Strong economic headwinds are forecast for 2023. Continued supply chain challenges, a sharp resurgence in consumer demand and energy market imbalances stemming from the conflict in Ukraine are driving up inflation. Central banks are ratcheting up interest rates to nip this in the bud, but economic contractions will likely follow. The resulting downturns will drive financially, geopolitically and ideologically motivated cyber threat actors to step up their campaigns in the months ahead.

New rationales will drive cyber threats

The economic uncertainty will likely push more tech-savvy people into cybercrime. The growth of crime-as-a-service markets (including the now burgeoning ransomware affiliate marketplace) has lowered the barrier to entry for low-level criminals and advanced operators to use tools like ransomware, banking Trojans and other malware. Cybercrime including financial fraud typically increases during a recession as criminals seek quick cash. Look out for a significantly increased threat from phishing, social engineering, business email compromises and other attacks directed at staff. Low- and high-skill criminal actors will look to exploit the downturn by leveraging lures designed to appeal to those concerned about the current financial climate. 

The state of the global economy will influence criminal targeting. Organisations with healthy balance sheets are likely to be seen as prime targets for fraud. Although less likely to target businesses in the red, ransomware groups are still likely to hit companies that are struggling. They may perceive such organisations to be more willing to pay a ransom to restore network access if operational disruption could push them under. If economic challenges prevent victims from paying, we will see the number of public ransomware disclosures increase, piling on additional reputational and regulatory damage . Maintaining and updating a response plan in line with the evolving threat landscape, including any requirements under all relevant data protection regulations is critical. 

The threat from malicious insiders will also likely grow. As salaries fail to keep pace with inflation, financial concerns will likely motivate some disgruntled workers to steal and sell sensitive information. And while unemployment rates are at historically low levels across major economies, joblessness will likely rise in the months ahead as businesses feel the pinch. 

For those forced out of work, grievances will likely motivate data leaks. State, criminal and activist groups alike are increasingly able to motivate employees of large companies to act against their employer. This threat will only grow as external pressures force employees to look for alternative income sources. Sensitive management of employee onboarding and offboarding will be crucial, especially when employees with access to sensitive information or critical assets are concerned.

Financial challenges will drive threats from advanced state actors. Fiscal challenges and the uncertainty facing key industries will increase incentives for some states to steal intellectual property as well as research and development information from rivals to support domestic businesses. Others will seek to profit from turmoil in their adversaries’ markets to sow discontent through disinformation campaigns in line with geostrategic objectives. Meanwhile, Russia’s continued attempts to use energy as a source of leverage over Western rivals will push up its intent to target European energy infrastructure with disruptive campaigns – though it will continue to rely on criminal proxies to do the damage. Understanding how macroeconomic and geopolitical shifts are driving state campaigns should remain at the heart of a threat-led approach to managing cyber risks.

All the while, governments will find themselves under pressure to tighten their belts. The slightest whiff of a return to austerity will draw the attention of international cyber activist collectives long motivated by social concerns . Government entities will be prime targets for activist attacks and should implement controls to mitigate attempts to deface or disrupt the availability of website services.

During the coming months, for public organisations and private businesses alike, cutting costs on cyber security is a false economy. As the targeting, tactics, techniques and procedures of cyber threat actors continues to evolve, staying abreast of the shifting threat landscape should remain a priority whilst ensuring that security investments are proportionate to the threats organisations face.