Misconfiguration has been the most significant cloud risk for a couple of years now, accounting for up to 70% of all cloud security challenges. That shows no sign of changing in 2023 given the ongoing pace of cloud migrations, especially as network environments become more distributed and the hybrid workforce grows—opening the door to attacks and the misuse of cloud resources.
Misconfigurations occur because enterprise clouds are complex multi-vendor environments and IT teams seldom have time to get familiar with all the technologies. Creating upfront space for learning and testing can have big payoffs down the road.
For example, different cloud providers may have different restoration procedures for data backups. Giving IT the chance to test those procedures and internalize them means they’ll be prepared to act when company data has to be recovered in the wake of an incident.
Because of cloud complexity, automation is crucial. It’s not practical for teams to manually check the entire environment for correct configurations. Platform-based cloud-native software that can scan and verify settings without human intervention has the double benefit of relieving burden and catching errors in real time so they can be addressed.
Outdated network protocols, hardware, and firmware can all be sources of hidden vulnerabilities that create potential attack vectors for bad actors. At the same time, new applications that use open-source software are also prime targets—and will be throughout 2023. Now that most cloud-native projects depend in some way on open-source software that is subject to fewer vulnerability checks during development, malware and other weaknesses can easily end up embedded in cloud-based enterprise operations.
Technology companies—and legislators in some jurisdictions—are paying closer attention to the risks associated with open-source software. Up-to-date global threat intelligence is now considered vital. So are bug bounty programs designed to catch and patch flaws before they can be exploited, such as the one Google launched last year.
Enterprises can protect themselves with diligent software patching, virtual patching, open-source software security policies, and automated monitoring to defend against attacks. When it comes to supply chains, they will also want to adopt software bills of material (SBOMs) for their applications, which make it easy to pinpoint affected software versions and systems when security flaws are identified.
“These days, most software is to some extent made up of third-party code that is either commissioned specifically for a software product or an off-the shelf, pre-built component designed for a specific function. This could incentivize attackers to infiltrate popular resources… to pass off their malware as legitimate code.”
Hybrid and remote work are hallmarks of the expanding network perimeter. Last year, IBM and the Ponemon Institute determined that the more remote workers a business has, the more a data breach will cost: a company with an 81% remote workforce will pay roughly US$2.39 million more for a breach than a company with 50% remote workers.
Cybercriminals will continue to attack hybrid work structures in 2023, launching network-based worms and exploiting virtual private network (VPN) connections, which are still popular despite hundreds of known vulnerabilities. Business email compromise (BEC) attacks will also persist—on track to cause losses of US$2.8 billion by 2027.
A zero trust approach is the best way to protect data and assets in the context of an expanding—and evaporating—network perimeter, with a Secure Access Service Edge (SASE) architecture to consolidate security and network functions in distributed, cloud-oriented environments. Zero trust network access also solves the VPN problem by securely connecting authorized users only to specific applications or services, not the whole network.
On the BEC front, two-factor verification, stronger password hygiene combined with zero trust authentication can help lessen the threat of email scams.
“Unlike VPNs that provide highway access to the entire network, ZTNA allows authorized users a secure connection to a specific application or service only, preventing threat actors from moving freely across a network.”
Ransomware perpetrators will seek new ways of profiteering in 2023, from directly monetizing information like stolen critical data to setting their sights on the cloud. Up to now, ransomware has tended to be designed for on-premises environments, but with all the enterprise investment in cloud, it’s a logical new target—one whose defenses remain untested. Since no business is immune to the threat of ransomware, every enterprise, however large or small, needs a proactive approach to defending against these attacks.
Here again, the zero trust approach is a must, paired with regular backups, cultivating an organization-wide cybersecurity culture, and taking advantage of existing frameworks from organizations like the Center of Internet Security (CIS) and the National Institute of Standards and Technology (NIST). Also, look to shift left in detecting an attack earlier in the lifecycle that can help mitigate a later ransomware attack.
Another way to guard against ransomware, is to adopt a unified cybersecurity platform which can help security teams gain visibility of an attack across the network stack.
Organizations deploy an average of 46 individual security monitoring tools, overwhelming security teams with uncorrelated daily alerts and too many false positives, resulting in the very real risk of a genuine attack slipping through the cracks. The traditional security paradigm using a point model is not sustainable: the scope and complexity of today’s cyber threats demand a holistic approach to security, delivered by a unified cybersecurity platform.
The move toward a platform approach will be led by organizations actively seeking more visibility across their attack surfaces like distributed clouds, networks, assets, accounts, and systems. To be truly effective, a platform will need to combine security information and event management (SIEM) with extended detection and response (XDR), artificial intelligence and analytics to provide an integrated view of the entire IT/cloud environment and deeper, contextualized correlations of alerts.
Platforms can also support endpoint detection, network defense monitoring, and more—with automation for continuous, repetitive discovery, assessment, and mitigation. They even help defend against zero-day exploits by checking bug bounty programs.
BlogofInnovation.com
Early investment fund Native Capital is thrilled to announce the next Bitcoin Impact, an exclusive gathering set to ignite discourse…
The 13th edition of the Blockchain Life Forum, the premier gathering for cryptocurrency leaders worldwide, recently concluded with an astounding…
NEWTOWN, PA - (NewMediaWire) - November 01, 2024 - Forian Inc. (Nasdaq: FORA), a provider of data science driven information and analytics…
As the digital landscape rapidly evolves, Dappfort is excited to shed light on the transformative potential of Web3 technologies for…
NEW YORK, N.Y., Oct. 31, 2024 (SEND2PRESS NEWSWIRE) — HitPaw, a leading software company, is excited to announce the rebranding…
The Media Trade Firm Brings on Sean Moran as COO and Erin Keating as EVP, Media Operations, and Investment The Media…