Exclusive: IBM security expert shares cyber predictions for 2023
James Thorpe
Share this content
As we begin the new year, we are reminded of how frequently high profile cyber-attacks now occur.
In the past month alone, the UK has seen the Twitter accounts of two Cabinet ministers hacked, the Guardian newspaper being hit with a suspected ransomware attack, a cyber incident at Royal Mail that halted its international operations, and 14 schools suffering criminal data breaches.
In 2022, the UK’s National Cyber Security Centre (NCSC) monitored 2.7 million fraud cases, with 18 ransomware attacks – including on critical infrastructure such as the NHS – requiring a nationally coordinated response.
It’s perhaps no surprise then that cybersecurity is taking precedence over innovation as the top area of investment for businesses, according to Red Hat’s 2023 Tech Outlook report. As organisations across sectors prepare for security challenges in 2023, it’s worth reflecting on how cyber-attack trends have evolved in the past year and how they might develop.
So, what were the key developments in 2022?
Adversaries found leverage in real-world repercussions
Two years ago, the hot button issue was “data exfiltration”, but we’ve now moved on to full scale business disruption. For example, last year European oil storage facilities were affected by a cyber-attack at a logistics company in Germany, which resulted in interrupted services at over 233 gas stations.
Breach costs reached new heights and consumers felt the impact through higher prices
IBM research found that the average global cost of a data breach in 2022 had risen nearly 13% over two years to reach an all-time high of $4.35 million. Struggling to keep up with breach costs, 60% of businesses increased the prices of their products and services, fanning the flames of inflation.
And, with 83% of businesses having suffered more than one data breach in their lifetimes, consumers have been impacted multiple times. Citizens will continue to pay the price as businesses prove to be more vulnerable than ever.
Critical infrastructure remained a hot target
Ransomware and destructive attacks affected one in four organisations involved in critical infrastructure, highlighting how attackers have gone from chasing data to chasing impact. Attackers found leverage in the critical role these organisations play for the economy in order to pressure them.
And, while Zero Trust has moved beyond just another “buzz word,” 80% of critical infrastructure organisations hadn’t implemented a Zero Trust approach as of 2021. This is costing them dearly, as IBM’s research shows that adopting a Zero Trust policy reduces average breach costs by about $1M.
Hybrid cloud beats Frankencloud
We also learned that it pays to have a hybrid cloud model when you experience a data breach. In the rush to adopt cloud technology, accelerated by the pandemic, many organisations ended up with complex IT systems made up of disconnected piece parts.
This gave rise to a “Frankencloud” model, that’s riddled with the kind of vulnerabilities capable hackers can easily exploit. IBM’s 2022 Cost of a Data Breach report found that while 45% of breaches occurred in the cloud, those with a hybrid cloud platform model saved vital time in identifying and containing a breach – taking 41 fewer days than with a public cloud model.
As we look forward into the new year ahead, the following are some developing trends that are worth keeping an eye on.
Attackers will set their sights on the weakest link in the supply chain
Cyber criminals prey on vulnerability and often target organisations or industries that are under dangerous levels of strain. Last year, we saw that with manufacturing – a highly stressed industry viewed as the backbone of supply chains and the most attacked industry in 2021. This trend will prevail in 2023, with cybercriminals increasingly targeting small but critical members of the supply chain, to pressure larger members of the chain to pay up.
No slowdown in ransomware attacks
As the saying goes: “If it ain’t broke don’t fix it,” and the ransomware economy remains as resilient and lucrative as ever. While 2022 may have had some challenging moments for ransomware operators, along with a short lull in activity, threat actors pushed through and continue to show resilience and adaptability.
Until businesses stop paying the ransom, there will be no significant slowdown in ransomware attacks for the foreseeable future. There is still a perception that paying a ransom saves money, but IBM’s research shows that while victims who paid ransoms saved $600,000 on average in breach costs, other industry research shows the average ransom payment is around $800,000. The reality is that paying a ransom increases net costs and funds future attacks.
Credential theft will keep growing
Cyber criminals will continue to leverage large caches of leaked or stolen credentials to devastating effect. Many consumers and businesses are gradually migrating to password managers, hardware identity tokens and passwordless authentication.
However, most people unfortunately continue to reuse credentials or variations of credentials between environments, systems or sites. This year, we’ll likely see attacks against non-phishing resistant second-factor authentication rise – such as text messages – as will attacks against push-based multi-factor authentication solutions.
The ransomware-as-a-service business will flourish
2023 has begun in tough times for economies around the world. In a high inflation, high interest environment, with more businesses announcing job cuts by the week, more people could be tempted into cyber-crime to make quick and easy money.
The growing availability of ransomware-as-a-service tools, which lower the barrier to entry into cyber-crime for those without the typical technical background required, will make this option increasingly accessible for more people.
AI and automation-powered security software will give defenders a boost
Last year, IBM found that organisations that had fully deployed AI and automation-powered security tools suffered average breach costs of $3.15M, while those that had not deployed AI and automation for security paid an average of $6.20M.
As organisations of all kinds focus on removing costs, there is going to be more awareness that it pays dividends to invest in the most effective security technology. That means leveraging the power of AI and automation to augment or replace human intervention in the identification and containment of incidents and intrusion attempts, freeing up the security team to focus on the most critical threats.
With so much disruption and uncertainty in the global economy, the jury is still out on how exactly adversaries will adjust their approach to capitalise on new opportunities and areas of vulnerability. But, regardless of how the threat landscape changes, business leaders have clearly got the message that investing in robust security is now essential.
In fact, a recent IBM survey found that cyber solutions are one of the top tech investments planned over the next two years. While much remains up in the air, there is one thing we can predict with certainty about 2023: Cybersecurity should and will remain a priority in 2023.
By Laurance Dine, Global Partner, IBM X Force Incident Response