Industry executives and experts share their predictions for 2023. Read them in this 15th annual VMblog.com series exclusive.
Threat actors set their sights on collaboration tools and take social engineering to the next level plus much more!
By Brian
Pinnock, VP SE EMEA, Mimecast
The cyber threat landscape is complex and continuously evolving.
Each year, the tactics, techniques and procedures of threat actors become more
difficult to defend as cybercrime grows in sophistication and funding. However,
a common theme still exists - email remains the primary attack vector. In fact,
the Mimecast
2022
State of Email Security Report found that eight in 10 companies are bracing
for the fallout from an email-borne attack, while 96% acknowledge that their
organization had faced a form of phishing attack in the past year.
Beyond these basics, what else should you look out for in
2023? I would pay attention to the evolving threat landscape as we are likely
to see many repeat victims in the coming year. The victims of relatively
unsophisticated initial attacks often lack risk appreciation or cyber skills at
the board and executive level which, in turn, drives insufficient investments
in adequate tools and execution.
From a big picture standpoint, I see geopolitical
cyberattacks increasing in 2023. Cybercrime groups are likely to
fracture along lines drawn by the emerging geopolitical environments in Russia,
North Korea, Iran - and maybe China. Eastern Europe will likely see the most
change with Ukrainian and pro-NATO eastern European nations targeting Russia
and its allies. However, it's likely these groups will still target western
countries as well, unlike Russian gangs who will likely continue to solely
target western nations.
In addition to thoughts of my own, below is a diverse
collection of thought leadership predictions from a few of my colleagues across
the Mimecast global team.
David Raissipour, CTPO
Hybrid Business
Collaboration Channels Will Remain Top Target
The past year has taught us
that threat actors are increasingly exploiting societal shifts to hybrid work
environments as an opportunity to deploy brand impersonation attacks on a wider
and more dangerous scale. In turn, the collaboration channels that are now
fixtures of our new way of working - Slack, Microsoft Teams, Zoom,
Sharepoint, etc. - have joined email as a primary attack vector for stealing
sensitive data, employee network credentials, and customer P.I.I. archives.
That won't change any time soon. To work protected in 2023, organizations will
need to leverage AI-enabled automation tools and technologies that can extend
beyond email security to effectively safeguard the intersection of hybrid
business communications, people, and data.
++
Dirk Jan Koekkoek, VP Product Management
Multi Layered Attacks are Just Getting
Started
In 2023, we will see more multi-layered
attacks where both technical and human elements play a role. The new digital
work environment provides more opportunities for attackers to gain initial
access and increases possibilities to move laterally and elevate
privileges.
Last September's cyberattack on Uber is
one example. Allegedly, breached credentials, multi-factor authentication (MFA)
fatigue, and social engineering allowed the threat actor to obtain access to
several critical IT systems. It's expected that we will see more of these
ahead.
Organizations need to look at the
bigger picture, taking a viewpoint from the individuals who work with the
technology is key. User behavior across all tools, communication channels and
devices must be considered to protect in 2023.
++
Elaine Lee, Senior
Engineering Manager - Data Science Labs
The skills gap in Cybersecurity,
particularly in AI/ML expertise, will probably be felt more acutely in 2023.
In 2022, newsworthy attacks were typically
very targeted, methodically planned, but still very manual in nature (e.g. a
hacker undertaking multiple manual steps in the September Uber breach).
Customers will be looking for cybersecurity products that can effectively
protect against a multi-stage attack like this.
But to detect these attacks, the existing detection systems need to be
harmonized effectively and turned into a meta-system. As a result,
cybersecurity companies will be looking for [more] AI/ML expertise to design
and implement these meta-systems, in an already tight labor market.
++
Duane Nicol, Sr. Product Manager - Awareness
Training
Phishing will become less prevalent as a primary
source of data to quantify risk.
Most corporate email gateways do a great job of
blocking out malicious emails, so testing will become somewhat superfluous
because of the improbability of employees ever receiving an actual phishing
email. In 2023 most employees will likely receive more simulated phishing
emails than real ones in corporate email, but that of course doesn't stop
threat actors from relentlessly attacking their personal machines. This still
involves inherent risk as many users admit to using their corporate devices to
transact personally. If a user, not entirely aware of the risks, open a
malicious email in their personal inboxes this could still have a significant
effect on the business.
It is thus why businesses need to continue
driving basic awareness principles to users, so that at any stage of the
communication journey when faced with a suspicious email, they apply the same
knowledge irrespective, thus keeping themselves safe. A user that keeps
him/herself safe has an incredible +1 effect on the businesses strategy to
mitigate risk.
++
Kiri
Addison,
Senior Product Manager, Threat Detection & Efficacy
Threat actors will take social engineering to the
next level. As AI voice cloning technology becomes more powerful and readily
available, we will see an increase in impersonation attacks that utilize audio
deepfakes. These will be used in combination with compromised email and
collaboration accounts.
++
Jose Lopez,
Principal Data Scientist
Threat
actors will use accessible Large Language Models to create campaigns using natural
language and automatic social engineering to aim at the most vulnerable persons
in companies. This way, they will be able to manage more attacks while at the
same time improving their success ratio.
##
ABOUT THE AUTHOR
Brian
Pinnock, VP SE EMEA
Mimecast empowers more than 40,000 customers to help mitigate risk and
manage complexities across a threat landscape driven by malicious cyberattacks,
human error, and technology fallibility. As Vice
President of Sales Engineering at Mimecast, Brian manages an international team
of sales engineers across Europe, Middle East and Africa, providing technical
sales functions to Mimecast's sales staff, reseller partners and customers in
each region. Before joining the company in 2016 he headed up innovation at
Internet Solutions. When Brian joined Mimecast, he was appointed regional
manager for sales engineering for Middle East and Africa. In 2020 was promoted
to look after Europe as well. Brian has over 20 years' experience in pre-sales,
sales, R&D and product development in network communications, messaging and
information security. His current focus is driving the expansion of Mimecast
cloud-based email and web security as well as threat intelligence by helping
organizations leverage their existing security investments. For more insights
on how to Work Protected by securing your business communications, people and
data, stay tuned to the Mimecast blog Cyber
Resilience Insights.