Cyber crime has become a full-fledged underground economy centered around relentless cyberattacks. With ongoing advances and new developments in the cybersecurity world, Atakama’s CEO, Daniel H. Gallancy and the Company’s team of experts expect an interesting year ahead. They predict that shadow IoT, data exfiltration, and DevSecOps will be top security concerns next year.
“Cyberthreats will continue to proliferate in number and grow in sophistication throughout 2023. While basic security practices will prevent many breaches, organizations are going to need more advanced solutions to protect themselves from the devastating consequences of a successful attack,” commented Gallancy.
For more on Atakama’s 2023 cyber security outlook, let’s take a deeper look at its top five 2023 predictions.
IoT enters shadow IT systems, making a security an even bigger headache
Although IoT devices can be very valuablel, they also add risk to an environment. To date, device manufacturers have not made security a top priority. So it is not surprising that they are often deployed with weak or default credentials.
Making matters worse, IoT has proliferated within shadow IT systems, leaving already weakly protected cameras, microphones, and sensors well outside the control of organized security platforms. Even within a strong perimeter, a poorly configured IoT device is trouble. And the likelihood of an attack increases exponentially when the same poorly configured IoT device is within a shadow IT system.
Sophisticated ransomware attacks puts data exfiltration in the spotlight
The rising prevalence and increasing sophistication of attacks targeting sensitive data will continue to plague organizations throughout the coming year and beyond. Double extortion attacks pack an extra punch by encrypting sensitive and proprietary data, holding it for ransom, and publishing the data on the dark web unless organizations pay up.
These kinds of attacks will continue as long as cyber criminals find it relatively easy to breach organizations, and cash out. In response, organizations will need to look beyond conventional practices, and toward technologies that protect data at the source, such as multifactor encryption that makes files useless to threat-actors, regardless of whether they are inside the security perimeter or exfiltrated.
DevSecOps becomes a bigger security priority
Securing developer environments will become one of the most important aspects of achieving optimal security in 2023. We will continue to see elaborate cyberthreats targeting these complex infrastructures, like the SolarWinds attack, which continues to inspire malicious actors because application development is such a rich target. Inserting a few lines of malicious code can potentially open up thousands of entities in the supply chain of partners and customers.
Heightened DevSecOps practices in line with zero trust architectures and advanced encryption solutions will become more common as organizations realize these approaches are a critical business necessity.
People continue to be the weakest security link
Unfortunately, people will remain the main source of cybersecurity risk in any organization. Despite training, employees are still most likely to provide threat actors with an entry point through social engineering, phishing or lapses that include sharing of passwords and log-in credentials. The Verizon 2022 report found the “human element” was a “key driver” in 82 percent of data breaches.
Additionally, insider threats from corrupt employees will continue to be a serious concern. Threats from employees at partner organizations and third-party suppliers will require vigilance and increased implementation of zero trust strategies.
More pressure on the CISO
This year’s Uber data breach has convinced many in the C-suite that the CISO role carries significant ethical responsibilities. Cybersecurity, like many other professions, has a code of ethics that’s expected of its practitioners. Even so, the cybersecurity landscape is not always a level playing field and even the most ethical and highly technical cybersecurity teams cannot prevent the most determined attackers.
2023 is shaping up to be a more volatile year for CISOs as they deal with the pressures of maintaining a rigid security posture, while also managing accusations of blame when attacks happen. CISOs will need to fortify their professional Information Security degrees and certifications such as CISSP. It will be important for CISOs to constantly update their knowledge to keep up to date with new threats as well as new solutions.
Contact Atakama for more information on how it can help your organization stay protected.