Prepare for even greater security demands, especially as geopolitical and economic tensions escalate and cyber skills shortages continue, says a cyber firm.
Martin Riley, Director of Managed Security Services at Bridewell said: “To strengthen their security posture in this heightened threat landscape, organisations must mature their processes and technologies to ensure they are leveraging rich, threat-led managed detection and response (MDR) and extended detection and response (XDR) capabilities.”
Software and applications are only becoming a bigger part of our lives, says John Smith, EMEA CTO, Veracode. He says: “As this demand for better digital experiences continues to grow, it is imperative that businesses remember that the need for better security increases alongside it. To achieve success in 2023, businesses will need to set out on the right foot from the beginning and ensure their security strategy is considered from the first line of code.
“If we have learnt anything from 2022, it is that no organisation is immune to cyber threats. Fortunately, however, we are seeing proactive new steps to help prevent risk, with the likes of the European Cyber Resilience Act (ECRA) and Digital Markets Act (DMA) both coming into play in the last year. This, coupled with the increased demand for better digital experiences, seems to have reenergised the investment and prioritisation of cybersecurity by businesses. Many professionals expect further laws to be introduced in the coming years and want to get ahead of anticipated mandates by investing in better security practices and emerging technologies, such as automated, machine learning-driven remediation.
“While we are seeing positive steps in the right direction as we enter 2023, it would be naive to think that we can ease up and pat ourselves on the back. Security is neither a tick-box exercise nor an end goal, but rather an ever-evolving journey. Now, more than ever, we should be ensuring that security is pervasive not invasive. Then, hopefully we’ll be able to reach a place where businesses truly have an always-on understanding and active role in mitigating cyber risk before disruption can occur.
On data storage, Brad Jones, VP of Information Security at Seagate Technology, suggests that businesses will prioritise data classification to avoid regulatory repercussions. “Data handling practices across categories (PII, healthcare, financial, etc) are regulated differently based on their industry and location. As a result of no unified classification strategy, organizations open themselves up to major fines that threaten their freedom to operate if employees accidentally mishandle data. To avoid this, the leading companies are creating ways to foster closer collaboration between their security teams and departments handling sensitive data.”
Cloud service providers will face greater demands for tech stack transparency amid security concerns, he predicts. In response to increasing US federal software security regulations, and customer concerns about software vulnerabilities, software providers have been forced to provide more visibility into their tech stack. As pressures mount, customers will require cloud providers to be more open, and to offer new methods to evaluate IT purchasing decisions, he says. On the cyber security ‘skills gap’, organizations have adopted automated security tools, which offer cost efficiencies, he says. “But managing these tools requires specialized skills. While automation may solve the current security skills gap, it may create another one—by requiring a level of specialization that many security workers don’t currently have. Organizations that strategically adopt new technology and invest in upskilling IT staff will be better prepared against security threats, while deepening loyalty from their employee base.”
Malware continues to pose the greatest threat to individuals and businesses across nine key industries, with manufacturing, education and healthcare being the most commonly targeted, according to the annual State of Encrypted Attacks Report by the cloud security product company Zscaler. Encrypted attacks remain a significant problem, with the United States, India and Japan seeing the biggest increases in attacks over the last 12 months.
Deepen Desai, CISO and VP of Security Research and Operations at Zscaler said: “As organisations mature their cyber defences, adversaries are becoming more sophisticated, particularly in their use of evasive tactics. Potential threats continue to hide in encrypted traffic, empowered by as-a-service models that dramatically reduce the technical barriers to doing so. It is critical for organisations to adopt a cloud-native zero trust architecture that allows consistent inspection of all internet bound traffic and effectively mitigate these attacks.”
D-Link’s European Marketing Director, Neil Patel says that with flexible and hybrid working models now the norm, more enterprises will need to address the security challenges of a remote workforce to take their digitalisation journey to the next level.
“As a result of this growing need to enhance protections, the adoption of Wi-Fi Protected Access 3 (WPA3) for wireless security is likely to accelerate, both in the home and in offices. WPA3 is the latest generation in mainstream security for wireless networks. It will eventually take over from the current WPA2 to become the enhanced standard for wireless security for enterprises and end users from client to cloud.
“But unfortunately, the reality of secure access is much more complex. People’s homes are filled with a combination of new and old devices that utilise encryption technologies provided by the Internet Service Provider (ISP)’s router. ISPs are not in the habit of upgrading routers on a regular basis, so many households still utilise what was given to them when they first took out their contract. Older routers aren’t able to support newer security protocols like WPA3, so the security outlook is – unsurprisingly – a pressing concern for enterprises.
“In 2023, we are likely to see businesses attempt to heighten existing security measures and technological infrastructures to better navigate the security challenges of employees working from home. It is prudent for this to include mandated security protocols to protect all devices connected to the network, whatever they may be used for. This can include keeping device operating systems up to date, understanding how much a home network is supporting, ensuring that home networks are running the latest and most sophisticated technology, setting up a completely separate intrastate for hybrid working and providing remote desktop access via dongles or VPNs.
While there is no silver bullet when it comes to security, implementing clear guidelines and protocols will help ensure all members of an organisation are, at the very least, actively aware of how to keep their workplaces and homes safe.”
