Bridewell outlines the key cyber security developments and trends set to shape the next 12 months
Following a year marked by hostile nation-state activity in both physical and cyber domains, alongside escalating cyber threats against the UK’s critical national infrastructure (CNI), UK cyber security services firm, Bridewell warns of continued geopolitical and economic disruption.
From constrained security budgets to vulnerable insiders being targeted with increasingly global ‘as-a-service’ models of cyber crime, in its Cyber Security: What to Expect in 2023 report, Bridewell’s team of experienced consultants, coupled with insights from its 24/7 security operations centre (SOC), outline how:
- 2023 will see a surge in global cyber cartels – While nation-states like Russia and China will continue to dominate headlines in 2023, large criminal groups across other regions, such as Latin America, will increasingly shift away from conventional illicit activities and towards cyber crime. Driven by financial gain, ransomware gangs are likely to organise themselves along the lines of drug cartels, joining forces to carry out potentially devastating cyber attacks via ‘as-a-service’ models that require limited technical expertise. Cyber crime can offer large profits and minimal danger, making it a highly attractive business for these groups.
- Criminals could exploit the cost-of-living crisis to find internal victims – With financial hardship set to continue for many into 2023, organised criminal groups are ready to target vulnerable insiders within organisations to gain access to sensitive data or protected systems. Threat actors could reach out to individual staff and offer them a generous payoff in return for direct internal access. Public sector organisations, including local and national government, should be particularly vigilant next year, due to mounting workload and financial pressures, coupled with the highly sensitive information constantly at the fingertips of individual employees.
- Some CNI organisations will cut their cyber security spend – Although cyber security budgets within CNI have risen in recent months, the exceptional pressures currently facing certain sectors such as healthcare and government may lead to some organisations re-evaluating their expenditure. Cuts to cyber security spend will inevitably open more risks in 2023, particularly as threat actors continue to evolve their tactics and techniques. Left unaddressed, this could lead to some large-scale attacks against energy providers next year.
- Tool sprawl will increase organisations’ vulnerability to attack – As threat actors continue to invest in a wider range of tools, such as ransomware-as-a-service (RaaS) and commoditising information stealers, which lowers the barriers to criminal entry, some organisations will try and keep pace by adding more and more individual tools to their own technology stack. This could cause them problems in 2023, as having an unmanageable amount of security tools reduces visibility, lowers threat response time, and creates additional complexity and confusion.
- The hybrid SOC model will go from strength to strength – As organisations seek to better manage their security tools, more and more will look towards the hybrid SOC model to ease the strain on overstretched cyber teams and reduce the complexity of monitoring, managing, operating, and optimising a modern technology stack. By supplementing existing skills gaps and upskilling internal teams, the hybrid SOC can complement in-house capabilities with a wrap-around, expertise-driven outsourced service. This will be of critical importance in 2023, especially as the cyber skills gap widens.
Martin Riley, Director of Managed Security Services at Bridewell added: “As we head into 2023, organisations should prepare for even greater security demands, especially as geopolitical and economic tensions escalate and cyber skills shortages continue. To strengthen their security posture in this heightened threat landscape, organisations must mature their processes and technologies to ensure they are leveraging rich, threat-led managed detection and response (MDR) and extended detection and response (XDR) capabilities.”
Download the full Cyber Security: What to Expect in 2023 guide here.
Bridewell is a cyber security services company providing global, 24×7 managed detection and response services and cyber security consultancy.