It’s that time of year again! After a tumultuous year that featured sustained economic volatility, global unrest, and increased cyber threats to information, operations, and controls, we wanted to process what we learned in 2022 and share our 2023 predictions. As we emerge from the pandemic and look ahead to what’s on the horizon, here’s what we believe we’ll see next year:
A growing number of attacks successfully bypass fundamental security technologies and defenses.
Building upon their efforts with LAPSU$$ and other high-profile attacks, malicious actors will successfully target and expose the shortcomings of various security technologies, such as MFA and zero trust, on a much greater scale. Attacks related to MFA bypass, including those specifically targeting Okta and other similar vendors, will increase. Any credentials obtained from such a breach will allow threat actors to launch attacks that seemingly originate from within an organization’s cloud ecosystem. Increased cloud migration, ease of use of cloud infrastructure, and greater availability of compromised credentials will enable attackers with historically small capacities to operate with advanced resources in 2023 and beyond.
Insider threats continue to evolve and increase in volume due to societal and organizational stressors.
Insider threats persist and will further evolve due to global, societal, and organizational stressors. Global economic prospects remain volatile in a post-pandemic world and there is increasing uncertainty within financial markets. Gallup’s Economic Confidence Index has fallen sharply since 2020 and research has shown that most Americans believe the country is currently in, or will soon enter, a recession.
These conditions will undoubtedly create a perfect storm in 2023, and stressors such as sustained inflation, an ongoing cost of living crisis, and the geopolitical threat landscape will weigh on individuals. As concerns about the future grow, individuals may look to relieve financial stress by perfidious means. This will primarily impact the Frontline Fraudster and Entitled Independent insider threat profiles, as they will take action to ensure their needs are supported. There will be an increase of insider incidents driven by psychosocial stressors – specifically with respect to sensitive data – because the perception of stalled growth tied to a downturn in the business cycle will cause the Ambitious Leader to find additional avenues for advancement. Individuals who voluntarily leave a role or seek opportunities with competitors may exfiltrate proprietary corporate data from their current organizations to improve their performance in a new organization.