1

CISOs’ top cybersecurity trends 2023 to prepare for

Извините, этот текст доступен только на “Английский” и “Украинский”. For the sake of viewer convenience, the content is shown below in one of the available alternative languages. You may click one of the links to switch the site language to another available language.

Despite security teams’ efforts, the cybersecurity landscape seems to worsen every year. Cybersecurity experts share top cybersecurity trends that will help security leaders to strengthen their organization’s security posture in 2023 and beyond. Here’s what they reveal.

 

  1. Account For the Impact of Ransomware Attacks

 

Brian Masson, director of security, Jobber

“We’re going to see ransomware attacks continue and leaders need to be ready for it. IAM interfaces with the human element and has historically been a problem. Bad password practices, missing MFA, etc. – I don’t see this changing for a long time. A “new” area of focus: increasing fallout from nation-sponsored actors. A few leaders might be directly responsible for critical infrastructure, but the rest of us have to account for the impacts those attacks will have on our businesses – increased absenteeism, disruptions to remote work, and similar indirect business challenges.”

 

  1. Rebuild Endpoints Using a Sophisticated EDR

 

Sushila Nair, vice president of security services, NTT DATA

“Ransomware attacks have risen 240% in two years and will continue to rise. The majority of times, ransomware’s initial vector of infection is endpoints, so organizations need to reduce the attack surface. Attackers are now spending time compromising backups, multiple nodes, and services so that they can attack once they are already everywhere. In 2023, organizations will have to get better at rebuilding endpoints using a sophisticated EDR. In addition, organizations will turn more toward a single sign on with MFA protection, and be more careful of leveraging free tier SaaS apps or SaaS apps that are unable to integrate with the single sign-on.”

 

  1. Emphasize Implementing Cybersecurity Best Practices

 

Kayla Williams, CISO, Devo

“There’s a lot of misconception today around who owns the security. A CISO is accountable for setting the strategy, but they cannot implement that strategy if there is no buy-in from other areas in the organization. It is up to those in each department to apply the controls that the security team recommends or mandates. This disconnect between the expectations of the security team and the actual implementation is where we see things fall through the cracks. 2023 will be the year that organizations seek to solve this problem and place more departmental emphasis on implementing security best practices.”

 

  1. Invest in Employee Trainings To Ward Off Cyberattacks

 

Mark Guntrip, senior director of cybersecurity strategy, Menlo Security

“Ransomware attacks will continue to rise in 2023. In today’s threat landscape no one’s systems are safe and there are no signs of cybercriminals slowing down these efforts. Humans are the weakest link when it comes to security. Our research found that employees ignoring corporate security advice topped the list of IT security decision makers’ biggest concerns and 39% worry about ransomware attacks evolving beyond their company’s security capabilities. It’s no surprise that cyber attackers are becoming increasingly intelligent as we continue to see an emergence in techniques that can evade typical security stacks, like Highly Evasive Adaptive Threats (HEAT) attacks.”

 

  1. Zero-Trust Architecture’s Importance Will Grow

 

Danny Allan, chief technology officer, Veeam

“I expect the top cybersecurity priority for 2023 will be addressing the ransomware threat in a variety of ways, from leveling cyber skills by working with the security team to the right security tools, like multi-factor authentication (MFA) and training courses. I also think zero-trust architecture’s importance will grow as a means to validate access and improve security, and expect to see a massive increase in cybersecurity budgets beyond levels thought possible mere decades ago.”

 

  1. Incorporate Policy-as-Code Into Cybersecurity Practices

 

Gaurav Rishi, VP of product and partnerships, Kasten by Veeam

“As Kubernetes applications become mainstream, the attack intensity and vector are growing too. This will result in Kubernetes-native data protection tools growing further in importance to ensure backups remain your last line of defense. Organizations will also have to prioritize the balance between nature (using/securing the foundational codebase) and nurture (operational best practices including identity management, and data encryption). Lastly, in the DevSecOps world, businesses will need to incorporate policy-as-code into their processes to institutionalize an additional layer of protection and ensure security practices are implemented across a diverse environment.”

 

  1. Work Closely With Federal Agencies To Set Security Standards

 

Deral Heiland. principal security researcher, Rapid7

“With an accumulation of IoT vendors seeking to grow their brand trust, I predict in 2023 many will embrace voluntary product security standards to promote themselves above their competitors. I also expect IoT vendors to work more closely with federal and state agencies to set security standards for IoT technology. In addition, as we continue to see the development and growth of new products where smart digital technology and the physical world intersect, we will begin seeing IoT devices with health and safety issues so problematic that vendors will be forced to do massive recalls similar to what we have seen in the auto industry.”

