This week I came across a very interesting report published by Forrester who are a leading independent research and advisory firm that provides insights and analysis on a wide range of business and technology topics. In this instance, the topic of focus was the Top Cybersecurity Threats in 2023.
2023’s Top Cyber Security Threats
The landscape of cyberattacks is evolving rapidly, with new weapons and facilitators such as generative AI, cloud complexity, and geopolitical tensions. An alarming 74% of security decision-makers reveal that their organisations’ sensitive data may have been compromised or breached within the past year alone. This sobering cybersecurity reality sets a baseline that any Chief Information Security Officer (CISO) must seriously contemplate.
As attackers continue to rapidly leverage generative AI, discover novel methods to exploit complex cloud systems, and capitalise on geopolitical tensions to execute increasingly sophisticated attacks, the situation is likely to worsen before any improvement can be expected.
Forrester’s report on the leading cybersecurity threats in 2023 delivers a clear cautionary message regarding this year’s top threats in cybersecurity. Attackers have intensified their efforts by harnessing the power of generative AI and employing ChatGPT, enabling them to refine their ransomware and social engineering tactics.
Whilst generative AI can create authentic images, videos and audio of real people, useful for a better movie experience and rich educational content, it has also raised concerns about deepfakes – digitally forged images or videos – resulting in harmful cybersecurity attacks on businesses, due to nefarious requests that realistically mimic an employee’s boss.
A Battle on Two Fronts
CISOs face the dual challenge of addressing persistent threats while also grappling with the lack of preparedness to tackle emerging ones. Ransomware and social engineering, particularly through Business Email Compromise (BEC), have been long-standing threats that CISOs have dedicated their efforts to defend against over the years. Despite significant investments in fortifying their technology stacks, endpoints, and identity management systems to combat ransomware, breaches continue to proliferate.
As attackers strive to maximise the scale and speed of ransomware payouts, they have identified supply chains, healthcare providers, and hospitals as lucrative targets. Any organisation that offers time-sensitive services and cannot afford prolonged downtime becomes a prime target for larger ransomware payouts, as these businesses urgently need to restore their operations.
According to Forrester’s predictions and survey findings, an increasing percentage of breaches will go unreported as newer threats continue to evolve. CISOs and enterprises are reluctant to acknowledge their lack of preparedness. Surveys reveal that 12% of security and risk professionals have encountered between 6 and 25 breaches in the past year alone. These breaches stem from BEC, social engineering attacks, and ransomware. Additionally, emerging attack strategies are appearing that specifically target AI-based defenses with the intent to cripple them.
Outdated perimeter-based systems, lacking an AI-based upgrade path, are the most vulnerable in this scenario. As a new wave of cyberattacks emerges, targeting the weakest links in various businesses, including complex cloud configurations, the divide between reported and actual breaches will widen.
This Year’s Top Cybersecurity Threats
As the threat landscape evolves, Forrester predicts an increase in more destructive attacks as threat actors enhance their AI capabilities to overcome the latest generation of cybersecurity defenses. Reports suggest this trend is already underway, with attackers focusing on exploiting vulnerable gaps between endpoints and identity protection.
During a recent interview, CrowdStrike – a notable cyber security solution provider – highlighted the pressing challenge of bridging the divide between endpoint protection and identity protection. They emphasised addressing this issue is currently one of the most significant concerns for cybersecurity professionals highlighting the complexities associated with identity and the crucial need to establish a connection between endpoints, identity, and the data accessed by users. Resolving this critical problem poses a formidable task, but it holds the potential to address a significant portion of an organisation’s cybersecurity challenges.
The Spectre of AI
The advent of generative AI, ChatGPT, and the support of large language models have empowered attackers to unleash attacks with unprecedented levels of speed and complexity. Forrester predicts that the use cases for these technologies will continue to multiply, constrained only by the attackers’ imagination and ingenuity.
Complex Nature of Cloud Services Create Security Risks
Cloud services have become a fundamental part of enterprise operations, with an impressive adoption rate of 94%. However, security remains a paramount concern for 75% of these organisations. An overwhelming two-thirds of companies have already established cloud infrastructures. According to Gartner’s estimates from the previous year, the shift towards the cloud will drive over $1.3 trillion in enterprise IT spending this year and nearly $1.8 trillion by 2025. By 2025, 51% of IT spending is expected to migrate to the public cloud, marking a significant increase compared to the 41% recorded in 2022. Furthermore, cloud technologies are projected to account for 65.9% of application software spending in 2025, up from 57.7% in 2022.
These forecasts highlight the growing complexity of cloud computing and storage infrastructure, which consequently presents substantial security risks. Forrester emphasises several threat surfaces that demand the attention of CISOs and their teams, including insecure infrastructure configurations in Infrastructure-as-a-Service (IaaS), malwareless attacks, privilege escalation, and configuration drift.
