1. Impact of a Downturn

Set against a backdrop of geopolitical instability and potential trade wars, economies are predicted to be turbulent, and we may see tightening budgets as well as rapid investment in new businesses by private equity. This means that new owners of technology estates could see themselves purchasing high levels of cybersecurity debt and risk.

Spending on strategic cyber initiatives that are not directed by compliance or regulations is also likely to be tightened.

Edward Starkie, Senior Vice President at Kroll said: “2023 may be the year of the rapid risk reduction 90-day plan owned and delivered by post-acquisition interim CISOs. At the very least, CISOs will need to be focused on high-impact, low-cost control that optimises existing licenses and previous investments.”

2. Threat Actors Moving Faster
In 2023, threat actors are likely to hone their tactics and move quicker, with less dwell time between infection and exfiltration of data, new forms of compromise around the supply chain and industrial control systems, as well as more sophisticated techniques to circumvent cyber defence tools. This makes detecting suspicious activity even more critical.

Anthony Knutson, Senior Vice President at Kroll noted: “In 2023, threat actors are likely to hone their tactics and move quicker. This makes detecting suspicious activity quickly even more critical for organizations. While solutions to achieve this are becoming more commonplace, and they undoubtedly help from a logging perspective in incident response investigations, the actual monitoring of these systems is an area that is due to ramp up in 2023 as pressures on internal capacity lessen.”

3. New Attack Vector: SEO Poisoning
SEO poisoning could represent a big shift in how cyberattacks typically start and indicate a wider net being cast by threat actors. In attacks analysed by Kroll, infected domains tend to be sites affiliated with an IT tool or service, which when visited infects the victim with credential-stealing malware. This could be used to collect the credentials of IT employees to gain access to a domain admin account.

Laurie Iacono, Associate Managing Director at Kroll commented: “In the future, particularly following the value of cryptocurrency going down and the average ransom payment amount declining this year, we are likely to see ransomware-as-a-service groups looking to maximize their revenue streams.
They may spread a wider net for victims by using tactics such as SEO poisoning and looking at new ways to ensure victims pay. Many ransomware actors already attempt to compromise backup systems, but they could also become more destructive, for example by using data corruption and deletion, limiting the victim’s options for restoration or possible decryption without collaborating with the threat actor.”

4. IT Providers Under Threat

Cybercriminals will also become more targeted in 2023, with attacks on cloud, IoT devices and operational technology (OT) environments increasing. This will stimulate demand for security monitoring solutions and simulated attack exercises that aim to improve cyber resilience.

In terms of targets, large IT providers are likely to be a target in 2023, as threat actors attempt to use them as a route to compromise end clients via supply chain attacks.

Lukasz Olsznewski, Associate Managing Director at Kroll said: “We are likely to see more attacks against Operational Technology (OT) environments, and similar techniques to those used in 2022, such as taking advantage of user authenticator fatigue to bypass MFA and double extortion in ransomware attacks.”

5. Increased Focus on Privacy Regulation
There is currently little consistency in the privacy regulation approach between firms and their respective law firm partners. European standards such as ENISA and ISO will help to ensure consistency of approach to privacy risk, and technology could be embraced by data regulators as a way for organizations to meet their regulatory requirements.

Martin Nikel, Associate Managing Director at Kroll, added: “As cyberattacks and data breaches continue their momentum and external economic factors put businesses under pressure, we may see regulators get frustrated by those that don’t prepare adequately. They could turn focus to preparedness and be less forgiving of those who are not organized in their incident response.”