In this analysis, I’ll examine and offer my take on Fortinet’s “Cyber Threat Predictions for 2023” report and its various predictions. Included are some insights that may surprise you, along with others that might sound more familiar, aligning with the existing and emerging trends that I’ve covered previously.
Fortinet is among the industry’s leading cybersecurity firms and a member of Acceleration Economy’s Cybersecurity Top 10 Shortlist.
Warning: Cybersecurity Tool Sprawl
The report opens with the acknowledgment that, to better manage tool sprawl, organizations are looking to consolidate their technology portfolios in terms of networks and tools.
I’ve seen the tool sprawl problem firsthand. It should be taken seriously. Cybersecurity tool sprawl leads to cognitive overload on security teams that are often strapped for resources and time.
It also can increase organizational risks as security tools are part of an organization’s attack surface and often have elevated privileges; if those privileges are exploited, that can have a big impact. Entities ranging from small organizations to major federal agencies have experienced firsthand the impact of cybersecurity tool sprawl through the exploitation of MoveIT, a file transfer program.
Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.
A Look Back
Prior to jumping into 2023 predictions, Fortinet’s report takes a look back at 2022 predictions and how they’ve played out.
The rise of advanced persistent crime, fueled in part by the growth of ransomware as a major crime facilitator to extract financial demands from victims, was a leading metric. The report points out that there was more than a 100% increase in identified ransomware over the first six months of 2022 compared to the prior year.
The report also emphasizes the growth of ransomware-as-a-service (RaaS). RaaS enables malicious actors to offer paid subscription offerings to customers looking to carry out nefarious activities. The offerings grant access to ransomware variants and attacks.
There’s also been major growth in ransomware payments reported to the U.S. Treasury Financial Crimes Enforcement Network (FinCEN): over $600 million in the first half of 2021, surpassing the value of ransomware payments from the previous decade. Other reports and sources, including those from the U.S. Cybersecurity Infrastructure and Security Agency (CISA), also reflect increases in ransomware.
Another key 2022 prediction was that edge attacks would go mainstream. This proved true, as the Fortinet 2022 State of Operational Technology and Cybersecurity Report found that 93% of organizations experienced an attempted intrusion of their operational technology (OT) infrastructure in the past 12 months, with 83% experiencing more than three incidents. I believe we’ll continue to see the growth of edge and Internet of Things (IoT) devices that are networked and “smart” but also vulnerable due to their connectivity and the software they use.
Lastly, the report predicted that there would be increased attempts to weaponize artificial intelligence (AI). That prediction was correct, as there has been a growth in attacks such as deepfakes (which the FBI and CISA have warned about, especially in the context of social media outlets), along with other types of attacks that utilize AI for a variety of malicious purposes, from rapidly exploiting vulnerabilities to automating phishing attacks.
Just like defenders are quickly looking to adopt AI to improve their operations and effectiveness, malicious attackers are doing the same. Generally, unlike defenders, bad actors are unencumbered by regulation or organizational policies limiting their use of emerging technologies.
One of the Fortinet report’s top predictions for 2023 is the growth of crime-as-a-service (CaaS) offerings. This includes attack vectors such as RaaS and malware-as-a-service (MaaS). RaaS and MaaS are ways malicious actors continue to operationalize their business models, commoditize their attacks, and gain access to victims for their paying customers. As the use of innovative technologies such as AI grows, so too will the criminals’ portfolio of paid subscription offerings.
The report also predicts that money laundering will get a boost from automation in 2023. It points out that, historically, money laundering was a time-intensive process requiring manually recruiting participants and identifying pathways to extract funds. Malicious actors are utilizing machine learning (ML) to automate their recruitment, targeting, and activities to move smaller batches of funds to avoid detection and law enforcement encounters.
The report concludes by forecasting that malicious actors will continue to try to exploit the metaverse’s augmented and virtual reality (VR) environments to follow their victims and compromise these new environments in unique and novel ways.
This may include activities like trying to access personally identifiable information (PII) or compromise payment information for misuse and fraud. I don’t think this prediction is quite as concerning now, as some of the hype, and momentum, around the metaverse and VR has died down recently.
While it’s safe to say predictions are always, at best, a guess at what will happen, when they are combined with the industry expertise and insight of organizations such as Fortinet, they often come close to reality. Fortinet’s review of 2022 predictions demonstrates that point.
Fortinet recommends organizations take various approaches to mitigate the risks of these attacks, such as adopting zero-trust methodologies including least-permissive access control and micro-segmentation of digital networks and environments.
It also suggests understanding an attack’s lifecycle by using resources such as the MITRE ATT&CK framework, which can help defenders understand the various activities and intent of malicious actors and stop their activities in their tracks.
To effectively strengthen your organization’s security, I recommend combining Fortinet’s sound recommendations while focusing on building a robust security culture. Additionally, it is crucial to break down organizational silos and actively establish relationships with teams and leaders across different departments outside of cybersecurity.