Cybersecurity Predictions for 2023

Making predictions is kind of a humble-brag: “I may not have a crystal ball, but based on our conclusions from our application of structured analytical techniques (such as “cone of plausibility”, “assessment of competing hypotheses”, etc.), we assess that…”

Mimecast’s team monitors petabytes of global threat intelligence and human behavior data for over 40,000 email security customers and has done so for the past 20 years. So, no, we don’t have a crystal ball, but we’ve polled our internal experts for their outlook on 2023 and we assess…

Vulnerabilities to cyberattacks will continue to increase as a consequence of the expanding complexity of business networks that encompass both in-office and remote working work environments and that increasingly integrate workforce collaboration tools. Attacks will also grow in volume, variety, and sophistication, be they ransomware, business email compromise, or insider threats.

This growing complexity and sophistication are keeping organizations from making measurable progress against cyberattacks. Yesterday’s cyber defenses will no longer protect against the elevated risks to people, communications, and data. So, security systems will necessarily grow more intelligent and orchestrated, but challenges such as today’s cybersecurity skills shortage will likely delay that much-needed progress.

Below, we drill down on the trends we expect to see in 2023.

Growing Vulnerability to Multiple Attacks

Nearly 80% of cybersecurity professionals believe their organizations will suffer a negative business impact from an email-borne attack in the new year, according to the preliminary findings of Mimecast’s forthcoming State of Email Security 2023 (SOES 2023) report.

In 2023, the new digital work environment will provide cybercriminals with more opportunities to exploit for initial access and, once inside, increased possibilities to move laterally and elevate privileges. In large measure, this is due to the growing use of external networks, devices, and applications.

Disappointingly, we even expect organizations that were attacked in 2022 to be hit again in the new year. This arises from the ongoing lack of cyber risk appreciation — and cyber skills — among board members and senior executives, which limits appropriate investment in the means to stop threat actors.

Ever More Sophisticated Attacks

Innovation has a way of accelerating on the dark side. As it is, security professionals already view the growing sophistication of cyberattacks as their biggest challenge, according to our preliminary SOES 2023 findings.

Social engineering is reaching unprecedented levels in phishing campaigns. The ability to identify a phishing email through its use of poor spelling and grammatical errors is becoming a thing of the past. More recent phishing emails have been increasingly well written, personalized, focused on current events, and packaged with the correct logos/branding/language of trusted brands. In other words, they’re being crafted in such a way that it is more difficult than ever before to distinguish between an official email and a spoofed email drafted by a threat actor.

Enter artificial intelligence (AI). In 2023, illicit AI-based voice-cloning techniques will take social engineering and impersonation to an even more complex level, and will be used in combination with compromised email and collaboration accounts.

Beyond email, expect an increase in multistage, “living off the land” approaches to cyberattacks, where adversaries use trusted cloud-based tools for malicious activities to evade detection and expand internally. For instance, “free trial abuse” will infiltrate 30-day trials of B2B applications.

And at the human level, attackers will be devoting more innovation to grooming malicious insiders. The upshot: Insider threats are likely to increase as more traditional cybersecurity defenses are strengthened. 

Old-Style Attacks That Won’t Go Away

Sophisticated attacks may be on the rise, but more familiar phishing attacks will also continue to evolve, since these are low cost and have a high return on investment for cybercriminals, especially initial access brokers.

By evolve, we mean that the content of these messages will continue to change with the times. For instance, in today’s turbulent job market, one exploit on the rise preys on newly hired employees with fake welcome emails from “senior executives” that lead to credential harvesting, account takeover, or even multistage malware droppers. Other phishing emails exploit current economic difficulties, recruiting “money mules,” for example, or promising energy rebates as a lure amid rising prices for home heating.

Evolution of Cyber Defenses at Varying Speeds

With basic cyber risks being better protected today, cybercriminals have elevated the sophistication of their attacks, so security teams need to up their game, as well. 

Modern best practice calls for integrating various security point solutions for greater efficacy, and nearly 80% of security professionals expressed a preference for this approach in our preliminary SOES 2023 findings. Half say they’re currently using artificial intelligence and machine learning (AI/ML) in their cybersecurity program, and another 30% plan to begin doing so in 2023.

An unfortunate consequence is that a two-tiered world is emerging in cybersecurity: organizations with only basic security defenses and others with the wherewithal to attain an advanced security posture. This is, in some respects, understandable. As budgets become tighter during a global recession and regional inflation, some organizations are having to review their risk appetite and, therefore, adopting a “good enough” approach. Unfortunately, as we continue to observe from the threat landscape, this is not a policy that bears any success.

In the face of more advanced, multistage attacks, the “haves” are recognizing and acting on the value in deploying and integrating best-of-breed technology. They are also reaching for advanced technologies such as AI natural language processing, which helps them understand employees and business partners by analyzing their emails, gaining insights about their communications patterns, and mitigating any anomalies that indicate an attack.

The caveat is that today’s severe cybersecurity skills shortage is particularly acute in emerging areas such as security integration and AI, which could hinder both “haves” and (especially) “have-nots”.

Meanwhile, as the “have nots” remain at the basic level of security, they will be more open to attacks — and cybercriminals won’t hesitate to rise to the opportunity presented by smaller targets. While there might be less money to be made per attack, these attacks are easier, more successful, and the pie is big.

A bright spot for the “have-not” group is the growth of cybersecurity outsourcing. Managed security service providers (MSSPs), SOC-as-a-service, and other third-party options provide strength in numbers. Some of Mimecast’s MSSP partners oversee hundreds or thousands of customers, building an uncommon level of expertise, scope, and scale. In other words, they have probably already seen and addressed any threat that an under-resourced organization may be experiencing for the first time. They can help them level up to the challenge of more sophisticated cyberattacks without having to independently invest in the technology and skills to do so.

The Bottom Line

The observed threat data is trending upward for 2023 for all three of the most salient aspects of cybersecurity: vulnerabilities, attacks, and defenses. Predicting how this will turn out is too risky a proposition, but one thing is sure: Leveling up defenses is the order of the day. Mimecast has done just that, with the recent rollout of its X1 Platform and product suite. Read here to learn how it could support your cybersecurity plans for the new year.