Cybersecurity “Predictions” – Let’s Talk about 2023

7 minute read

No matter what industry you’re in, the end of the year brings a few universal gifts to us all: a crush of retail offers for amazing deals on all the things we need (or want); a slew of conversations on what we learned in the previous year and what we resolve to do more/less/better next year; and predictions for what the new year will bring in terms of challenges and opportunities.

In cybersecurity, we see security trends and predictions proliferate through social media, blogs, Reddit, etc.  Many vendor forecasts highlight so many things that are either persistent challenges or the newest and shiniest objects to cross our field of vision. But, how do we determine what truly matters and what is just interesting to consider? That’s the challenge we decided to evaluate when we chose to categorize common predictive trends as “Always On,” “On the Horizon,” or “Overhyped.”

  • Always On: These items demand attention because they are as enduring as death and taxes. They’re equally inevitable, ubiquitous, unexciting, and scary, too.
  • On the Horizon: This is the most interesting set of considerations because the threats are here but not fully formed. They are likely to grow in ways that require they be taken seriously now and in the year ahead.
  • Overhyped: These are topics everyone talks about even though most have no idea why (or if) we should be expending energy on them.

Always On

Ransomware isn’t going anywhere

  • Ransomware is primarily delivered by the most effective means: Phishing emails.
  • It generates revenue for cybercriminals: A single ransomware group was reportedly responsible for ~$100M in losses in just 16 months.
  • It’s evolving: Double-extortion tactics empower criminals to extract money from victims more effectively and with higher returns.

Social Engineering is evergreen

  • Social engineering takes advantage of the most complicated and persistent security weakness in any organization: people.
  • Social media has grown to an estimated 4.6 billion users worldwide; most of whom do not have an information security mindset.
  • Training to prevent social engineering attacks must be ongoing, which challenges corporate budgets and everyone’s attention spans.

Impersonations are continuous and growing

  • The Federal Trade Commission (FTC) reported that “social media was far more profitable to scammers in 2021 than any other method of reaching people,” most of it related to some form of impersonation to conduct fraud. This is an upward trend we expect to continue.
  • Impersonation can cause immense financial harm, as evidenced by Eli Lilly and Lockheed Martin reportedly losing a combined $15B in valuation due to two fake social media messages that likely cost the authors $16.
  • Brand impersonation can damage a company through misdirected blame, such as when victims of fake job or tech support scams blame the impersonated company.

Deep and Dark Web are critical to cybercrime planning and monetization

On the Horizon

Social Media is an expanding battlefield

Figure 1: Average internet user time spent per day on social media. Source: Statista

Mis/Dis/Malinformation is a growth industry worth watching more closely


Nation-State Threats are scary …but not likely your top concern

  • While nation-states represent some of the most motivated and sophisticated capabilities among threat actors and groups, the vast majority of their targets are limited to government (including think tanks and NGOs), information technology (IT), and education. (See Figure 2)
  • Many state-sponsored actors rely on relatively low-tech means, such as spear-phishing emails, to deliver sophisticated malware instead of developing customized exploits or using targeted social engineering.
  • Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang recently said,  “Capabilities that were once reserved for state actors are available on the dark web for purchase” before adding that “there are categories of criminal actors who have capabilities that are sophisticated enough that we [the U.S. government] consider them targets that we might choose to disrupt.”
Figure 2: Industry sectors targeted by nation state actors. (Top industries include Information Technology, think tanks, education, and government.)

Source: Microsoft
Figure 2: Industry sectors targeted by nation state actors. Source: Microsoft

Metaverse and Web 3.0 are gaining interest beyond their current impact

Crypto and Non-Fungible Tokens (NFT) are distractions

  • Cryptomining was a big concern for large enterprises four years ago, but the cryptocurrency market crash reduced the payoff for setting up cryptomining operations in compromised systems. While cryptomining is still a threat – particularly for companies with large cloud computing contracts – monitoring corporate consumption more closely is a simple, cost-effective countermeasure.
  • Attacks on cryptocurrency exchanges are a significant threat that doesn’t impact the majority of organizations. Furthermore, while compromises and theft of cryptocurrency can impact anyone, large attacks are reserved for financial institutions and crypto exchanges.
  • NFTs are in their infancy, with an estimated user base of just over 400K as of 2021…but the jury is still out on what the future holds. NFTs could become a vital part of the future economy or a complete flop.

What Can You Do?

As organizations prepare for business in 2023, cybersecurity trends, predictions, and forecasting can help with prioritization …with risks to your business paramount to your strategy. It’s easy to get distracted by the shiny objects – the headline topics, the zero-days, the nation-states. But, an effective cybersecurity program isn’t necessarily about the biggest threat making headlines. It’s about fundamentally understanding and assessing your unique risk profile in the following ways

  • Know Yourself: Document and monitor your internal environment (including Crown Jewels) and external attack surface (including social media). Additionally, identify and work with stakeholders to codify intelligence requirements to prioritize effort and focus in the always labor-constrained business of security.
  • Know Your Adversaries: Invest in intelligence to assess the adversaries most likely to have both the desire and capability to do you harm, including their tactics, techniques, and procedures (TTPs), motives, and previous actions.
  • Know the Shared Terrain:  Capitalize on intelligence to proactively understand the planning, facilitation, and execution of attacks within the deep, dark, and open web, and implement security strategies and policies that eliminate exposure to those threats when possible and compensate for threats that can only be managed.

See ZeroFox in action