The upcoming year seems to be the time security and technology professionals think artificial intelligence and machine learning will have mass application for security and detection.
But just as the industry embraces the technology’s potential, bad actors will look to capitalize on the new capabilities that could be unlocked for deception techniques such as deepfakes and disinformation.
Click here to download the full 2022 Cybersecurity Year in Review Report from SC Media.
The economy and how it might affect security budgets weighed heavily on the minds of those who submitted predictions this year, and technology was no exception as some predict new tech and services will be driven by budget-conscious decisions in mind.
We’re seeing AI and powerful data capabilities redefine the security models and capabilities for companies. Security practitioners and the industry as a whole will have much better tools and much faster information at their disposal, and they should be able to isolate security risks with much greater precision. They’ll also be using more marketing-like techniques to understand anomalous behavior and bad actions. In due time, we may very well see parties using AI to infiltrate systems, attempt to take over software assets through ransomware and take advantage of the cryptocurrency markets.
At a time when organizations face constant waves of sophisticated threats across multiple vectors, cloud security will increasingly harness AI and machine learning capabilities to not only alleviate skills shortages and resourcing challenges, but also automate powerful workflows to help enterprises stay ahead of attackers.
Machine learning and artificial intelligence have quickly become key technologies in the fight against cyber threats, for example, helping businesses to detect attacks by monitoring network patterns and analyzing anomalies or malicious behaviors. However, as AI has become more advanced and accessible, it has also been adopted by cybercriminals.
Cybercriminals will utilize AI and machine learning in 2023 to power more sophisticated phishing campaigns. Cybercriminals will have access to an ever-growing treasure trove of data, from open-source data such as job postings to personal information leaked in data breaches, with which to craft highly targeted spear phishing lures. Researchers have already shown how next-generation language models such as OpenAI’s GPT-3 can be used to generate phishing content that “outperformed those that were manually created”. With GPT-4, the next evolution of the language model, rumored for release in 2023, the threat of AI powered phishing becomes more severe.
The integration of AI has been growing in cybersecurity and can we expect to see further adoption in the identity and access management space in 2023. The massive transformation to digital engagement, paired with the remote nature of our working lives, has opened the door for new and more relentless types of attacks, like account takeovers, inappropriate access and fraud. Alongside the widening skills gap facing the cybersecurity industry, and the increasing sophistication of threat actors, enterprises need to transform their solutions to stay ahead.
Threat actors are getting more sophisticated. With rapidly maturing hacker “toolkits” featuring modular malware and lowering the skill required to pull off an attack; many are increasingly focusing these advanced tools and tricks on workers instead of systems. These tactics are designed to manipulate employees into unknowingly allowing hackers to sidestep effective defenses like two-factor authentication. So, in 2023, we will move beyond the age of simple malware. Because simply detecting malicious code won’t be enough. The next evolution of security is about sensing anomalies and behavior patterns. All of which can indicate — and thereby predict — a breach. Advances in AI and machine learning will make it possible, and smart organizations will get ahead of this trend.
Deepfake technology is becoming more accessible to the masses. Thanks to AI generators trained on huge image databases, anyone can generate deep fakes with little technical savvy. While the output of the state-of-the-art model has its flaws, the technology is constantly improving, and cybercriminals will start using it to create irresistible narratives.
Deepfakes have traditionally involved fraud and business email compromise schemes, but we expect usage to spread far beyond these deceptions. Imagine the chaos to the financial market when a deepfake CEO or CFO of a major company makes a bold statement that sends shares into a sharp drop or rise. Or consider how malefactors could leverage the combination of biometric authentication and deepfakes for identity fraud or account takeover. These are just a few examples, and we all know cybercriminals can be highly creative.
Deepfake technology to date has resulted in political confusion, internet chatter, and some amusing mashup videos, but expect this to change in the near term. Security experts have warned for years about the possibility of social engineering attacks with deepfakes, and the technology has matured enough for 2023 to see hackers successfully leverage it. We will see an increase in image generation, generated audio, and conversations that appear realistic, designed to trick recipients into sharing personal data or other sensitive information. The deepfake threat isn’t relegated solely to consumers; we’ll likely see threat actors spoof a Fortune 100 CEO in an attempt to defraud or otherwise damage the organization.
The recent launch of conversational AI chatbot, ChatGPT, highlights two of our main concerns for the year ahead: AI and the potential for disinformation. AI signals the next generation of content creation becoming available to the masses. So just as advances in desktop publishing and consumer printing allowed criminals to create better counterfeits and more realistic manipulation of images, these tools will be used by a range of bad actors, from cybercriminals to those seeking to falsely influence public opinion, to take their craft to the next level with more realistic results.
