Paul McNamara, Senior Solutions Engineer at the web security and apps company Edgio, sees 2023 as a year of both threat and opportunity.
It takes skill to strike a balance between user experience and cybersecurity. As threats continue to increase and consumer expectations sky rocket, it is challenging for organisations to decide where to concentrate their efforts to get the greatest results. This year, leaders will see an increase in zero-day attacks, begin to recognise the risks associated with IoT, and decide to invest in edge computing. However, many organisations simply lack the internal resources to meet this degree of security requirements or successfully apply new solutions.
What therefore should leaders prioritise when working with partners and vendors to increase security without compromising user experience?
1.The rise of zero-day attacks
The threat landscape is constantly changing with the introduction of new technologies and attack vectors. Some of the most preeminent threats in 2023 will be zero-day application exploits – where hackers identify a vulnerability in something that’s used by many organisations and then exploit it to bring down systems all over the world. They are massive attacks that can be difficult to spot, losing businesses money, brand reputation and trust. For instance, in Q2 2022, application-layer and network-layer DDoS attacks increased by 72 per cent and 109pc, respectively. In the last decade, about 40% of attacks took place in 2021 alone, and hackers show no signs of slowing down with recent breaches at Samsung, Apple, and Google.
As companies start maturing their cybersecurity awareness and programs, it is important to have proper investment in solutions and capabilities to not just prevent cyber attacks, but also to detect and respond to them. Having visibility of zero-day attacks allows organisations to quickly mitigate and resolve them, and deploy security rules quickly which minimises impact.
Businesses should invest in a distributed edge network and dual WAF solution, as it allows them to test out new mitigation techniques without endangering their network. Once organisations test in audit mode and check that everything is working properly, they can quickly deploy into production and mitigate vulnerabilities faster – without going offline. For enhanced protection, solutions that detect threats via artificial intelligence (AI) and machine learning (ML) will be vital in 2023. Organisations using AI and automation had a 74-day shorter breach lifecycle, saving an average of $3 million more than those without.
2.The risks of IoT devices will become clear
With ongoing IoT developments, in 2023 there will be billions of connected devices to the internet, opening unprecedented opportunities for hackers. With more than 43 billion connected devices, there are more attack vectors than ever for cybercriminals.
The UK and US are introducing greater measures to help buyers understand what risks might be posed by specific devices they introduce in their homes. For instance, the UK government is already looking at the Product Security and Telecommunications Infrastructure Bill, formalising their previous Code of Practice for Consumer IoT Security. With stolen or compromised credentials the most common cause of a data breach, it’s about identifying vulnerabilities in IoT infrastructure and taking mitigating action.
The struggle for CISOs is fully grasping their attack landscape and where opportunities lie for hackers. For example, when retailers use IoT to extract real-time in-store sales data, this can often be through the use of third-party vendors, or applications from their point of sale. Identifying vulnerabilities like this and focusing on the potential risks associated with third-party applications will be vital to boost security in 2023. It is an ongoing challenge as systems and solutions continue to evolve as organisations modernise and build out their IoT infrastructure – however, moving security to the edge of your network can help to filter sensitive data locally and only send critical IoT data to the cloud.
3.The year of the edge
Despite being widespread, edge computing is still nascent, with organisations trying to understand how to incorporate it and realise all its benefits. 2023 will see workloads moving to the edge, due to better performance and reduced latency, lower costs, greater scalability, and improved availability.
The future of digital experiences is at the edge. These solutions provide the performance, security, and reliability needed to deliver innovative and personalised experiences, resulting in reduced costs and latency. Using this technology shields critical infrastructure and absorbs increasingly enormous threats from zero-day attacks and IoT hacks. And finally, it provides greater reliability by offering better routes or ‘fast lanes’ between users and the data they are accessing.
There used to be a belief that implementing comprehensive security would slow down processes and jeopardise user experience – but this is not the case. It is believed that over 40% of all internet traffic is comprised of bot traffic, so by blocking bad bots you can allow real users to access your site more easily and get better performance as your site is not being slowed down by malicious requests. For instance, in the retail industry, having super-fast page loads encourages customers to browse more and increase spend.
Whether it’s combatting zero-day attacks, preparing for new IoT threats or embracing new edge solutions, 2023 will be a year of both threat and opportunity.
