Here’s What ThreatQuotient’s Crystal Ball Says for 2023Dave Krasik
From the team at ThreatQuotient, we hope you had a wonderful 2022 and are looking forward to an even better 2023. As we ring in a new year, we thought it would be fun to look into our crystal ball and share some predictions for the coming year.
Machine learning (ML) for phishing. The last half of 2022 saw a flood of interest and even more hype around generative and other advanced machine learning models, for example GPT-3. These models have shown promise in generating novel text content that fits the desired output parameters of a given task. A large proportion of content created for phishing campaigns and spear phishing attacks has traditionally suffered from low quality and can be easily identified by humans or straightforward spam filters. The new generation of advanced ML may be well suited for addressing this shortcoming. This will lead to greater adoption by threat actors and a general increase in the baseline quality of phishing-based threats.
ML for security products. As interest and hype has built up around these new ML models, security product teams and security practitioners have already started brainstorming ways to apply the technology for their benefit. These groups will begin hypothesis testing of new applications for the technology but will encounter challenges with efficacy, signal-to-noise ratios, audibility, and code/model security that are of high importance to security product teams and operators.
Automation. The “people challenge” in security has not gone away and is not going away for the foreseeable future. Organizations are already looking to automation to help address challenges with hiring, retention, and training. Over the coming year, organizations will invest more effort in robust planning and processes that better incorporate automation tools as part of a hybrid manual-automated model. Adopters of automation will turn their focus away from both large, end-to-end automation processes and simple, isolated automation processes to more tightly integrated hybrid processes that combine automation of repetitive, low-risk, time-consuming tasks with human intelligence and analysis.
Security Architectures. As has been the case for many years, larger broad-portfolio security vendors will invest heavily in marketing a shift to single-vendor homogenous architectures, something we’ve seen ramp up further in the second half of 2022. But over the course of 2023, we will see muted results as operators focus on high-quality heterogeneous architectures with a primary objective of aligning with their organizations’ specific use cases and skill sets with best-in-class tools. This will highlight the need for more robust open integrations and API security controls from all vendors.
Threat Intelligence. Threat Intel practitioners will continue to mature their capabilities with respect to strategic intel for a deeper understanding of threats and relevance to their specific organizations. Greater focus on threat actor groups, malware analysis, and actor behaviors (e.g., TTPs) will become a higher priority as organizations streamline their longstanding tactical operations. This will lead to a greater emphasis on context rich taxonomies like STIX 2 as well as further emphasis on granular contextual and relationship data.
Government and security. Governments in partnership with industry will make meaningful progress in maturing legal frameworks around threat prevention and intelligence sharing. For example, legislative action and courts will strengthen legal frameworks and incentives to address the evolving threat landscape. This will be concomitant with government operators becoming more sophisticated and organized in their ability to support industry threat investigations and remediations and more readily share relevant threat intelligence with industry.
Making predictions is tricky. However, whether each of these pan out exactly as we’ve outlined above or not, we hope they provide good food for thought as you create your security plans for 2023. In the meantime, we’ll be tracking how well our crystal ball performed and provide an update later next year.