Employers are also facing headwinds in a challenging macroeconomic environment and must make difficult decisions to ensure long-term profitability. This will lead to an increase in non-technical factors associated with insider threats that need to be reviewed and monitored in a continuous manner. The organizational restructures and workforce reductions permeating across industries and verticals may cause individuals to take proactive steps to protect themselves, even if their current organization has not undertaken cost-cutting measures yet. More acutely, organizations that have endured these reductions will likely become increasingly vulnerable to insider risk as individuals are subject to increased workload, concerns of financial stability, and organizational misalignment.
Rates of accidental insider risk will grow due to workforce fatigue and burnout.
Many organizations looking to reduce costs have issued salary or benefit cuts while simultaneously increasing workloads for their employees. The ramifications of these decisions will have the greatest impact on the already challenged Millennial and Gen-Z demographics, and surveys show that 80% of these workers are already searching for additional sources of income. When paired with financial stressors, fatigue and burnout can lead to emotional imbalance and prevent employees from maintaining their usual level of attention and care. This will increase instances of human error, such as clicking on malicious links or failing to adhere to security policies, and exacerbate the rate of accidental insider risk.
Increased use of adversarial machine learning.
The broad adoption of AI and statistical methods in defensive security use has forced threat actors to adapt and will usher in a new era of adversarial machine learning in 2023 and beyond. Attackers will increasingly deploy techniques to inject bad training data into online defensive learning systems, allowing for new attack techniques that avoid detection. Threat actors will also begin automating multi-step attack processes, such as account and service enumeration followed by lateral movement, to increase attack speed. This will begin with hardcoded logic and evolve into attack code that learns from the environment to make dynamic decisions autonomously. Organizations will increase their adversarial machine learning research budgets to counter this emerging threat, looking to build defensive AI that can thwart these methods.
More successful major cloud provider-level attacks.
There were several successful attacks and vulnerabilities recently discovered in major cloud provider environments, such as the Azure Service Fabric exploit and the Azure Cosmos DB vulnerability. The increasing concentration of data and assets in those environments, coupled with the breakneck pace of innovation from providers, will create the perfect scenario for high-impact breaches to occur. Organizations with a heavy cloud presence must prepare for scenarios where data is exposed or accessed from outside of their tier of responsibility. Data protection solutions, such as encryption and external key management systems, will be necessary steps to increase resiliency against these scenarios. Organizations should extensively monitor for abnormal behavior in their cloud infrastructure to compensate for the visibility challenges for threat detection in these cases.
More devastating ransomware attacks targeting cloud, containers, and other attack surfaces for bigger impact.
Ransomware attacks will continue to grow in volume and take advantage of the expanding attack surface. “Blended” attacks will increasingly move from on-premises to cloud environments due to the higher density of sensitive victim data, creating more opportunities for attackers to extort their victims and gain leverage as part of the ransom negotiations. Older ransomware families such as Lockbit, Revil, Blackbyte, and Conti will return with new TTPs and IOCs. New threat actors will either leverage existing infrastructure or use their own means to target essential service providers. These include healthcare organizations, medical establishments, governments, financial services, and other industries that are critical to the supply chain.
OT/IoT security will become a greater cross-sector priority.
While the OT-IT convergence presents an unprecedented potential for significant returns, it also increases the potential for damaging cyberattacks on systems that were previously isolated and harder to reach. Attacks are becoming more common because these systems – often consisting of critical infrastructures – are becoming more interconnected in a larger ecosystem. As cybersecurity continues to embrace a holistic approach, organizations, regardless of industry, will make OT/IoT security a much greater priority to defend against attacks. OT network information, including visibility and monitoring of assets and process control information from sensors and actuators, will deliver greater insights into how attacks are initiated and determine how deeply the infiltrator has penetrated the system.
Threat actors will continue to take advantage of micro- and macro-level trends to target their victims throughout the next year. New advanced campaigns will be deployed globally through both tried-and-true techniques and new approaches that have yet to be seen. While 2023 will present new challenges, organizations that secure coverage across their extended environments and the cloud will be more prepared.