The essential people to prevent cyberattacks in 2023

With 2023 fast approaching, many business leaders will be looking for ways to prevent cyberattacks from happening. In recent years, a large percentage of attacks have been due to digitization, increased use of mobile phones and lack of knowledge about the types of attacks.

Paul Allen, practice director at managed IT solutions firm SCC Cyber, compiled a list of top cybersecurity trends for business leaders to watch in 2023.

Allen says strategic planning and resourcing take time to turn into operational excellence.

“The process of establishing a baseline capability, understanding current requirements versus future requirements, is complex. The journey may not be easy. To be successful, business buy-in is needed from of Suite C,” he says.

“It’s often most effective working with an expert third party who can offer support and advice in the most appropriate form,” says Allen.

“This can be delivered in layman’s terms around thought leadership or in the form of paid engagements.”

Allen says a clear governance, risk and compliance plan needs to be developed, reviewed and evolved.

“This should include people and resource planning as well as strategic service providers. As these are obvious risks themselves. Tracking the stages of the journey ensures that progress can be reported to business sponsors.”

People – Recruit and retain quality personnel for a growing number of cyber roles.

Allen says people are the greatest asset of any organization. This is particularly important in the context of cybersecurity.

“Cyber ​​threats are evolving and becoming harder to spot. This applies to professionals and end users alike. As such, organizations need skilled and motivated staff, who are also listened to and engaged, to counter threats. “, did he declare.

In the event of a skills shortage, wages increase as demand increases. If an organization does not understand the need for effective governance and practical application of cybersecurity, staff become demotivated and have no problem finding new employment where they are valued.

Cybersecurity is a team sport

While a lot is made of machine learning (ML) and artificial intelligence (AI). Allen says it’s worth remembering that both abilities are also used by attackers. So all is not good.

“The fundamental creation of effective cybersecurity defenses is people, process, and then technology. Vendors will want to say everything about technology, but that would be too easy,” he says.

“In my experience, it’s harder and more important to get people and processes right. Working with a managed service provider helps scale people and processes to maturity much faster. .”

Allen says this need for skilled personnel will impact all industries, especially those struggling to justify higher salaries for their cybersecurity personnel.

“Developing a strategic plan that specifically addresses cybersecurity resource needs over a two-year period will prove an important tool, this should be reviewed and updated quarterly.

“This plan will allow you to assess areas for internal growth and development, as well as the need for external recruitment to augment the skills and experiences you have or are developing,” he said.

“This longer-term view is necessary to ensure the resilience of your teams and the responsiveness to changing business risks.”

Allen says cyber professionals are increasingly viewed as highly valuable and as such want to feel valued. Thus, training and development plans contribute to reinforcing this perception of value.

“It’s also worth considering business continuity or succession planning for positions with particularly hard-to-find skills. Building strategic relationships with a service provider, who can take responsibility for tasks or specific services, is a good way to mitigate risk.”

Ransomware / Extortion

While ransomware is still at the top of the trend or risk, by 2022 attackers will increasingly resort to extortion-based attacks and miss data encryption. This saves time, reduces complexity and speeds up payment.

Extortion is a Ransomware attack without the element of encryption. The data is exfiltrated and the owner threatened with exposure if he does not pay a fee. Extortion is becoming more common because it is easier to perform and requires the attacker to spend less time dwelling inside the victim’s network.

“For attackers, they also work as a team. Many early access experts pass on their success to those who want to buy an open door to an enterprise data repository,” Allen says.

“Extortion is exactly the same approach as Ransomware, but without the data encryption. The feedback I’ve had from incident response teams is that this way it’s easier for the attacker. They have proof that they have a copy of your data that they can release.By not encrypting you, it’s easier to pay them off quickly.

“The risk of ransomware and extortion can be reduced through a structured and consistent approach to cybersecurity. This should be part of a maturity plan, with a method of tracking progress against defined goals,” says -he.

“Staff training is central to any plan, as are proper internal processes to mitigate the risk of attack.

“Finally, technology, looking at email security, internal governance, and backup to ensure data confidentiality, integrity, and availability.”

Artificial intelligence and machine learning

Allen says qualified personnel are scarce and expensive to recruit and retain.

“There is enormous pressure to defend better and to be more dynamic and agile in our cybersecurity methods. The use of ML and AI (if you have the specialist skills and the right data to create the data models) can be a game-changer,” he said. said.

“The downside is that you need people with the skills and defined governance (people and process). This direction of travel is for organizations with mature policies and governance. Not those looking for a quick win. The entire engagement should be aimed at reducing business risk, with Otherwise, you’ll end up with technology that’s expensive to implement and maintain, and no credible upside.

“So my first recommendation is to make sure you have a solid foundation of cybersecurity governance and capability. (Do the simpler things right),” Allen says.

“Using a framework such as NIST, it is possible to understand internal maturity and capabilities, upon which more advanced capabilities can be applied.”

Can intelligence and automation reduce the pressure on people?

“Working smarter with machine learning (ML) and artificial intelligence (AI) can address the challenges of staff recruitment and high workload burnout,” Allen says.

“ML and AI allow huge volumes of data to be continuously scanned for anomalous activity. Data models are created to enable precise searching of potentially huge data lakes to present results. Some things that could be out of the normal, it could indicate a threat.

“Decisions will be made based on thousands of elements, with a risk rating presented to the analyst. This analytical process can be built into products or performed as aggregated actions across multiple products,” he said. he declares.

“With the addition of automation, it’s possible to condense the amount of work analysts need to do to get the insights and context they need. The results have the potential to be highly effective.”

The expansion of IoT

“The Internet of Things, or IoT, is an object that contains software, sensors, and a connection to a network or the Internet. As you can imagine, this encompasses a wide range of technologies in the home and on the workplace,” says Allen.

“Almost everything you can buy in the consumer world now has internet connectivity. The connected world is upon us. For many, security by design is sorely lacking. Manufacturers are looking to mass produce at lowest possible cost of sale.As such, hardware and software are likely to be widespread, meaning that a single vulnerability can affect a wide range of products, including those that are completely unexpected.

“This has been highlighted in a series of published vulnerabilities and will continue to be an ongoing challenge in the commercial and public sectors, where organizational risk can be very easily introduced,” he said.

“Given this wide range of capabilities and the speed of development, IoT security standards and governance need to catch up to the vendor reality. Governance will be addressed in upcoming legislation.”

Common risks and vulnerabilities can be described as follows:

Based on inefficient software development practices and version controls. Poor design standards and quality can mean it’s easier for an attacker to compromise the device.
Lack of physical hardening.
Unsecured data storage and transmission
Due to the relatively low cost of many IoT devices, they are often unmanaged, untracked, and isolated.
With the potential volume of mass-produced and insecure IoT devices, malware can compromise huge volumes of devices to create botnets of infected assets.
Specific IoT security tools are available to first understand what devices exist in an organizational environment and then assess the risk these assets pose. Building on this and integrating the capability into a larger monitoring solution allows for a continuous view of threats.

Leave a Reply