Forrester predicts 2023’s top cybersecurity threats: From generative AI to geopolitical tensions

The character of cyberattacks is altering quick. Generative AI, cloud complexity and geopolitical tensions are among the many newest weapons and facilitators in attackers’ arsenals. Three-quarters (74%) of safety decision-makers say their organizations’ delicate knowledge was “doubtlessly compromised or breached previously 12 months” alone. That’s a sobering cybersecurity baseline for any CISO to think about.

With attackers rapidly weaponizing generative AI, discovering new methods to compromise cloud complexity and exploiting geopolitical tensions to launch extra refined assaults, it can worsen earlier than it will get higher. 

Forrester’s Top Cybersecurity Threats in 2023 report (consumer entry reqd.) gives a stark warning concerning the high cybersecurity threats this 12 months, together with prescriptive recommendation to CISOs and their groups on countering them. By weaponizing generative AI and utilizing ChatGPT, attackers are fine-tuning their ransomware and social engineering methods. 

Two fronts of the worldwide threatscape

CISOs are below stress to take care of long-established threats, and on the similar time discover themselves unprepared to thwart rising ones. Ransomware and social engineering by means of enterprise e mail compromise (BEC) are the longstanding threats CISOs have focused on defending towards for years. But whereas safety groups have invested hundreds of thousands of {dollars} in strengthening their tech stacks, endpoints and id administration techniques to battle ransomware, breaches proceed to develop.

For one factor, as they search for new methods to extend the dimensions and velocity of ransomware payouts, attackers are making provide chains, healthcare suppliers and hospitals prime targets. Any goal that delivers time-sensitive companies and might’t afford to be down for lengthy is a supply for bigger ransomware payouts, as these companies have to get again on-line instantly.

Forrester’s predictions and survey outcomes additionally present why a better share of breaches will stay unreported as newer threats advance. CISOs and enterprises received’t need to admit they have been unprepared. Twelve p.c of safety and threat professionals say they’ve skilled six to over 25 breaches previously 12 months. The breaches represented on this report derive from BEC, social engineering assaults and ransomware. New, extra deadly assault methods that search to destroy AI-based defenses are coming.

Perimeter-based legacy techniques not designed with an AI-based improve path are probably the most weak. With a brand new wave of cyberattacks coming that search to capitalize on any given enterprise’ weakest hyperlinks, together with complicated cloud configurations, the hole between reported and precise breaches will develop.

Forrester’s tackle the highest cybersecurity threats this 12 months 

With the brand new wave of threats, Forrester anticipates extra deadly assaults, as menace actors scale up their experience in AI to defeat the latest technology of cybersecurity defenses. VentureBeat has discovered that is already occurring, with the unsecured gaps between endpoints and id safety being a weak hyperlink attackers deal with.

CrowdStrike president Michael Sentonas instructed VentureBeat in a latest interview that the necessity to shut the gaps between endpoint safety and id safety is “one of many greatest challenges folks need to take care of immediately. The hacking exposé session that George and I did at RSA [2023] was to point out among the challenges with id and the complexity and why we linked the endpoint with id [and] with the info the person is accessing. That’s the important drawback. And when you can resolve that, it’s robust, however when you can, you resolve a giant a part of a corporation’s cyber drawback.”

Actual threats to AI deployments emerge

Utilizing generative AI, ChatGPT and the big language fashions supporting them, attackers can scale assaults at ranges of velocity and complexity not doable earlier than. Forrester predicts use instances will proceed to proliferate, restricted solely by attackers’ creativity.

One early use case is a way of poisoning knowledge to trigger algorithmic drift, which reduces the detection efficacy of e mail safety or the income potential of ecommerce suggestion engines. What had as soon as been a distinct segment subject is now one of the pressing threats to anticipate and counter. Forrester notes that whereas many organizations don’t face a right away threat of this menace, it’s important to know which safety distributors can defend towards an assault on AI fashions and algorithms. Forrester recommends within the report that “if you should shield your agency’s AI deployments, contemplate distributors like HiddenLayer, CalypsoAI and Robust Intelligence.”

Cloud computing complexity is rising

Cloud companies are utilized by 94% of enterprises, and 75% say safety is a high concern. A full two-thirds of corporations have cloud infrastructures. Gartner estimated final 12 months that the cloud shift will have an effect on greater than $1.3 trillion in enterprise IT spending this 12 months and nearly $1.8 trillion in 2025. In comparison with 41% in 2022, by 2025 51% of IT spending will transfer to the public cloud. And cloud applied sciences will account for 65.9% of software software program spending in 2025, up from 57.7% in 2022.

