Another year has come and gone and as we enter a new year, we have again asked our vendors to look into their crystal balls and give us their predictions for what 2023 will have in store. Below is what they had to say.
Post Quantum Computing | Data Consolidation | Supply Chain Security | MFA Fatigue | DDoS Attacks | Human Element | RaaS Cybercrime | OT & IoT cyber security | Rookie Hacker
Post Quantum Computing and Cryptography will post new challenges
“The good news: Quantum computing is almost here to solve problems for humanity. Computations that once took years will be completed in minutes using quantum computers that run at 158,000,000 times the speed of conventional computing. This promises massive ecological, financial, medical and educational benefits to the world.
The bad news: You guessed it, threat actors are also becoming quantum savvy. Hackers will be able to break previously impenetrable encryption. While quantum technology is not expected to become widely available until at least 2025-27, it is still an imminent threat. Hackers of all kinds are stealing encrypted data and saving it for a time when they do become quantum-powered. “Harvest now, decrypt later” will become a common buzzword in the boardroom. And the most security-savvy organisations will start their journey to quantum-safe algorithms today.
The recession will accelerate organisations’ vendor consolidation strategies
“Organisations will move away from point solutions and back towards data consolidation. In the face of the recession, cost of living crisis and looming skills gap, simplification and efficiency will be key priorities in 2023. Automation will go some way to help simplify, but organisations will need to work with the right partners to ensure that assets and data are adequately secured.
“By combining robust encryption, policy-based access controls, centralised administration and enterprise key management, organisations can consolidate while keeping valuable assets protected and in compliance with regulatory mandates.”
Todd Moore, VP for Encryption Products at Thales.
Supply Chain Security Will be Top of Mind
“For attack vectors that don’t involve social engineering, supply chain security is top of mind for today’s organisations. The use of downstream open-source software dependencies and third-party managed software has only increased, putting a renewed focus on the weaknesses in today’s supply chains. Chris Thomas explains how this will affect security strategy.
With the rise of supply chain attacks, organisations will need to be smarter about vetting third-party vendors. A potential contractor’s security posture and network security strategy will be a determining factor for doing business.”
Authentication fatigue will leave businesses vulnerable to cyberattacks in 2023
“Multi-factor authentication (MFA) is an important defence IT security professionals should be using as part of a cybersecurity strategy. It provides a barrier against cyber-attacks, but, there has been a surge in cyber-attacks that have successfully breached past multi-factor authentication security. An MFA Fatigue attack is when a threat actor runs a script that attempts to log in with stolen credentials over and over, causing an endless stream of MFA push requests day and night. Eventually, the target user accepts a push notification and access is granted.
In 2023, we’ll see physical hardware keys being considered by security leaders looking to implement a Zero Trust, phishing resistant framework for authentication.”
Steven Wood, Director EMEA & APAC at OpenText
More DDoS records will be broken and packet-per-second attacks will continue to rise
“The spiraling series of DDoS records will continue to be set and broken. In the last few months we’ve seen multiple broken records for DDoS attack sizes in terms of packets per second. In July, a record was set when one unnamed actor launched an attack of 659.6 million packets-per-second. That record was broken shortly after in September, when another attack achieved a new record of 704.8 million packets per second.
DDoS attacks have classically attempted to send fewer packets of larger sizes, which aim at paralysing the internet pipeline by exceeding available bandwidth. More recent record-breaking attacks, however, send more packets of smaller size which target more transactional processing to overwhelm a target. In 2023, we’ll see even more records broken as attackers deploy ever higher packets-per-second in their attacks.”
Ashley Stephenson, CTO at Corero
An investment in people, providing skills and judgement to face a cyber attack
“According to Verizon 82% of cybersecurity breaches in the last year were due to a human element. We know Cyber attacks are rising and the “majority of such breaches have been due to a human element,” according to an article on the World Economic Forum.
There needs to be an investment in people where companies are equipped to defend against cyber attacks. Even with huge investment in products behind every machine is a human making a decision and they need to be trained and prepared. ”
Cybercrime will increase and will use more obfuscation to hide their infrastructure
Cybercrime increases in times of recession. Ransomware as a Service will be a key beneficiary of this, and to be successful they will need to protect their infrastructure as much as possible.
Since 92% of Malware requires domain resolution in the attack, and with more focus on securing DNS we will see more ways of obscuring which domains will be used by RAAS gangs. Techniques like using Blockchain will become more sophisticated, and lists will be less valuable as controls. Mapping both internal and external use of DNS to understand the behaviour is going to be key to detecting threats early in the attack lifecycle.
Adrian Louth, Cyber Lead for Western Europe at Infoblox
A focus on OT & IOT cyber security resiliency within Enterprise, Government and critical infrastructure in 2023
Whilst these organisations adopt new security tools it will be vital to ensure that a suitable visibility platform is implemented alongside these to provide 100% data access to traffic flowing on any network segment — physical, virtual, or cloud — at any speed. For industrial environments Keysight also provide a range of ruggedised products to ensure they can withstand harsh environments.
The Rise of the Rookie Hacker: More Gen-Z Cyber Crimes
In terms of cyberattacks, 2022 was Gen Z’s time to shine, leading with UK teen group Lapsus$ that went on a hacking spree targeting tech titans like Microsoft, Nvidia, Samsung, Ubisoft, and Okta. Generation Z is currently the largest generation on earth. Besides their strength in numbers, they are “digital natives”, being born into a world with the internet, smartphones, cloud technologies, and social networks.
Being young, they naturally crave social validation which they get in the digital sphere. Lapsus$’s main motivator was “Kudos” – they were “doing it for the lulz”. The ease of launching zero-knowledge attacks, combined with Gen Z’s digital nativeness and their need for social validation in the digital sphere will most likely contribute to the continuous drop in the average age of cyber criminals.
Cynet Security
Conclusion
So there you have it, the Kite & Vendor predictions done for another year. Will these predictions come to fruition or will they miss the mark? Only time will tell, but until then we hope they have provided you with some insight into what to expect in the year ahead and help you prepare.
You can find out more about all of our vendors, such as the products they sell and helpful resources via their vendor page on our website here. You can also check out our company portfolio below.
