What of the cyber threat landscape and how will the cyber sector fare as part of a wider IT workforce gap, and in an economic crisis.
Kev Breen, Director of Cyber Threat Research, Immersive Labs, expects we’ll continue to see severe ransomware risks, as well as supply chain cyber attacks that pose massive threats. “Also, the world is getting “smarter” daily, so it’s likely there will be an increase in automated attacks against home smart devices at scale, tapping into direct consumers more than we’re seeing now, which could, in turn, impact companies with remote workforces.
“The number of reported common vulnerabilities and exposures (CVEs) in 2022 was the lowest it has been since 2016. It’s difficult to know if this number is trending downward due to software vendors getting stronger at identifying vulnerabilities at the source or if researchers have gotten busier this past year and haven’t been reporting on this as much. Either way, we know researchers and threat actors will continue to find, publish, and exploit new vulnerabilities, and there have been several identified CVEs that had a significant impact on organizations throughout the year.
“Cybercriminals are also getting quicker. To compound that issue we’ve seen that once a vulnerability is announced, it’s exploited within minutes to hours, not days to weeks. In 2023, the pace of the threat landscape will further quicken, and most defenders will find themselves one step behind, which is why proving cyber resilience and preparing for future risk are key.”
Tyler Moffitt, Senior Security Analyst, at OpenText Security Solutions suggests that Small-Medium Sized Businesses (SMBs) will need to do more with less. “Cybercriminals will increase ransomware attacks on SMBs as prime targets in the wake of heightened geopolitical tensions, such as the War in Ukraine, and rising inflation in the UK and globally. This will force SMBs to do more with less, while already having smaller cybersecurity teams and budgets to defend against attacks, and it will make cyber resiliency more important than ever. Our recent SMB survey found that 46 percent of respondents felt more at risk of a ransomware attack due to heightened geopolitical tensions, and 53 percent were also concerned about their security budgets shrinking due to inflation.”
Search engines will not only blur the lines between paid versus organic search results, but also from what’s real and fake, increasing phishing attacks. “Search engines like Google and Bing try to make it as easy as possible for consumers to find the information they request, but it will become increasingly difficult to distinguish between safe and malicious search results. As search engines work to provide a more streamlined experience, they unintentionally open consumers to a greater possibility of being phished. Scammers will purchase top ranking search result ads and use them to drive people to malicious and fraudulent websites to steal their personal and financial information.”
As every home becomes a smart home and more personal data lives on the cloud, the attack surface will expand no matter how “secure” people feel. A “Black Swan event” is coming as consumers and businesses alike adopt new technologies to make their lives more convenient; sharing and storing more of their data in the cloud. “Being connected to the internet 24/7 will make everyone who uses smart devices more vulnerable in the coming years. I believe a critical event this year, or merely increasing attacks, will signal a wake-up call to consumers and businesses to think more critically about how smart technology use hinders their security and privacy.”
Cybercriminals will take advantage of consumers’ vulnerable footing to increase attacks as the economy suffers and inflation rises. “No one is more opportunistic than cybercriminals. They are experts in understanding consumers’ greatest concerns and how to tap into these fears with phishing tactics to steal their money or personal information. Covid-19 was a prime example of leveraging fear into ROI [return on investment] and the more recent Ukraine war only adds fuel to the fire. I anticipate this attack approach will continue to rise as the UK experiences growing inflation, resulting stimulation checks, job losses and a potential recession for more fear tactics.”
And Marcin Kleczynski, CEO and Founder of Malwarebytes, makes three predictions.
One: The cybersecurity workforce gap will reach a breaking point, and we’ll see a nationally significant attack directly attributable to an under-resourced security team.
“The cybersecurity workforce shortage is no secret. In 2025, research says global openings will reach 3.5 million. So far that conversation has been theoretical – if anything, positioned as an opportunity for young professionals seeking a career in cybersecurity, which it is. But unfortunately, 2023 is the year we’ll see this all come to a head. I expect we’ll see a nationally significant attack in the U.S. that can be directly tied to a shortage of cybersecurity talent – either due to a mistake made by an overburdened employee, or an attack that overwhelms an understaffed team.
“As an industry, we need to pre-emptively address these risks, both by immediately hiring and onboarding new cyber talent to plug the labour gap, as well as by introducing new tools and resources to help simplify operations for thinly stretched teams.”
Two: The cybersecurity industry won’t just weather the economic storm, it will thrive.
“The cybersecurity industry is historically resilient in tough economic times. On the cusp of a recession, this time won’t be any different. Recession or not, businesses are facing unprecedented volume and sophistication of threats, and the potential losses from cybersecurity threats aren’t going to go down, either; cybercrime cost the UK £27B in 2022, and that figure is likely to increase. Amid that backdrop, CIOs in the UK predict that the top area of increased investment (66 per cent) will be cyber and information security during 2023.
“Cyber criminals don’t retreat in the face of economic trouble – if anything, they up the ante. As businesses try to keep pace, in 2023 year we’ll see significant growth in the endpoint protection market as a whole.”
Three: MSPs will emerge as the backbone of the cyber industry.
“Organisations of every size are in the crosshairs of cybercriminals, but small- and medium-sized businesses (SMBs) disproportionately feel the weight of these attacks. Just a single ransom demand can be a sink-or-swim proposition for an SMB. Alongside choppy economic waters, 2023 is shaping up to be a potential perfect storm for SMBs who haven’t shored up cybersecurity defences.
“MSPs have already entered the fold as a lifeline for the SMB community – a partner who can cost-effectively supplement or be the security team to protect against infections and reduce exposure. Amid the dual trends of targeted threats and economic turbulence, we’ll look back on 2023 as the year that MSPs rose to the occasion and received their deserved recognition as heroes of the cybersecurity industry.”