These predictions amplify how the more and more complicated nature of cloud computing and storage infrastructure poses important safety dangers. Forrester notes that insecure IaaS infrastructure configurations, malwareless assaults and privilege escalation, and configuration drift are a couple of of the numerous menace surfaces CISOs and their groups want to pay attention to and harden. 

The report recommends that enterprises construct resilient, strong cloud governance, and use safety instruments such because the native safety capabilities of IaaS platforms, cloud safety posture administration, and SaaS safety posture administration to detect and remediate threats and breach makes an attempt.

Forrester writes within the report that “infrastructure as code (IaC) scanning can also be gaining momentum to detect misconfiguration (e.g., unencrypted storage bucket or weak-password insurance policies) in terraform, helm and Kubernetes manifest recordsdata by integrating IaC safety (e.g., Checkmarx’s KICS and Palo Alto Networks’ Bridgecrew) into the continual enchancment/steady deployment pipeline and even earlier throughout coding within the built-in developer setting.”

Geopolitical threats loom massive

Forrester cites Russia’s invasion of Ukraine and its relentless cyberattacks on Ukrainian infrastructure as examples of geopolitical cyberattacks with speedy international implications. Forrester advises that nation-state actors will proceed to make use of cyberattacks on personal corporations for geopolitical functions like espionage, negotiation leverage, useful resource management and mental property theft to realize technological superiority.

Forrester factors to the continued diplomatic and commerce tensions between China and the U.S. as a flashpoint that might enhance assaults on enterprises. The report cites how, in late 2022, the U.S. restricted China’s semiconductor chip exports and communications tools imports. China sanctioned U.S. protection contractors in early 2023. Russia faces European commerce bans and export controls. These conflicts could influence personal corporations. North Korea stealing $741 million in cryptocurrency from Japan is one other instance of how geopolitical threats can rapidly destabilize a whole nation’s monetary situation. 

Ransomware continues to batter organizations

In response to Forrester, ransomware stays a high cyber-threat, with attackers demanding double extortion to stop knowledge disclosure. Attackers additionally demand ransom from breached enterprises’ prospects to maintain their knowledge personal, additional damaging an enterprise’s fame and belief.

Forrester is seeing ransomware assaults that concentrate on important infrastructure and provide chains, the place delays can price hundreds of thousands of {dollars}. Attackers know that if they’ll disrupt a provide chain, their calls for for larger ransomware payouts might be rapidly met by enterprises that may’t afford to be down for lengthy.

Most troubling is Forrester’s discovering that between 2016 and 2021, hospital ransomware assaults doubled, endangering lives. Ransomware is a standard tactic North Korea makes use of to fund its espionage and missile improvement packages.

In response, over 30 nations fashioned the Counter Ransomware Initiative (CRI) in October 2021 to battle international ransomware. Australia is main the International Counter Ransomware Task Force (ICRTF) to deal with ransomware as a part of the CRI technique. Forrester recommends that enterprises too “equally prioritize ransomware protection and subscribe to exterior menace intelligence service suppliers with focused ransomware intelligence like CrowdStrike or Mandiant.”

The report additionally reminds safety and threat administration groups at important infrastructure corporations that they should be ready to report cyber-incidents inside 72 hours and ransom funds inside 24 hours to CISA, per the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

BEC social engineering tops ransomware in insurance coverage claims

The FBI’s Crime Complaint Center reported $2.4 billion in BEC social engineering losses to companies in 2021. Fraudulent funds switch claims from BEC assaults topped all forms of claims in 2022, overtaking ransomware assaults. BEC social engineering assaults reap the benefits of human error. They use phishing to, for instance, steal credentials and misuse accounts.

Forrester notes that BEC social engineering campaigns are shifting into a brand new part, looking for to mix a number of communication channels to persuade victims to take motion. Some campaigns embrace a CAPTCHA course of to extend their legitimacy. The report advises that it’s not sufficient to undertake domain-based message authentication, reporting and conformance (DMARC) for e mail authentication. Enterprises ought to take a data-driven method to habits change to measure progress, and course-correct with extra coaching and applied sciences to scale back the danger of socially-engineered assaults succeeding.

Safety groups want to arrange 

Forrester’s newest report on cybersecurity threats is a stark warning to organizations worldwide to arrange for an period of latest assault methods. Attackers proceed to refine their tradecraft to incorporate new ways for weaponizing generative AI, exploiting cloud complexity and leveraging geopolitical tensions to launch extra refined assaults.

Whereas enterprises proceed to fund cybersecurity budgets to include BEC social engineering and ransomware assaults, additionally they want to begin planning find out how to predict, establish and act on threats to their AI fashions and algorithms and the info they use. To enhance menace intelligence, safety groups should unify these various efforts to cease the subsequent technology of cyberattacks.