[Security] teams are going to look to implement automation across the cloud security portfolio. We should see a push in teams adopting Infrastructure as Code (IaC) and Policy as Code (PaC) methodologies in their cloud environments to help prevent misconfigurations from the start. I believe we’ll also see greater adoption of Security Orchestration Automation and Response (SOAR) as no-code/low-code platforms like Torq and Tines make these capabilities easier for teams to implement. Google’s integration of Siemplify into Chronicle Security Operations also gives customers an incredibly easy on-ramp into this space.
Two-thirds of organizations will have adopted at least two cloud providers by the end of 2023. This will prevent organizations from becoming too tied into one ecosystem. As organizations are more mindful of investments, we’ll see more emphasis on use-cases, and prioritization of the “right cloud for the job.”
Cloud-native technologies such as containers and serverless models have become more popular across the public cloud in recent years, allowing for faster application development and deployment at scale. For enterprises looking to innovate quickly or overhaul their cloud infrastructure without major costs in 2023, cloud-native application development might be the answer to their modernization goals. New developments in edge computing and 5G are expected to further boost cloud-native adoption and innovation in the industry in the coming year, providing a bigger opportunity for organizations to quickly scale up their data in the cloud and gain access to new capabilities with their software.
Developing an IT budget has grown increasingly complex over the last few years – amplified by the industry’s skill shortage – and 2023 looks to be no different. General feelings of economic uncertainty have swept through nearly every sector, leaving executives with a bevy of difficult budgeting decisions. Ultimately, organizations will be looking to do more with less in 2023 – or more with the same, in many instances. One way organizations are hoping to accomplish this is through the prioritization of subscription and managed services in their security budgets. Lean IT teams will turn towards these services to fill internal skill gaps and help achieve organizational security goals, like improving maturity, unlocking 24×7 visibility and optimizing threat detection and response.
As attacks grow in number and sophistication, SMBs and MSPs will need technology that tightly integrates with modern productivity suites such as Microsoft 365 or Google Workspace and provides comprehensive threat intelligence. Unlike secure email gateways (SEGs) that separate email security from internal networks, API-based alternatives are the future of email security. Organizations need to be able to leverage the threat intelligence from email to protect file sharing applications and other collaborative tools like instant messaging. They also need to be able to leverage information such as user profiles, contacts, and communication patterns to defend against highly targeted attacks, such as those we’re seeing with supply-chain attacks. SMBs and MSPs don’t have the resources to be managing different products from different companies that are managing different servers simultaneously.
The number of connected IoT devices has been rising for years, with no signs of slowing down. In the past three years, the number of IoT devices increased exponentially, due to accelerated digital transformation from COVID-19 and the proliferation of cloud-based computing. In 2022, the market for IoT is expected to grow by 18% to 14.4 billion active connections. As more consumers and businesses rely on connected devices, these connected solutions become more vulnerable to cyberattacks. With this, the billions of devices shipped by original equipment manufacturers (OEMs) will require greater out-of-the-box security to mitigate the risk of malware intrusions and their contribution to Distributed Denial of Service (DDoS) attacks. To prevent and mitigate devastating attacks, manufacturers, and suppliers of OEMs must design security within the devices, embedding it in every layer of a connected device.
Mobile device ubiquity has increased the activities performed in a remote capacity, particularly in high-stakes markets like financial services. However, with this comes increased risk and complexity around user identity. In 2023, organizations with pre-existing fingerprint database infrastructure will increasingly turn to touchless fingerprinting to perform remote biometric identity verification, allowing them to secure activities like financial account opening and transaction verification. Touchless fingerprint technology will allow organizations and governments to extend their existing fingerprint infrastructure without investing in expensive hardware or solving infrastructure hurdles. Further, we will begin to see the adoption of touchless fingerprinting in law enforcement to solve remote field identification in high-risk situations, leading to increased officer safety and criminal apprehension.
The financial services industry is at a turning point, where the global economy is shifting to authorizing purchases and other transactions based on user identity rather than credit card numbers. Consumers are increasingly leveraging biometric authentication to access their saved credit card information, banking apps and digital payment methods, like Apple Pay. As consumers increasingly use their identity to access and complete transactions in 2023, it’s likely we’ll see the number of transactions completed with digital identities surpass those of credit cards.
2022’s wave of sophisticated email phishing attacks breached hundreds of companies and proved that simple alphanumeric passwords have no place in 2023. FIDO2-compliant security keys and credentials take the burden of security responsibility off of the end user, proving a passwordless (and more secure) future is within reach.
Browsers power just about everything we do and are undoubtedly the most used applications, especially as more applications like CRM tools migrate from native applications to existing fully in the browser. Because so much of our daily work and personal activities live in the browser, it’s the perfect gateway for threat actors to reach an organization’s core. As browsers become more complex with new features and uses, threat actors will heavily target browser bugs and vulnerabilities in 2023 to breach organizations and access sensitive data.
In the past, EDR products focused primarily on executable and document-borne malware. We are now seeing a strong trend of putting endpoint security controls that run in and around the browser, providing visibility, governance, detection, prevention, and isolation for the browser, not as an afterthought, but rather by design.