To address these challenges, the report advises enterprises to establish resilient and robust cloud governance frameworks. Leveraging security tools like native security capabilities offered by IaaS platforms, cloud security posture management, and SaaS security posture management can aid in the detection and remediation of threats and breach attempts. By implementing these measures, organisations can enhance their security posture and mitigate risks associated with cloud infrastructure.
International Threat Actors Persist
Forrester highlights Russia’s invasion of Ukraine and its relentless cyberattacks on Ukrainian infrastructure as compelling instances of geopolitical cyberattacks that have immediate global implications. According to Forrester, nation-state actors will persist in utilising cyberattacks against private companies for geopolitical purposes, including espionage, leveraging negotiations, controlling resources, and stealing intellectual property to gain technological superiority.
Furthermore, Forrester identifies the ongoing diplomatic and trade tensions between China and the United States as a potential catalyst for increased attacks on enterprises. The report cites specific events, such as the U.S. restrictions on China’s semiconductor chip exports and communications equipment imports in late 2022, as well as China’s subsequent sanctions on U.S. defense contractors in early 2023. Likewise, Russia’s encounter with European trade bans and export controls adds to the backdrop of these conflicts, which may have repercussions for private companies.
An additional case highlighted by Forrester involves North Korea’s theft of $741 million in cryptocurrency from Japan, underscoring how geopolitical threats can swiftly destabilize an entire nation’s financial stability. These examples serve as a reminder of the rapid and far-reaching consequences that geopolitical factors can have on the cybersecurity landscape.
Ransomware Remains a Top Cyber-Threat
According to Forrester, ransomware continues to pose a significant cyber threat, with attackers adopting double extortion tactics to prevent data disclosure. In addition to demanding ransom from breached enterprises, attackers also extort money from the customers of these organisations, threatening to expose their data. This not only adds to the financial burden but also severely damages the reputation and trust of the affected enterprises.
Forrester has observed an alarming trend of ransomware attacks targeting critical infrastructure and supply chains, where even slight delays can result in substantial financial losses amounting to millions of dollars. Attackers understand that by disrupting the supply chain, they can swiftly force enterprises to meet their demands for higher ransomware payouts, exploiting the businesses’ inability to tolerate prolonged downtime.
Of particular concern is Forrester’s finding that hospital ransomware attacks have doubled between 2016 and 2021, putting lives at risk. Ransomware has become a favored tactic for North Korea, serving as a means to fund its espionage and missile development programs.
In response to the growing ransomware threat, more than 30 nations joined forces to establish the Counter Ransomware Initiative (CRI) in October 2021, aiming to combat ransomware on a global scale. Australia is taking the lead in the International Counter Ransomware Task Force (ICRTF), which is part of the CRI strategy to tackle ransomware. Forrester recommends that enterprises equally prioritise their defense against ransomware and consider subscribing to external threat intelligence service providers, such as Sophos MDR, which offer targeted ransomware intelligence.
The report also emphasises that security and risk management teams in critical infrastructure companies must be prepared to promptly report cyber incidents within 72 hours and ransom payments within 24 hours to the Cybersecurity and Infrastructure Security Agency (CISA), as stipulated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
Business Email Compromise Leads Insurance Claims
In 2021, the FBI’s Crime Complaint Center disclosed staggering losses of $2.4 billion to businesses due to Business Email Compromise (BEC) social engineering. Fraudulent funds transfer claims resulting from BEC attacks surpassed all other types of claims in 2022, surpassing even ransomware attacks. Exploiting human error, BEC social engineering attacks commonly employ phishing techniques to steal credentials and misuse accounts.
Forrester highlights that BEC social engineering campaigns are entering a new phase, incorporating the use of multiple communication channels to persuade victims into taking action. Some campaigns even incorporate CAPTCHA processes to enhance their perceived legitimacy. The report emphasises that adopting domain-based message authentication, reporting, and conformance (DMARC) for email authentication alone is insufficient. Enterprises must embrace a data-driven approach to behavioural change, continuously measuring progress, and employing additional training and technologies to mitigate the risk of successful socially engineered attacks.
Fail to Prepare, Prepare to Fail
Forrester’s recent cybersecurity threat report serves as a strong cautionary message for organisations worldwide, urging them to prepare themselves for an era of emerging attack strategies. Attackers persist in honing their skills, incorporating new techniques to exploit generative AI, manipulate cloud complexities, and capitalise on geopolitical tensions to orchestrate increasingly sophisticated attacks.
While enterprises diligently allocate resources to bolster their cybersecurity budgets, focusing on countering BEC social engineering and ransomware attacks, they must also proactively devise strategies to anticipate, detect, and respond to threats targeting their AI models, algorithms, and the associated data. Enhancing threat intelligence requires security teams to harmonise these diverse efforts, forming a cohesive defense system capable of thwarting the next wave of cyberattacks.