This post is part of our 2023 cybersecurity predictions series.
Security experts at Cofense offer their predictions for the year ahead.
Rohyt Belani, Chief Executive Officer and Co-Founder
Cybersecurity will not be immune to the recession.
In 2023, we will see fewer resources and tighter security budgets in corporate settings thanks to economic uncertainty, resulting in subpar security posture across organizations. Because of this, threat actors will capitalize on this asymmetry and evolve faster, creating the perfect storm for an amplified number of breaches across all vectors in 2023, especially using email as an attack vector.
Email security and endpoint security will be at the top of the CISO’s wish list.
The CISO’s role is all about prioritization, especially as they face economic pressures and uncertainty. When looking at the threat landscape, more than 90% of an organization’s threats come in via email and end at a system’s endpoint. As CISOs plan for 2023, email and endpoint security will be on the top-three list of priority security solutions they invest in and are areas that they are not willing to compromise on.
Cyber insurance providers will look at an organization’s bloodwork to underwrite policies.
Today, cyber insurance policies are developed very naively – looking at the organization’s number of employees and revenue alone to build premiums, but this does not provide an accurate view of a company’s security posture. As vendors and cyber insurance providers work together in 2023 to converge on the best way to underwrite a cyber insurance policy, they will begin to look at a “company’s bloodwork.” This will include meaningful metrics that are demonstrative of the maturity and resilience of the organization’s cybersecurity posture, much like what is done for an individual’s life insurance policy.
Tonia Dudley, Vice President, Chief Information Security Officer
The reliance on crowd-sourced threat intelligence will increase significantly.
As threat actors continue to share what works on their side in terms of attack vectors and tactics, security leaders and cybersecurity organizations will increase their communication with each other in 2023 on what is working best to defend against threat actors. This crowd-sourced threat intelligence will allow organizations to learn how to better defend themselves.
BEC will see a continued rise, especially employee impersonation fraud.
Attacks have made a clear list of what tactics work over the years and always defer back to what is successful for quick and easy money. Leveraging this strategy, attackers will place increased efforts on business email compromise (BEC) attacks like employee impersonation fraud. Many organizations lack security protocols for reviewing items like invoices that seemingly look like they are coming from a vendor. Not only are these tactics quick wins, but they are also often almost untraceable.
Josh Bartolomie, Vice President, Global Threat Services
There will be a mass consolidation across email security, leading to an increase in attacks.
There is a common 5-year pattern when it comes to the consolidation of tools that we see across the security market. This pattern is due to economic fluctuation, business shifts and simply because people's memories are short when it comes to past major breaches. As economic uncertainty continues in 2023, the pattern will rise again. Organizations will decide that their email security tools are enough and forgo additional vendors, leading to an increase in attacks that do not get blocked.
Ransomware will see a new boom as tensions between Russia and Ukraine continue.
As the conflict between Russia and Ukraine continues, we will see Russian threat actors double down on ransomware efforts as physical, on-the-ground tactics see little return. To make an even greater impact, threat actors will target countries that support Ukraine to “punish” their allegiance to the country, targeting critical infrastructure like healthcare and energy.
Ronnie Tokazowski, Principal Threat Advisor
Romance scams and consumer fraud will run rampant in 2023 to secure big phish.
Threat actors will lean in on romance scams, where cyber criminals adopt a fake online identity to gain a victim's affection and trust, and large-scale consumer fraud in order to reap massive profits in the new year. And while there won’t be a massive change in BEC attack tactics, which have run rampant in 2022, we’ll specifically see an increase in pig butchering scams, a form of romance scam that convinces victims to invest in cryptocurrency platforms.