Security orchestration, automation and response (SOAR) will continue to exist but will be increasingly absorbed into other security platforms and the term will die out as it becomes baked into overall security. SOAR will converge with security information and event management (SIEM) and acquisitions will continue to contribute to vendor consolidation.
Application performance monitoring (APM) is dead or dying in its current state and as a stand-alone market, but it’s still useful and necessary as a practice. While observability is the goal, APM is still a necessary part of the big picture. APM grew from an on-premise environment, so with mobile applications running everywhere, observability can be considered the new APM.
As the rise of data protection regulations continues globally, companies are being challenged to unlock the full potential of the data they possess in a safer, responsible, and compliant way. This will spur opportunities for privacy-enhancing technology (PET) innovation. New methods of employing cryptography on data sets, or masking or otherwise transforming information to include less personally identifiable data will enable more collaboration and analysis, more protective data sharing, and will foster a privacy-by-design approach to product development. We’ll see a rise in investment in this technology as it evolves, enabling companies to harness the power of information for consumers in a safer, more trustworthy way.
Problems such as elements of AI will be broken out and passed over to quantum systems for processing, we’ll start to see a blend of traditional HPC and quantum to solve some of these most complex issues. This will also force us to better address cybersecurity. Companies need to think about data encryption now more than ever. Bad actors are increasingly sophisticated, and companies need to be equally sophisticated when it comes to their security measures. While this won’t happen overnight, the wheels have been set in motion for quantum to be a threat to encryption on sensitive data. For example, imagine designing and building a military fighter jet, which can take more than a decade.
Over the next year, businesses will refine their testing process for data security, increasingly deploying chaos engineering to shore up enterprise resilience. Originally built for developer testing, chaos engineering has the power to help IT teams test not just recovery operations, but the applications and pipelines data moves through. By testing each part of the business’s data protection apparatus regularly, teams will be able to confirm that recovery techniques, from immutable data stores to replicability, work effectively. Expect businesses to make this part of their regular data protection operations as the C-Suite makes resilience and risk reduction a higher priority in light of ransomware, natural disasters and other business disruptors.
The majority of security frameworks will continue to fail in 2023 because they’re overly complex, involving layering hundreds of controls across dozens of domains. In its place, we’ll see an increase in the adoption of the “security fabric” approach, which is far more powerful — and yet straightforward when it comes to developing an effective cybersecurity program. By having the underlying foundational components built on a modern cybersecurity approach that is cloud-native, virtual, and available in a non-data center-focused environment, all security functions can be interconnected through a security fabric. Security teams would only need to focus on knowing what assets exist in their organization’s environment — that is, its structural awareness — and what events or activities are happening in the environment. Security teams can then collect and analyze data to produce meaningful and actionable data outputs. Building the foundation for visibility and understanding into a security fabric, along with the organization’s expectations and requirements for security, enables a continuous security state. The security fabric connects the dots within the cybersecurity architecture and acts as a knowledge base. It also improves the organization’s security maturity by treating its security strategy as a data problem with an engineering solution.
Gartner, which coined the SASE term in 2019, sees 60% of enterprises as having a SASE strategy in place by 2025. Wall Street has also taken notice, especially in how a converged infrastructure that implies efficiency, business value, and cost savings will help modern enterprises get and stay competitive and profitable. SASE was set to grow anyway, but the reason it will accelerate in 2023 and beyond is because we’re now at another moment in time that technology leaders — especially CIOs and cybersecurity buyers — have not previously encountered. Security leaders in particular have had healthy budgets and growing teams for over a decade. Now, not so much. As every company grapples with inflation, supply chain and demand issues, and the potential for recession, many CISOs in particular are being asked to hold the line, or to “find budget” to fund anything new. Their marching orders are to get more efficient with their technology spend.
Enhanced internet services gained popularity in the last few years as an offering that improves the reliability and performance of internet-based traffic. First defined by Gartner, it includes features such as telemetry-based routing and performance optimization.
Tier 1 internet service providers, with their ability to see the IP traffic trends before anybody else, will formulate algorithms to start looking at traffic flows, providing clients with continuous reports on potentially malicious traffic from certain destinations to their IP ports that require investigation without the need of additional security functionality.
Service providers will also offer clients full vulnerability scans of their IP space on a timely basis to provide visibility into risks. As organizations grow, they often end up with shadow systems with vulnerabilities that aren’t noticed as these systems are quickly forgotten. Scans can easily reveal dozens of vulnerabilities on an organization’s public websites in seconds, just by checking a couple of IP addresses they own.
Derek B. Johnson
Underground hacking forums are already awash in real-world examples of cybercriminals attempting to use ChatGPT for malicious purposes.
According to Chinese researchers, they can break the 2048-bit algorithm, the RSA public-key encryption system, via a quantum computer; however, many experts are questioning their research, reports The Record, a news site by cybersecurity firm Recorded Future.
Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.