Trend scouting in cybersecurity
We have asked three of our cybersecurity experts to comment on trends for the new year. What do they think will happen in cybersecurity in 2023?
Mikael Holmgren, Executive Sales Representative
Everyone seems to agree that cybersecurity will be a priority focus in 2023. The reasons for this are several, such as the state of the world, regulatory requirements, and increased transparency in the event of incidents. Another reason is that the business management of more and more businesses are beginning to realise the business risks and consequences of cyberattacks. The signals are clear from the highest level with national and European political leaders at the forefront. A sign of this is the statement that Sweden's Civil Defense Minister Carl-Oskar Bohlin made in an interview with Computer Sweden on January 27th, where he pointed to the importance of society acting now on the wake-up call that the attacks represent:
"[...] that wake-up call must ring throughout society now because we cannot afford a situation where every single organisation has to suffer before they realise the seriousness - all organisations must start doing their job now."
On a technical level, advanced and elusive technologies such as Machine Learning and Artificial Intelligence are likely to be important tools for both defenders and attackers. A simple Google search shows terrifying examples of how the much talked about ChatGPT is already being used as a tool for attacks. Increased requirements, skill shortages and geopolitics mean that more people must find simple and clear solutions that make everyday life easier, while constantly advancing the positions with the latest protection techniques.
Chain reactions in the form of supply chain attacks are likely to increase further. We can assume that the threat actors, regardless of type, are lazy and smart. They know that the protections of the most desirable victims are the most difficult to force. However, by tracing connections and dependencies, one can quite easily find a subcontractor who is so many steps away that they may even be unknown to the primary target. The cybersecurity out in the periphery is probably not at all at the same level as at the primary target. A classic example is STUXNET, which got into something that was basically impossible. Even more modern and less sophisticated attacks like the Coop example prove that this can hit our civil society with full force. We can assume that this will become more and more common.
Håkan Ahrefors, IT manager and security expert
The AI tool ChatGPT has the world fascinated by what the current generation of generative AI is capable of. Unfortunately, 2023 will be the year when various AI tools, including ChatGPT, will be incorporated by criminals into various forms of attacks. Primarily, different variants of phishing will be spiked with e.g. impeccable language. Even fake voicemails that sound like the right person can become reality.
One risk we face is that the fraud and phishing will be of such high quality that our trust will begin to waver. This means that a creeping feeling of "can I trust anything at all" gets a foothold. Such a situation is awkward. If a phishing email becomes so good that it cannot be distinguished from an expected request, the point of trying to increase security awareness disappears. Instead, it leads to the introduction of more checks and confirmations, which can lead to "security fatigue".
In 2023, Zero Trust will continue to be what many continue to struggle to put in place for their businesses. In parallel, there is an ever-increasing challenge of how to manage all the stream of data that all security and log monitoring systems are now collecting. Which of "the two of us in the IT department" will go through the 100 alarms that appeared last night?
Finally, the headaches caused by security risks in the supply chain will continue to increase. If it is supply chain attacks against hardware, or why not configuration mistakes in a complex chain of cloud services, then there is no 'silver bullet' to resort to. In some cases, security means removing functionality! I feel like we are steadily getting better at hiding the complexity of increasingly powerful systems behind ever prettier and smoother GUIs and API calls. In this way, we make available an ever-increasing flow of functionality. But the limit of complexity has probably already been passed. It cannot be secured.
Martin Björnsson, IT security expert
The total cost of cybercrime, which in addition to a possible ransom also includes lost revenue, cleanup, recovery, etc., will continue to increase and may cross the magical $10 trillion mark as early as 2023. These costs are primarily driven by different types of malware that lock down systems and data with the aim of obtaining a ransom to enable a restoration of the systems. This cost is equivalent to double Japan's GDP in 2021, or roughly half of China's GDP in the same year. It is obvious that this cost is already a big problem today, but even more worrying is that so far there is no tendency for change in this development.
There will probably also be a continued rollout of multi-factor authentication (MFA) solutions – the new normal. To address the problem of lost passwords and compromised accounts, MFA and passwordless systems are now being widely adopted. This is also driven from the compliance side, as more and more regulations, guidelines and standards require MFA.
The awareness and commitment of management and boards will be forced to increase. This within the EU via the NIS2 directive, which very clearly requires management groups and boards to lead, follow up and control the security work. Other initiatives within the EU will also cause problems, such as the Cyber Resilience Act that will have a major impact on all producers of any form of digital products, as these need to take much greater responsibility for the products being secure throughout their lifetime.
More and more OT environments are connected to office IT and air-gapped control systems become a thing of the past. In addition to digitalisation, the driving forces behind this are also producers and suppliers of SCADA and control systems, which increasingly require operators to connect the systems to the supplier's cloud services. The debate concerning how and under what conditions you connect OT systems to the cloud will continue.
Need help with your security challenges? Welcome to contact us at Advenica!