Seven Cyber Predictions from Nisos for 2023

1. Consolidation Will Be Paramount; Fewer Point Solutions

Cybersecurity leaders want to use fewer tools, not more. A recent survey by Gartner found that 75% of organizations pursued security vendor consolidation in 2022, up from 29% in 2020. 

Point solutions are causing more harm than good because of a lack of integration with major IT platforms, resulting in coverage gaps that leave enterprises exposed to attacks, and billions of dollars of solutions are sitting on the shelf as a result. In years of austerity that are upon the U.S. economy, bundled solutions that include automation and integration with significant cost savings will be critical.

2. Increased Demand for Services, Especially for Compliance

Rather than point solutions and bloated headcount to implement those solutions, SMB and enterprise will rely more on services for bundled solutions. It’s cheaper and easier than scouring for cyber talent that’s already in short demand.

Managed services in critical solutions that align with compliance regulation will get priority, for example: MDR, SIEM, Intelligence, XDR, SASE, CASB, Supply Chain, and DLP – acronyms for tooling that integrate with IT systems that alert for a particular threat. 

“I might get breached, but I will always be audited,” has never rang more true, and cost-effective services that implement bundled solutions driving compliance needs will be critical in the years of austerity ahead. With the rising cybersecurity skills gap, decreasing head counts in security functions, and attacks still increasing, expertise will be sought more from service providers.

3. Ransomware Attacks Will Be Addressed More Aggressively by Private and Public Partnerships

The global effects of ransomware are expected to become more pronounced. A 2018 analysis from Cybersecurity Ventures estimated that an attack would occur every 11 seconds in 2022 and that annual ransomware damages would rise to $20 billion for businesses worldwide.

This trend will continue to rise, but fortunately, ransomware is one of the biggest priorities for national security experts. Between trust groups, law enforcement, and the intelligence community, disruption operations towards ransomware actors will become more coordinated regardless of whether the infrastructure is hosted in the U.S. or abroad.

Security leaders must also take matters into their own hands by improving essential cybersecurity hygiene practices and utilizing cutting-edge technology solutions in order to combat ongoing ransomware threats on all fronts.

4. The Supply Chain Will Continue to Be a Critical Compliance Concern

The interconnected nature of many tech businesses means attacks to supply chains have become more common and more disruptive to industry and government institutions. 

Criminals are able to exploit flaws in code vulnerabilities in hours or days, not weeks or months. Further, significant due diligence will be needed to ensure “partnerships” with suppliers are not traps from nation-states like China, Russia, and Iran to steal intellectual property.

5. Cybersecurity Insurance Will Become More Prevalent and Actually Be Based on Legitimate Risk Factors

Last year, cyber insurance companies paid out tremendously in ransomware and incident recovery claims. As premiums are beginning to increase, new pre-policy cybersecurity compliance standards are becoming the norm. This is leading carriers to make decisions about proper cyber diligence against pre-policy compliance standards.

With Lloyd’s of London announcing they will not cover acts of cyber war or nation-state retaliatory attacks, we also expect regulations to emerge this year around the subject of ransomware payments. This means more reporting, cyber insurance ramifications, and new pre-compliance standards will arrive. 

Further, we expect cyber insurance carriers to implement more aggressive and proactive measures. Such measures may include robust threat intelligence services (not simple vulnerability scans with little business context) and consistent penetration testing when evaluating questionnaires on policyholder’s cyber hygiene.

6. Automation Will Take a Stronger Role in Threat Detection and Intelligence

Automating security operations is becoming more common, allowing for automated responses to incidents and alerts. For example, if an employee saves their password onto their desktop, where attackers could easily access it, automation can be enabled to flag this as an issue and offer remediation options such as asking the employee to delete it or informing SOC who will take action accordingly. If they don’t comply, notifications would also be sent directly to SOC teams who have full power over deleting any suspicious files before damage is done. This level of automation needs very few humans in the loop and metrics for remediation are simplified. 

In the field of threat detection and intelligence, more robust technology will soon revolutionize how organizations protect themselves from external threats. With these improved tools, vulnerable points can be identified quickly so that dangerous attacks do not slip through undetected. The ability to connect structured data with unstructured sources creates a powerful 360 degree view which provides an immediate contextual understanding of potential risks.

A single, trending ransomware family isn’t enough to fully protect organizations – these trends can only tell us what’s already happened. Automation provides a more proactive approach by simulating different types of events inside the network and evaluating their potential damage before any malicious activity actually takes place. This is an essential step in establishing a secure defense posture against threats and risks.

7. Artificial Intelligence and ChatGPT in the Role of Threat Intelligence, Threat Detection, and Response

This might be my most outside-the-box prediction and is likely a couple of years away. The development and deployment of ChatGPT is likely to have a significant impact on the field of threat intelligence and security operations.

Currently, a Threat Intelligence or Security Operations Analyst must analyze and review multiple sources of data to detect potential anomalies and create a report to assess the risk and impact on an organization. This can be a time-consuming process, however, the advent of ChatGPT technology can assist in automating the report-writing phase, making it faster and more efficient.

About Nisos®

Nisos® is The Managed Intelligence Company®. Our services enable security, intelligence, and trust and safety teams to leverage a world-class intelligence capability tailored to their needs. We fuse robust data collection with a deep understanding of the adversarial mindset delivering smarter defense and more effective response against advanced cyber attacks, disinformation, and abuse of digital platforms.