The end of the year is approaching. That means predictions — lots of predictions. Not surprisingly, as 2022 begins, cybersecurity professionals are starting to think about the next bend. After all, preparation is required.
This year, we’ve broken out of the mold of covering predictable predictions (such as “more automation is on the horizon”) and are more focused on what the cybersecurity landscape may hold for the next revolution. I wanted to highlight some of the outlandish observations. around the sun. With this, our expert stable did not disappoint.
A security expert far and wide has provided Dark Reading with the most outrageous and bold security predictions for 2023. ), defender insane future tech predictions (bots versus bots), corporate quirks (employee spyware), what do you have — these crystal ball philosophies are about what’s in store for you. I hope it makes you think.
For example, David Maynor, director of the Cybrary Threat Intelligence Team (CTIG), presented a number of hot takes leading to dystopias for 2023. And we are here for:
“Information security practitioners may continue to be divided on topics such as active defense, forming pseudo-religious cults,” he opines. “DEF CON is canceled. A reboot or sequel of one of the following films will be greenlit: Hacker, Sneakers, Wargames, The Net, Swordfish.”
Well done David. And that’s just the beginning.
Cookies to the Rescue: the right hacking collective for each season
First, Dean Agron, CEO and co-founder of Oxeye Security, flagged an impending cyberattack.
“The ‘Santa’s Gift’ attack was carried out by a Greenland-based hacking group.[email protected]3lves allows attackers to use specific combinations of 🎅🏼 🦌 🧝 🎄 🎁 🛷 emoji (Santa, reindeer, elf, Christmas tree, gift, sleigh) to bypass input sanitation mechanisms. Any input that accepts emojis is vulnerable, and properly sorting emojis can quickly give you root access to your cloud infrastructure. Privacy and security advocates who have fought to eliminate cookies say that the only known means of countering this attack is by flooding a pile of cookies (and a glass of milk). Because of that, I am rethinking my posture. Oxeye security
Yes he was joking. But it made me wonder, right? For real predictions!
Automation is finally ready for prime time
Indeed, predicting increased use of security automation is like saying there may be more political divisions in Congress in the new year. But at least one of the experts we surveyed took it a step further.
“The movement to use automation to replace human workers will evolve into automating the need for unnecessary middle management positions that both workers and executives will appreciate.” —Netenrich Chief Threat John Bambanek, Hunter
Scary AI and machine learning just got scarier
A theme of many of the bold predictions Dark Reading received was the idea that weaponized deep fakes would become a go-to method for attackers.
“We haven’t seen it on a large scale yet, but it’s already a problem for users to follow policies and not fall for social engineering attacks. Are you saying it’s totally cool to give your password to ?” — Mike Parkin, Senior Technical Engineer at Vulcan Cyber
Others were also enthusiastic about the subject.
“In 2023, fraudsters will come up with new ways to hack accounts, including new ways to fake biometrics, new ways to create fraudulent identity documents, and new ways to create synthetic identities.” — Ricardo Amper, Founder and CEO of Incode
Roger Grimes, data-driven defense evangelist at cybersecurity firm KnowBe4, points out that horrific levels of AI can also inspire D.
“2023 will be the year of bots vs. bots. Good guys threat hunting and vulnerability closing bots will battle bad guys vulnerability finding and attacking bots, and bots with the best AI algorithms will win.” 2023 is the year AI will be good enough that humans will self-propelled hand over defenses and attacks, duplicating code for the entire attack chain from initial root exploit to value extraction. — Roger Grimes, Data-Driven Defense Evangelist at KnowBe4
Chatbot AI: A particularly troublesome stock
A bleak view of the use of AI is sometimes associated with unintended consequences, Maynor links to WarGames’ reboot memo.
“A person with no programming or security knowledge accidentally created a destructive, self-propagating worm using an AI chatbot and accidentally published it on the internet, costing nearly a trillion dollars worldwide. It can do damage.” — Maynor of Cybrary
Hmm, which AI chatbot could he be referring to? was standing.
“Hackers use ChatGPT to develop multilingual communication with unsuspecting users within the business supply chain. , North Korea, and other foreign countries. [which makes them] Easier for end users to discover. This technology can develop written communication in any language with perfect fluency. It is very difficult for users to realize that they may be communicating via email with individuals who hardly speak or write in their language.The damage this technology causes is almost certain.” — Adrien Gendre, Chief Technology Officer, Product Officer and Co-Founder, Vade
Of course, these are the early days of ChatGPT and its ilk. Imagine the risks once development hits full swing.