 

  1. Be Transparent About Cybersecurity Practices With Customers

 

Tony Liau, VP of product marketing, Object First

“The public is becoming more aware of ransomware threats and data privacy issues, and the way companies interact and communicate with their customers will have to shift in 2023. As data leaks become more and more public, instead of trying to downplay the incident or hide it, organizations will need to be more transparent in their messaging. They’ll need to admit to the problem and provide details on what steps they are taking to mitigate the issue and prevent future breaches. Customers will appreciate this honesty and will be more likely to do business with companies that are open and transparent about their cybersecurity practices.”

 

  1. Generative AI Adoption Will Grow in Popularity for Security Tools

 

Fritz Jean-Louis, principal research director, Info-Tech Research Group

“Increased spending will be necessary to address operational updates needed to understand the threat environment and to bring in experienced cyber experts in a shrinking talent market. This will allow CISOs to keep pace with competitors during a time of rapid, continuous digital transformations. Generative AI adoption will continue to grow in popularity within security tools. Powered by neural networks, it can help detect crucial network anomalies, risks, and patterns that a human might miss. As software supply chain attacks become increasingly focused on identifying zero-day vulnerabilities, Zero-trust architecture is evolving from a preference among some organizations to an industry standard. Continuous verification of operations is now a necessity.”

 

  1. Prioritize Cyber Resilience and Risk Reduction in 2023

 

Eran Kinsbruner, chief evangelist of test automation practices, Perfecto by Perforce

“Our mobile devices are frequently at arm’s reach and store personal, sensitive data, making them easy targets of malicious attacks. Organizations must prioritize cyber resilience and risk-reducing strategies in 2023. To achieve this, teams can introduce a shift-left approach to implement codes and policies earlier in the development process that identify security gaps and weaknesses. However, the most successful teams will integrate testing parameters and checkpoints throughout the entire development lifecycle in a continuous and agile manner—going beyond only ‘shifting left.’ Expect to see more teams bring security analysis into the CI/CD pipeline, including static code and dynamic analysis activities and validating with functional testing and mocking services.”

 

  1. New Regulations Will Introduce Mandatory Security Practices in IoT

 

Dan Berte, director, IoT security at Bitdefender

“IoT vulnerabilities will continue. An area that will continue to plague IoT vendors in 2023 is their slow response (or lack thereof) to security researcher contact for vulnerability disclosure and patching. Some mitigation is expected by new regulation such as the EU Cyber Resilience Act, however, that will introduce mandatory cybersecurity requirements for products sold in the bloc, but the law isn’t expected to have authority until 2025 at the earliest.”

 

  1. The absence of a Cybersecurity Culture Will Pose a Serious Threat

 

Victor Kritakis, CISO, Epignosis

“Similar to previous years, companies will continue to struggle with phishing, ransomware, and DDoS. Remote work is here to stay, along with the security risks that it brings. Unshielded home networks, untrained employees, and the absence of a cybersecurity culture will pose a serious threat to organizations unless they take proper precautions. A new geopolitical reality. The war that is happening, along with the energy crisis, may result in attacks on critical energy infrastructure.”

 

Source: Spiceworks

Related Posts

card__image

Cyber incidents among top business risks — Allianz Risk Barometer 2023

Извините, этот текст доступен только на “Английский” и “Украинский”. For the sake of viewer convenience, the content is shown below in one of the available alternative languages. You may click one of the links to switch the site language to another available language. The risk of cyberattacks, business disruption, and inflationary pressures will continue to […]

card__image

Ethical Hackers For Hire

Извините, этот текст доступен только на “Английский” и “Украинский”. For the sake of viewer convenience, the content is shown below in one of the available alternative languages. You may click one of the links to switch the site language to another available language. You’ve probably heard the phrase “you don’t know what you don’t know.” […]

card__image

DDoS is not a goal, it is a path

Извините, этот текст доступен только на “Английский” и “Украинский”. For the sake of viewer convenience, the content is shown below in one of the available alternative languages. You may click one of the links to switch the site language to another available language. Since 2021, distributed denial of service (DDoS) attacks have skyrocketed, both in […]

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *