SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Ransom-vapourware, cloud camouflage amongst top cybersecurity predictions

Fri, 4th Nov 2022
FYI, this story is more than a year old

A rise in ransom-vapourware, cyber un-insurability, compliance conflicts, cloud camouflage and more are amongst the top cybersecurity predictions from BeyondTrust for 2023 and beyond.

These projections, authored by BeyondTrust experts Morey J. Haber, Chief Security Officer and  Brian Chappell, Chief Security Strategist, EMEA/APAC, are based on shifts in technology, threat actor habits, culture, and decades of combined experience.

Prediction #1: Negative, Zero, and Positive Trust 
Next year, expect products to actually be zero trust-ready", satisfy all seven tenants of the NIST 800-207 model, and support an architecture referenced by NIST 1800-35b. Zero trust product vendors will create marketing messages that may imply positive and/or negative intent (maybe not using such simple puns on the number zero). Some will provide positive zero trust authentication and behavioural monitoring, while others will work using a closed security model to demonstrate what should happen when a negative zero trust event occurs.

Prediction #2: Reputation for Ransom
The rise of Ransom-Vapourware We will see a rise in the extortion of monies based purely on the threat of publicising a fictional breach. Society so willingly accepts the veracity of breaches reported in the news – and without evidence. For a threat actor, this could mean the need to perpetrate an actual breach is reduced and a threat alone, that is not even verifiable, becomes an attack vector all in itself.

Prediction #3: The Foundation of Multi-Factor Authentication (MFA) Invincibility Fails
Expect a new round of attack vectors that target and successfully bypass multifactor authentication strategies. In the next year, push notifications, and other techniques for MFA will be exploited, just like SMS. Organisations should expect to see the foundation of MFA eroded by exploit techniques that compromise MFA integrity and require a push to MFA solutions that use biometrics or FIDO2-compliant technologies.

Prediction #4: Cyber Un-insurability is the New Normal 
In 2023, more businesses will face the stark realisation that they are not cyber-insurable. As of the second quarter of 2022, U.S. cyber-insurance prices already increased 79% over the prior year. In the past 12 months, cyber insurance premiums in Australia have risen up to 80% according to Honan Group. The truth is, its becoming downright difficult to obtain quality cyber insurance at a reasonable rate.

Prediction #5: Compliance Conflicts are Brewing
Significant compliance standards, best practices, and even security frameworks, are starting to see a diverging in requirements. In 2023, expect more regulatory compliance conflicts, especially for organisations embracing modern technology, zero trust, and digital transformation initiatives.

Prediction #6: The Death of the Personal Password
The growth of non-password-based primary authentication will finally spell the end of the personal password. More applications, not just the operating system itself, will start using advanced non-password technologies, such as biometrics, either to authenticate directly or leverage biometric technology, like Microsoft Hello or Apple FaceID or TouchID, to authorise access.

Prediction #7: Cloud Camouflage is Confronted
To mitigate cloud security risks, expect a push for transparency and visibility into the security operations of SaaS solutions, cloud providers and their services. The push to ensure transparency of the architecture, foundational components, and even discovered vulnerabilities, will extend beyond SOC and ISO certifications.

Prediction #8: Social Engineering in the Cloud 
Attackers will turn from their software toolkits to their powers of persuasion as they increase the number of social engineering attacks levelled at employers and organisations across the cloud.

Prediction #9 Unfederated Identities to Infinity and Beyond
Expect a push into unfederated identities to help provide a new level of services and potentially physical products that will become a mild access control and management nightmare. The size and scope will feel truly infinite – unless it is well-defined for identity management teams to provide access beyond what typically is available today.

Prediction #10: OT Gets Smarter, Converges with IT
Expect attack vectors for basic Operational Technology (OT) to expand based on similar exploits that target IT. OT which once had a single function and purpose is now becoming smarter, leveraging commercial operating systems and applications to perform expanded missions. As these devices expand in scope, their design is susceptible to vulnerabilities and exploitation.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X