An Engineering Fellow’s Perspective on Cybersecurity in 2023

February 24, 2023

Cybercrime is a growing industry, and 2023 will be no different. This year there will be exceptions and outliers when it comes to cybersecurity. New technologies, innovation, professional tools, lower budgets and global unrest will all contribute to the upward trend of a future that might look less than secure.

Bottom-Line, Up Front

Financially driven cybercrime won’t change too drastically from what we experienced in 2022. In 2023, there still will be innovation and nuance to how ransomware works. New techniques or variations on classic themes for things like initial footholds, malware delivery could happen. We'll probably see continued use of the same techniques. Developing new methodologies end-to-end for something like ransomware isn't off the table, but the current approaches we see as of late 2022 certainly seem to be effective and profitable.

Professional red teams and their peers will keep making new tools for offensive security testing. Some criminals will adopt those tools and techniques. In response, candid blue teams will post tweets expressing their disgust with red teams for pursuing this research and sharing findings. In turn, vendors will pay attention to new innovations and adapt more readily to defend against new techniques.

Options for Defending the Enterprise

Many security executives expect their budgets to go unchanged from last year, so spending will need to be carefully considered. When security teams are cut down, those in charge believes that there’s technology that can make up for the human resource deficiency, thus negating any potential risks. Passively waiting for alerts to fire in an EDR console or SIEM or MSS platform is a good way to react to something that already happened but cannot get out in front of novel threats. Alerts generate easy metric data to show that the security team is busy and the business is happy because there is a perception of value.

Where there’s money to spend on technologies, organizations should invest more in proven solutions that solve real problems. Those technologies also require talented humans. This is "Scenario A”. Tools are certainly going to help with risk reduction, however it’s important to have enough critical thinkers to use them effectively. Flexible processes and procedures must be built for people to follow to ensure consistency. Whoever remains to pick up the slack in an already-overwhelmed security operations will do what they can, and an overall uptick in severe incidents are due to burnt out staff and attrition.

Alternatively, “Scenario B” features an investment in outsourced security resources. Investments in managed services will depend on scale and requirements but can be distilled to offloading routine security operations to a third party. This should provoke some qualitative questions: How do we ensure that we’re focusing on the right security events and doing the right things to reduce our overall security risk? Have we integrated this vendor into our processes for incident response (IR)?

What’s The Point?

In 2023, there will be a broad-spectrum de-emphasis on humans, largely due to budgetary factors. This comes in terms of career development like training, as well as workforce management actions like reduction in force or outsourcing.

Employees likely had training budgets cut, and many people who have a role in activities like incident response are greatly lacking in real world IR experience and practical knowledge, rendering them fully dependent on third parties to navigate the challenges as best they can. A considerable amount of uncertainty where organizations who rely on managed services for security operations don’t have a reliable procedure defined to integrate the managed service provider into the IR process. Many organizations only take actions for IR training in the form of a single annual tabletop exercise. As a result, many IR stakeholders can’t build the right "muscle memory" that’s needed to fulfill their role in the process.

Moving Forward

In the domain of state-sponsored offensive security activities may be more interesting. The events of 2022 led us to some interesting shifts in the world's status quo. A lot of countries' activities will maintain, but new targets or courses of action could emerge as any international order changes. Russian influence may change slightly and could also impact criminal actors based in Russia.

China will continue to focus their activities on the cyber domain in ways that help them to gain or maintain power. It's expected that there will be reports of China being aggressive in pursuing intellectual property or other wins in response to a shift away from Asia for manufacturing technology products such as microprocessors.

Other countries across the globe will continue with their operations. In many cases these activities may be more regional in nature, such as within the Middle East between governments, rather than cyber operations between countries and private companies. Private industry may find themselves as targets depending on the unique objectives of these countries, but it’s notoriously difficult to accurately forecast the motivations of many states.

Cross-domain problems, such as social media manipulation and disinformation campaigns, will persist and likely grow. A considerable amount will be focused on non-English speaking populations across the globe. Regions such as the African continent are likely falling under the radar of the international community where some countries may be leveraging disinformation campaigns to build influence. Some tactics may change, either due to uncertainties around platforms such as Twitter, improved content moderation or disinformation controls on other social media sites or due to shifts in priorities among the sponsors of disinformation.

New Year, New Rules To Stay Safe

The outlook for 2023 started out slightly obscured, and the obfuscation will persist indefinitely. Listen to and trust the people working down at ground level, pay attention to the threat landscape and trends over time and prioritize quick wins that reduce risk and relieve pressure on the people keeping information systems safe and secure.