2023 Cybersecurity Year in Review: Notable Facts and Policies February 02, 2024
Despite significant investments in cybersecurity infrastructure and the growing cybersecurity industry, cyber threats are still on the rise. 2023 was a year of numerous hacking incidents such as MOVEit, 23andMe, and MGM Resorts hacks. The year also saw the launch of the National Cybersecurity Strategy as well as the National Cyber Workforce and Education Strategy (NCWES) to address current and future cyber threats. Another important development was the rise of Artificial Intelligence, which can potentially change the threat landscape in the not-so-distant future.
Ransomware attacks broke new records in 2023, even with increased defensive capabilities. Among the notable victims were MGM Resorts, Caesar Entertainment, the City of Dallas, U.S. Marshals Service, and MOVEit. The ransomware gangs took advantage of previously known vulnerabilities and several zero-day vulnerabilities to infiltrate their victims' networks. In 2023, 69 zero-day vulnerabilities were discovered, the second-highest number ever recorded. LockBit, Clop, and BlackCat were among the most active ransomware groups, responsible for hundreds of high-level attacks. APT and ransomware groups have been using advanced tools and complex methods to carry out their attacks. According to a survey by CyberRisk Alliance Business Intelligence, 71% of the participating organizations reported that the increasing sophistication of ransomware groups is their top concern. This is followed by the use of AI by these groups.
The year 2023 saw significant advancements in AI technology, particularly with the introduction of ChatGPT, a chatbot using Generative AI and Large Language Models (LLM). This innovation has generated a lot of attention and speculation about how AI will impact our lives. While some are concerned about the potential job loss due to AI, it can actually help address the workforce shortage in cybersecurity. In the US alone, there are around 600,000 unfilled cybersecurity jobs, and this number is continually increasing. By incorporating AI in cybersecurity, this shortage can be resolved relatively easily. It's important to note, however, that AI is unlikely to replace human expertise, and cybersecurity professionals will continue to play a crucial role. AI can streamline some cybersecurity tasks and help advance cybersecurity technologies.
Machine Learning (ML), which is a subfield of Artificial Intelligence (AI), has played a critical role in cybersecurity for a long time. It can be used for a range of cybersecurity tasks, from vulnerability management to forensic analysis and anomaly detection. ML is utilized by many security tools such as IDS and IPS systems, firewalls, antimalware solutions, SIEM and EDR tools, and Identity and Access Management services. The use of ML in cybersecurity provides more advantages than simple automation; it can detect new malware through heuristic approaches and behavioral-based analysis. With ML, we can monitor large volumes of data packets traveling through or leaving a network and detect anomalies by generating and utilizing a baseline at a speed that is beyond human capability.
Another important application of AI is in the collection and analysis of threat intelligence. It enables us to identify and share the tactics, techniques, and procedures (TTPs) utilized by threat actors, thus preventing cyber-attacks. By utilizing AI and knowledge of TTPs, organizations can more effectively deal with a broad range of cyber threats. This technology also enhances monitoring and incident response capabilities. Nowadays, AI is being deployed in various cybersecurity areas, making it an essential component of computer and network protection.
AI is not only utilized by cybersecurity professionals but also by cybercriminals. Most cyberattacks are based on social engineering, and hackers leverage AI to create more sophisticated schemes. They can generate audio or video content to impersonate someone else using AI. Moreover, AI can be utilized to develop improved algorithms for cracking passwords. Artificial intelligence (AI) has opened new doors for us, but it also poses new threats that we need to be mindful of and ready to handle. Despite its drawbacks, AI has more advantages, and it can help us advance the technologies we use to secure our digital assets. We should embrace AI in cybersecurity and utilize it to improve the detection and response mechanisms.
The National Cybersecurity Strategy, released in March 2023, acknowledged the rise of AI as an emerging trend and the potential risks it could bring. The document also recognized several other threats and outlined the Biden administration's game plan to address cyber risks. The strategy emphasized the importance of safeguarding critical infrastructure from cyberattacks. Critical infrastructures are crucial for public welfare, and their disruption can pose a threat to national security. Past cyberattacks targeting critical infrastructure have caused significant damage. The administration aims to ensure that the country is prepared for sophisticated cyberattacks that could impact critical infrastructure.
The strategy represents a significant step towards reducing the risks associated with insecure applications. The administration's goal is to shift the responsibility for cybersecurity away from individuals, organizations, and local governments, and place it on vendors. Currently, vendors are generally protected from liability claims related to vulnerabilities in their products that are exploited and cause harm to users through licensing agreements. Eliminating this legal protection would compel companies to improve the security of their products.
We have observed numerous advancements in the field of cybersecurity in 2023 that can give us an insight into what we can expect in 2024. The current trends suggest that ransomware attacks are likely to increase in 2024. Additionally, we will continue to discuss and speculate about AI and its potential impact on cybersecurity.
__________________________________
Orion Policy Institute (OPI) is an independent, non-profit, tax-exempt think tank focusing on a broad range of issues at the local, national, and global levels. OPI does not take institutional policy positions. Accordingly, all views, positions, and conclusions represented herein should be understood to be solely those of the author(s) and do not necessarily reflect the views of OPI.