Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

Ransomware will rise, but supply chain security will skyrocket

By Lorri Janssen-Anessi, Director, External Cyber Assessments and Vincent D'Agostino, Head of Digital Forensics And Incident Response at BlueVoyant

As 2022 comes to a close, we say goodbye to yet another year of uncertainty and "new normals." Since the pandemic hit, ransomware took center stage with threat actors harassing hospitals, schools, government entities, and more. Looking to the new year, we would be naive to expect anything less than this perpetuating trend.

However, over the past few years, experts across the security industry have been able to learn from each and every attempt by threat actors. As a result, we know more than we ever have about hackers' techniques and motivations, meaning we're well-equipped to combat them in 2023. To explain what we've learned and what to expect for the new year, check out our top predictions from the BlueVoyant team:

Supply chain security will dodge budget cuts in manufacturing and energy

As the manufacturing sector continued to battle unpredictable supply chain disruptions this year, the industry made dramatic strides in managing third-party cyber risk. In fact, 64% of manufacturers say they had supply chain cyber risk on their radar this year and nearly half (44%) have established an integrated enterprise risk management program, the highest of any industry surveyed in 2022. That said, because of the reliance of thousands of vendors, the urgency and severity of supply chain-related cyber breaches in manufacturing will make it the most likely sector to receive budget increases for external resources in 2023. 

For the utilities and energy sector, 99% of energy companies say they have been negatively impacted by at least one supply chain breach in the past year, representing the highest rate of overall impact in any other industry. Because it remains one of the most frequently attacked verticals, it is especially crucial that it rises to the challenge of supply chain defense in 2023. The good news is the sector maintains the highest rate of any vertical to increase its yearly budget for supply chain cyber risk and 60% of energy companies are increasing their budget for supply chain cyber risk by an average of 60% over 12 months.

- Lorri Janssen-Anessi, Director, External Cyber Assessments, BlueVoyant

Ransomware groups will increase and diversify in 2023

When it comes to ransomware in 2023, the divide between ransomware groups operating ostensibly for profit (such as Lockbit and PYSA) and groups with apparent, or overt, political motivations (such as Prestig an, RansomBoggs) will continue to deepen. In 2022, many large groups collapsed, including the largest, Conti. This group collapsed under the weight of its own public relations nightmare, which sparked internal strife after Conti's leadership pledged allegiance to Russia following the invasion of Ukraine. Conti was forced to shut down and rebrand as a result.

After the collapses, new and rebranded groups emerged. This is expected to continue as leadership and senior affiliates strike out on their own, retire, or seek to distance themselves from prior reputations. The fracturing of Conti and multiple rebrandings of Darkside into their current incarnations has demonstrated the effectiveness of regular rebranding in shedding unwanted attention. Should this approach continue to gain popularity, the apparent number of new groups announcing themselves will increase dramatically when in fact many are fragments or composites of old groups.

In 2023, attacks are likely to get simpler in nature and target smaller companies as they are considered softer targets, less likely to draw media attention. This also provides fertile and forgiving proving ground for young hackers learning to get into what has become the big business that is ransomware. A good example of this is groups like Karakurt that skip the complexities of an encryptor deployment entirely and regress to single extortion attacks where data is merely exfiltrated and not encrypted  -  something we haven't seen much of since 2015.

- Vincent D'Agostino, Head of Digital Forensics And Incident Response, BlueVoyant

So what does this mean for your organization? Prepare, prepare, prepare. In 2023, ransomware attacks and other cybersecurity incidents will be a matter of when, not if. Tighten your supply chain security protocols and engage in proactive communications with decision makers to ensure plans and budgets are in place. Follow those steps and your security team can feel confident heading into 2024 - after all, time flies when you're defending against cyber incidents!

##

ABOUT THE AUTHOR 

Lorri Janssen-Anessi

Lorri Janssen-Anessi is BlueVoyant's Director of External Cyber Assessments. She brings 20+ years' experience in cybersecurity analysis in both public and private sectors. She has held senior Analyst and Technical Leadership positions within the United States Department of Defense (DoD), with her last assignment serving as the Deputy Director of Engagements & Policy at the National Security Agency - Georgia (NSA-G) specializing in cyber policy, and compliance. Lorri has a breadth of experience including: tailored mitigations, fostering public and private partnerships focused on improving cybersecurity, building diverse teams with broad experience to develop innovative solutions, and advocating for STEM programs to be accessible for all students through outreach programs.

Vincent D'Agostino

Vincent D'Agostino is BlueVoyant's Deputy Head of Digital  Forensics and Incident Response. Vincent came to BlueVoyant from his role as a managing director in the Cyber Breach Investigations practice at K2 Intelligence. Before K2 Intelligence, he served as one of the most senior special agents within the Cyber Branch of the FBI's New York Office and was a practicing attorney in the state of New York.