the UK, it seems likely that the public sector will bear the brunt of the economically driven insider threat. Bridewell research shows that government organisations are seeing some of their biggest cyber risks stem from internal threats like data theft and employee sabotage.
"The threat of insider sabotage and data theft has always been high across CNI organisations, but particularly within government agencies. Employees require privileged access to perform their jobs, so the highly sensitive information at their fingertips can be compromised, accidentally or otherwise. And due to the current economic crisis, some vulnerable employees may be particularly susceptible to blackmail by nation state groups. Public sector organisations must now strengthen their defences from the inside out, using sophisticated penetration testing methods such as red team assessments."