Skip to main content
Watch the replay of our Detecting Malicious Activity.
Industry Perspectives

An ABC Sampler of Cybersecurity Predictions for 2023: Autonomy, BOMs, CaaS

  • by Ben Smith

Another year on the calendar, another guarantee that the technology on which we are so reliant will demonstrate new and largely unanticipated consequences. Perhaps nowhere is this clearer than in the world of cybersecurity. Let’s take a brief look at three themes of cybersecurity predictions for 2023.

A is for Autonomy. The automobile industry is the very first thing we think of when we hear “autonomy,” and there is no denying the promise of fully automated smart vehicles and how they can improve logistics, personal transport, and last-mile delivery.

Through a darker looking glass, while we’ve seen proofs-of-concept in the past demonstrating unauthorized control of a moving vehicle, look for exploits relating to vehicular data: deliberate obfuscation of real-time geolocation coordinates and tampering of previously recorded data will surface as new areas of mischief for researchers and criminals alike.

But autonomy, including both its benefits and risks, lives well beyond this single industry. Expect to see dramatic developments leveraging artificial intelligence, where we’ll see natural language processing tools like ChatGPT used to create malware, point out potential weaknesses in system design, craft even harder-to-detect phishing emails, and even script out recommended interactions designed to amplify the impact of a social engineering attack.

And thinking about our cyber-defenders, tools focused on making the job of the security operations center (SOC) easier through rules-based automation, such as security orchestration, automation and response (SOAR) platforms, are a natural focus point for an adversary, AI-backed or not, to consider.

B is for BOMs. Software bills of material will continue to play an essential role in securing supply chains for governments and businesses. But reliance on SBOMs depends on a comprehensive understanding of the volume of open-source code running in every organization today.

Being able to point to the provenance of a piece of code is useless if you haven’t identified it in the first place. We’ll see more than one SBOM-reliant organization announce an incident, with a root cause of “the compromised code wasn’t captured in our inventory.”

What kind of new incidents might we see? What we typically see in the news are attacks where a vulnerability is exploited as an entry point to reach some other target within the victim’s environment: sensitive data which might be encrypted and then ransomed, or outright exfiltrated and stolen.

But the long game here is not to act against the confidentiality or availability of data, but to instead focus on the third leg of information security’s CIA triad: integrity. While we might not hear about it, it’s guaranteed there will be incidents where targeted data is not being stolen, but silently modified in support of an adversary’s short-term or longer-term goals.

This use case is one where visibility or observability into not only your coding or development enclave but your entire environment is key. Defenders with their eyes on network traffic, logs, and endpoints – the foundation of today’s extended detection and response (XDR) – have the best chance to thwart these type of attacks as they occur.

C is for CaaS. Crime-as-a-service lowers the barrier to entry for criminals and nation-states alike, where a lack of technical expertise can easily be addressed with a cash payment. And even as the capabilities of these malicious tools and platforms increase, their prices will continue to come down, making it even easier for an adversary to buy their way into a weapon to be used against their target.

One way to keep up with this arms race is to outsource some or all of your own capabilities to a managed detection and response (MDR) provider, where the visibility benefits brought to you by XDR are combined with skilled human expertise to help fight these battles more effectively.

Don’t forget: cybercrime is a business, and as such it operates under a business model.

And like all healthy businesses, CaaS providers constantly innovate to deal with the new hurdles erected by the good guys who are trying to protect their organizations and the data held within.

Don’t be surprised to hear about a new wave of phony apps which are designed to eavesdrop on sensitive communications, access photos and other files on mobile devices, or even to serve as stepping-points into other devices within your environment. Just because a technique is old doesn’t mean it’s not effective today.