Written by Vincent D’Agostino, Head of Digital Forensics and Incident Response, BlueVoyant
Throughout this past year, organisations large and small have continued to battle against growing cyber security threats in an increasingly sophisticated and often unstable threat landscape. BlueVoyant’s Head of Digital Forensics and Incident Response, Vincent D’Agostino, shares his thoughts on how cyber security trends in 2023 will shape enterprise priorities and spending…
Ransomware groups will increase and diversify in 2023
“When it comes to ransomware in 2023, the divide between ransomware groups operating ostensibly for profit (such as Lockbit and PYSA) and groups with apparent, or overt, political motivations (such as Prestige and RansomBoggs) will continue to deepen. In 2022, many large groups collapsed, including the largest, Conti. This group collapsed under the weight of its own public relations nightmare, which sparked internal strife after Conti’s leadership pledged allegiance to Russia following the invasion of Ukraine. Conti was forced to shutdown and rebrand as a result.
After the collapses, new and rebranded groups emerged. This is expected to continue as leadership and senior affiliates strike out on their own, retire, or seek to distance themselves from prior reputations. The fracturing of Conti and multiple rebrandings of Darkside into their current incarnations has demonstrated the effectiveness of regular rebranding in shedding unwanted attention. Should this approach continue to gain popularity, the apparent number of new groups announcing themselves will increase dramatically when in fact many are fragments or composites of old groups.
In 2023, attacks are likely to get simpler in nature and target smaller companies as they are considered softer targets, less likely to draw media attention. This also provides fertile and forgiving proving ground for young hackers learning to get into what has become the big business that is ransomware. A good example of this is groups like Karakurt that skip the complexities of an encryptor deployment entirely and regress to single extortion attacks where data is merely exfiltrated and not encrypted — something we haven’t seen much of since 2015.”
Cyber Insurers will define coverage lines with more precision and enforcement
“As cyber incidents — especially Business Email Compromises — occur more frequently, and as ransomware attacks are beginning to surge again, providers will continue to tighten standards required to obtain or maintain coverage and increase premiums. Over the past year, we witnessed mandates such as Lloyd’s of London’s decision to exclude certain coverage beginning in March 2023 which might have caused some concern. However, it is still essential to pursue cyber coverage despite what some might view as a setback. The underwriting process and the completion of an underwriting application are excellent ways to self-assess and consider the protection of assets from a cyber perspective. The information gleaned from these exercises is valuable information, not only for the CISO, but for the Board and CFO, and augments financial investments and regulatory compliance. Homeland Security will continue to invite insurers to cyber national defence discussions, and insurers may join in public-private partnerships to share intel.
In the new year, as providers and organisations continue to navigate its new territories, organisations will likely place greater emphasis on being insurable and understanding the risks they face across sectors. Insurance premiums will continue to rise and the capacity in which an organisation is covered will continue to be tested as insurers define coverage tied to specific incident types. Organisations that implement proactive measures will come out ahead.”