“Only now have AI algorithms evolved to the point where good bots and bad bots are a real threat. No. I’m not afraid of ChatGPT.I’m afraid of their children and grandchildren. — Grimes of KnowBe4
Apocalypse in Hell? Critical infrastructure burns out…
An evil AI is forever bound to most of our hearts by taking over the world and bringing about the apocalypse (Save John Connor!). But some experts tell Dark Redding that the apocalypse won’t have to wait for sentient robots.
“2023 will see disruptions in the network supply chain like we have never seen before. A new tactic added to the arsenal of warfare is the jamming of fiber cables. It was a tactic of war, but the attack goes much further, wiping out internet access for entire continents.” —Daniel Spicer, Chief Security Officer, Ivanti
Sure, the internet could go out overnight and cause major malfunctions, but what about long-term power shortages?
“The skills gap, recession and tensions abroad are forming the perfect storm for a major attack on the power grid in 2023. has been developing plans to attack U.S. power infrastructure for years, the combination of factors mentioned above has made the U.S. power grid more vulnerable to cyberattacks than ever before. — Edward Liebig, Global Director of Cyber Ecosystems, Hexagon Asset Lifecycle Intelligence
Ian Pratt, Global Head of Security for Personal Systems at HP Inc., provides Dark Reading with potential attack vectors for such scenarios.
“Session hijacking, where an attacker hijacks a remote access session to gain access to sensitive data and systems, will grow in popularity in 2023. When connected to an industrial control system (ICS), it can also have a physical impact on operational availability and safety, potentially cutting off access to energy and water for an entire region. — HP Pratt
…or maybe not
All bundles have contrarians. His CTO and co-founder of SynSaber, Ron Fabela, made one such prediction about Dark Reading.
“While everyone in industrial cybersecurity continues to fear all-out cyberwarfare, predicting that it will shut down power grids and pollute water supplies is screaming from rooftops and Capitols, one thing is for sure, it will not be on paper. It’s the dragon of , everything is hot and harmless.More attention should be paid to the security operators of the SOC and the industrial operators of the control centers than to the Russian APT.” — SynSaber’s Favela
Did Hackers Start WW3?
So if the fear of bad guys destroying our critical infrastructure is overrated, does anything have the power to blow away Kinetic War’s firestorm?
Ruin our finances, of course.
“An attack on the Securities and Exchange Commission (or the IRS, or any underlying institution similar to the U.S. government) is likely to be a flashpoint of war as unequivocal as the assassination of Archduke Franz Ferdinand. If it happens, it will be a very carefully calculated and planned state-sponsored attack.” — Simon Eyre, CISO and Managing Director, Drawbridge
Cybersecurity integration? Lack of vendor options?No no no
Speaking of finance, anyone who’s followed the volatile whims of the cybersecurity market in terms of M&A, valuations, and funding will find that most analysts believe that companies are selling cyber defense tools under just a handful of vendor names. You’ll find that I believe it integrates rapidly into So the big kahuna of security means keep getting smaller fry and rivals until your options are really very limited.
Research after research shows that companies want it too because of its interoperability and management benefits.
IT-Harvest Chief Research Analyst Richard Stiennon says he’s sick of all this.
“We’ve been hearing stories like this since we had less than 100 vendors. Today, we count over 3,200 cybersecurity vendors covering 17 major categories and 660 subcategories. New threats are constantly emerging. New threat actors are creating demand for new products Yes, there will be a lot of M&A action in 2023, probably close to 400 deals. It also creates wealthy founders to start their next company…as soon as they make money.” — Stiennon of IT-Harvest
brother is watching you
We would be remiss if we ended without mentioning the myriad predictions Dark Reading has received regarding the future of remote and hybrid work. It’s going nowhere—that genie works and is really out of the bottle. We all agree. Employer use of spooky productivity monitoring tools is, for all intents and purposes, spyware by another name, says one expert.
“Many leaders resist remote work because they are accustomed to leading by observation. In other words, who sits at their desk the longest? In today’s ‘work from anywhere’ environment, , “observed leadership” requires managers to implement spy-like tools. Measure activities and working hours that violate privacy and distrust employees. — Dean Hager, Jamf CEO
The silver lining: Hager adds that this kind of down-and-out employee tracking can backfire, leading to results-based leadership that has a positive effect on employee morale and company culture.