Cybersecurity Predictions for 2023: Thoughts from Abnormal's CISO

The new year is fast-approaching, and a glance at the headlines reveals that economists are predicting a rather lean 2023. Concerns about an impending recession engender feelings of fear, uncertainty, and doubt—all of which cybercriminals can exploit in social engineering attacks. And while never celebrated under any circumstances, in such an environment, security risks are about as welcome as ants at a picnic.

Yet threat actors are already on the march.

For those of us who are hungry for growth, revenue, and security in 2023, these adversaries are well worth identifying. Knowing how to detect and divert them from our organizations is essential for preventing costly consequences.

It’s been said, “A preemptive mindset is always more efficient than a reactive one.” Nevertheless, for every successful attack, there is still plenty of repair and reinforcement available.

In this article, we’ll propose solutions that can help heal and protect you from future attacks by validating your tools, ensuring ROI, and extracting the optimal benefits from your investment.

Modern email attacks are considerably more sophisticated than the poorly-worded phishing emails and obviously malicious links from years past. And socially-engineered attacks are undeniably ticking upward. Nearly every day, employees fall victim to credential phishing and business email compromise (BEC) attacks that lure them into revealing proprietary and sensitive information, often incurring significant and unrecoverable financial losses.

Microsoft also reports a “disturbing rise” in nation-state attack activity. The tragic war in Ukraine has opened up fresh vulnerabilities to Russian targeting and disruption, as well as aggressive espionage activity toward Ukraine’s allies—including the U.S.

Interestingly, Ukraine’s decision to migrate government and critical services to the cloud has fortified its resilience to resist and recover from these incursions. That speaks to the rapid improvement in cloud security.

Further, thinking preemptively means that you should stay on the lookout for threat campaigns from unexpected origins. Ransomware is particularly ferocious, tenacious, and lucrative; Iranian sources have been executing these attacks blatantly, according to Microsoft.

Prescriptive vigilance recommends digging deeper into areas beyond email.

In my experience, we have to be on constant watch for misconfigured SaaS. Those misconfigurations may be responsible for up to 63% of security incidents, says a recent survey by the Cloud Security Alliance (CSA). Do you have too many departments with access to SaaS security settings? (Yes, 35% is too many, scolds TechBeacon).

Also, lack of visibility into setting changes opens the door to prowlers. A whopping 43% of organizations have dealt with one or more SaaS misconfiguration incidents, so you’re not alone.

With attackers becoming more ingenious and destructive by the hour, you can expect them to pivot to and exploit familiar collaboration tools like Teams, Slack, and GitHub to extract sensitive information. Remote and hybrid workforces rely on these communication vessels to carry out their workflow, meaning a breach can deliver a brow-furrowing headache!

Such vulnerability underscores the need to explore beyond initial authentication vectors to truly identify and detect lurking risks, bad actors, and malicious activity. Only machine learning and behavioral data science as part of an integrated security platform can protect your organization.

Here at Abnormal, we sharpen and hone your defenses against the entire spectrum of email-borne attacks, helping you build a security posture that deploys the power of AI to mitigate new and emerging threats. You may not be able to change the threat landscape or economic trends, but you can automate the protection of your email and get back to focusing on the work at hand rather than battling uninvited hordes.

See for yourself how Abnormal blocks email attacks before they can reach employee inboxes. Request a demo today.