Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Stephen Moore and Tyler Farrar of Exabeam team up to beam up five facts about the future of cybersecurity.
Today’s attackers have become increasingly elusive by generally just using stolen credentials or looking for misconfigured systems. With the evolving nature of the cyber landscape, they are taking advantage of the current geopolitical climate to exploit new areas of business operations. Plus, as organizations are facing uncertain macroeconomic times, security risks are becoming even more challenging to detect, escalate, and manage with additional scrutiny on budgets.
Using our combined military, SOC, and internal experience, we have compiled our top five insights on how organizations can keep an eye on the most prevalent threats– and build out more robust security architectures to defend against them.
Looking to secure the future of cybersecurity? Check out our FREE SIEM Solutions Buyer’s Guide!
5 Facts About the Future of Cybersecurity
Credential-Based Attacks and Evolving Threats
The first critical trend to watch is the increased use of credentials in cyber-attacks for both initial and persistent access. Currently, nearly half of all attacks can be traced back to stolen credentials, according to Verizon. In our own recent SIEM market research, we found that 90 percent of attacks are now caused by compromised credentials at some level. This number increases for initial access and remains higher for persistence. Adversaries are experiencing continued success without using malware to gain access and sign in. From there, they can use internal credentials and tools against the defender.
We’ve seen the classic Cat and Mouse Game before: as credential-based attacks evolve, so must cyber defenses. Threat actors will continue to leverage tried and true methods like social engineering, initial access brokers, and information stealer tools to carry out their objectives. While multi-factor authentication often stands in the way of allowing the account to be fully compromised with stolen credentials, it can still often be bypassed, exploited, or operationally ‘tricked’ into working for the adversary. We can expect threat actors to implement new techniques to bypass this particular layer of defense– ultimately leading to an expansion of passwordless authentication solutions to combat the attackers.
Additionally, a broader set of threat actors will join in to conduct cyber operations in 2023 and beyond. The new threat actor landscape will contain malicious actors who have increased financial motivation, government mandates to justify their cause, and not to mention bragging rights that increasingly attract a younger group of threat actors. As the threat landscape becomes more robust, it becomes increasingly imperative for organizations to not only build guardrails – but also prioritize detection when prevention inevitably fails.
Zero Trust Will Remain Prevalent but Is Not a Single Solution
Zero trust has become a highly regarded framework for securing business infrastructure and data for today’s modern digital transformation. It addresses the modern-day challenges of today’s threat landscape; however, it cannot be used as a single solution in rectifying ongoing security threats.
Organizations must remember that zero trust is not a ‘single solution,’ but rather a framework and architectural principle used to secure data in a modern digital enterprise. Zero trust is also not overhyped, despite some opinions to the contrary. It has become a critical step towards mitigating cyber risk, preventing and even detecting malicious behavior (as the highest level of maturity for zero trust is analytics, according to CISA recommendations), and responding to security incidents. By requiring users and devices to be authenticated, authorized, and continuously monitored for a ‘trusted’ security posture before access is granted, zero trust can contain threats and limit business impacts when a breach does occur.
Geopolitical Impact on the Future of Cybersecurity
So long as world powers are in conflict, nation-state actors will continue cyber operations; whether these attacks increase, decrease, or stay the same ultimately depends upon the strategic objectives of each campaign. Based on the current geopolitical climate, organizations should expect an uptick in individual businesses and major players falling victim to nation-state attacks.
For example, Russia’s failure in Ukraine exposed its weaknesses to the world, but its attacks are likely to continue against the nation, including operational disruption, cyber espionage, and disinformation campaigns. It would be unsurprising for the attacks to expand beyond Ukraine, too, as Russia’s leader attempts to prove Russia is not weak. Likewise, cyber espionage is a key tactic in China’s strategy for global influence and territorial supremacy, and we can expect these operations to increase, particularly across private sector companies. Additionally, as information and attack techniques are shared, we will see the lines blur between espionage and criminal activity. Loyalists to certain nations will continue cooperating with these international hacking efforts.
State policies will continue to directly influence cyber-criminal and hacktivist communities to obfuscate sources and methods, increasingly leading nation-states, cyber-criminals, and hacktivists to overlap. As a result, we’ll see more governments attempting to create publicly known offensive capabilities to tear down criminal groups physically and technically. These takedowns of criminal networks take great diplomacy with speed and patience and active coordination of local and federal law enforcement. Ultimately, cybersecurity teams would be wise to remain flexible with respect to threat actor attribution.
The Economic Downturn and Security Spending
The economic downturn, and in particular inflation, has – and will continue to have– a significant impact on security spending, likely forcing reductions and leveling impacts to organizations and to threat actor behavior. The key to defense for these organizations is doubling down on cyber talent and security tools. In order to manage today’s high operational costs and complex integrations, security organizations will need to consolidate legacy technology platforms, control cloud spending, and eliminate redundant tooling.
Software Supply Chain Will Be Number One
During the past year, organizations witnessed several high-profile breaches, where organizations suffered severe brand damage. This resulted in a shift from data recovery to reputation management when faced with a ransom. Organizations should expect to see threat actors shift their strategies to exploit this fear through extortion vs. ransomware in the year ahead.
Further, threat actors will continue to take advantage of weaknesses in the software supply chain, which will become the number one threat vector in 2023. Organizations should create a vendor risk management plan, thoroughly vet third parties, and require accountability, to remain vigilant and align with cybersecurity best practices. Ongoing review and a joint incident response agreement to include information access during major incidents and/or breaches are important components here. These plans are critical, too, as cyber insurance claims have exploded. We can expect to see insurance companies lowering their risk appetite and reducing or completely dropping client coverage in 2023. If your organization is in the market for a policy, expect to pay a hefty premium, or face a rigorous review of the organization’s security posture, as insurance companies increase their due diligence to avoid liability.
Final Thoughts on the Future of Cybersecurity
While we can’t fully predict the future, we hope these initial insights will help organizations, including government agencies and enterprises, to defend themselves against a sophisticated new wave of bad actors, attack methods, and extortion attempts over the next 12 months and beyond.
- 5 Facts About the Future of Cybersecurity - May 10, 2023